b3433542361a92fee7c35339e42ed35682151e1cb7c94116f0259a19954b1f76

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
Size

196KB
MD5

638ebaf1bea8850ca9ada168c65de1c6
SHA1

1bbcefb36ffab914c5606d3c944e1c3a493a1d78
SHA256

b3433542361a92fee7c35339e42ed35682151e1cb7c94116f0259a19954b1f76
SHA512

ca7242c7dbf8d44b0371b5063f65652298d84e00bb684f4416eeef34249075d66a3b1651528c7d1acadbdf7e3e6ae930cab8e86b2e1691335782806c15d9c3dc
SSDEEP

3072:lPfoxhGuluhBNIyOZt6T5e2GsFEjyKItKJximQdHpTEOA3SNP8PA:x2GIy+6T57GsFEv3JAmahUOP8Y

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Processes:

reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

UAC bypass 3 TTPs 64 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Renames multiple (57) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AskkUIYk.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation	AskkUIYk.exe

Executes dropped EXE 2 IoCs

Processes:

AygsgEAk.exeAskkUIYk.exe

pid process

3032 AygsgEAk.exe
2744 AskkUIYk.exe

pid	process
3032	AygsgEAk.exe
2744	AskkUIYk.exe

Loads dropped DLL 20 IoCs

Processes:

2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exeAskkUIYk.exe

pid	process
2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exeAskkUIYk.exeAygsgEAk.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\AygsgEAk.exe = "C:\\Users\\Admin\\AwQscoAU\\AygsgEAk.exe"	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AskkUIYk.exe = "C:\\ProgramData\\kKowoQwU\\AskkUIYk.exe"	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AskkUIYk.exe = "C:\\ProgramData\\kKowoQwU\\AskkUIYk.exe"	AskkUIYk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\AygsgEAk.exe = "C:\\Users\\Admin\\AwQscoAU\\AygsgEAk.exe"	AygsgEAk.exe

Drops file in Windows directory 1 IoCs

Processes:

AskkUIYk.exe

description ioc process

File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico AskkUIYk.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico	AskkUIYk.exe

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

Processes:

pid	process
1572	reg.exe
2136	reg.exe
1660	reg.exe
1596	reg.exe
2792	reg.exe
1616	reg.exe
2116	reg.exe
2588	reg.exe
2612	reg.exe
2460	reg.exe
284	reg.exe
1856	reg.exe
1044	reg.exe
2856	reg.exe
600	reg.exe
1652	reg.exe
1736	reg.exe
1596	reg.exe
2552	reg.exe
2524	reg.exe
3028	reg.exe
1240	reg.exe
1600	reg.exe
2044	reg.exe
1888	reg.exe
1988	reg.exe
2936	reg.exe
1012	reg.exe
2504	reg.exe
708	reg.exe
1892	reg.exe
1996	reg.exe
2836	reg.exe
2752	reg.exe
2572	reg.exe
2120	reg.exe
1548	reg.exe
2548	reg.exe
2720	reg.exe
1184	reg.exe
2284	reg.exe
836	reg.exe
912	reg.exe
2584	reg.exe
1100	reg.exe
552	reg.exe
2548	reg.exe
1624	reg.exe
2116	reg.exe
2148	reg.exe
1728	reg.exe
3028	reg.exe
1052	reg.exe
832	reg.exe
828	reg.exe
2456	reg.exe
2636	reg.exe
2732	reg.exe
2816	reg.exe
2844	reg.exe
1668	reg.exe
2300	reg.exe
2624	reg.exe
2932	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe

pid	process
2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2816	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2816	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2704	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2704	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1716	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1716	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1680	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1680	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1280	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1280	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2708	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2708	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2336	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2336	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2808	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2808	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2524	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2524	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1244	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1244	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2536	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2536	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2600	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2600	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1996	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1996	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1780	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1780	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1884	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1884	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1928	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1928	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2980	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2980	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2720	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2720	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
380	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
380	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2032	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2032	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1172	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1172	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
488	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
488	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2604	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2604	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2832	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2832	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1068	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1068	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2092	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2092	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2848	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2848	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2212	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2212	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1756	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
1756	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2128	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
2128	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AskkUIYk.exe

pid process

2744 AskkUIYk.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

AskkUIYk.exe

pid	process
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe
2744	AskkUIYk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.execmd.execmd.exe2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.execmd.execmd.exe

description	pid	process	target process
PID 2240 wrote to memory of 3032	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	AygsgEAk.exe
PID 2240 wrote to memory of 3032	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	AygsgEAk.exe
PID 2240 wrote to memory of 3032	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	AygsgEAk.exe
PID 2240 wrote to memory of 3032	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	AygsgEAk.exe
PID 2240 wrote to memory of 2744	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	AskkUIYk.exe
PID 2240 wrote to memory of 2744	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	AskkUIYk.exe
PID 2240 wrote to memory of 2744	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	AskkUIYk.exe
PID 2240 wrote to memory of 2744	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	AskkUIYk.exe
PID 2240 wrote to memory of 2680	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 2240 wrote to memory of 2680	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 2240 wrote to memory of 2680	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 2240 wrote to memory of 2680	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 2680 wrote to memory of 3008	2680	cmd.exe	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
PID 2680 wrote to memory of 3008	2680	cmd.exe	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
PID 2680 wrote to memory of 3008	2680	cmd.exe	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
PID 2680 wrote to memory of 3008	2680	cmd.exe	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
PID 2240 wrote to memory of 2560	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 2240 wrote to memory of 2560	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 2240 wrote to memory of 2560	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 2240 wrote to memory of 2560	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 2240 wrote to memory of 2836	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 2240 wrote to memory of 2836	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 2240 wrote to memory of 2836	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 2240 wrote to memory of 2836	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 2240 wrote to memory of 2708	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 2240 wrote to memory of 2708	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 2240 wrote to memory of 2708	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 2240 wrote to memory of 2708	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 2240 wrote to memory of 2492	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 2240 wrote to memory of 2492	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 2240 wrote to memory of 2492	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 2240 wrote to memory of 2492	2240	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 2492 wrote to memory of 2520	2492	cmd.exe	cscript.exe
PID 2492 wrote to memory of 2520	2492	cmd.exe	cscript.exe
PID 2492 wrote to memory of 2520	2492	cmd.exe	cscript.exe
PID 2492 wrote to memory of 2520	2492	cmd.exe	cscript.exe
PID 3008 wrote to memory of 2788	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 3008 wrote to memory of 2788	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 3008 wrote to memory of 2788	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 3008 wrote to memory of 2788	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 2788 wrote to memory of 2816	2788	cmd.exe	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
PID 2788 wrote to memory of 2816	2788	cmd.exe	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
PID 2788 wrote to memory of 2816	2788	cmd.exe	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
PID 2788 wrote to memory of 2816	2788	cmd.exe	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
PID 3008 wrote to memory of 2932	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 3008 wrote to memory of 2932	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 3008 wrote to memory of 2932	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 3008 wrote to memory of 2932	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 3008 wrote to memory of 2964	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 3008 wrote to memory of 2964	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 3008 wrote to memory of 2964	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 3008 wrote to memory of 2964	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 3008 wrote to memory of 2148	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 3008 wrote to memory of 2148	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 3008 wrote to memory of 2148	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 3008 wrote to memory of 2148	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	reg.exe
PID 3008 wrote to memory of 2004	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 3008 wrote to memory of 2004	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 3008 wrote to memory of 2004	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 3008 wrote to memory of 2004	3008	2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe	cmd.exe
PID 2004 wrote to memory of 2348	2004	cmd.exe	cscript.exe
PID 2004 wrote to memory of 2348	2004	cmd.exe	cscript.exe
PID 2004 wrote to memory of 2348	2004	cmd.exe	cscript.exe
PID 2004 wrote to memory of 2348	2004	cmd.exe	cscript.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2240

C:\Users\Admin\AwQscoAU\AygsgEAk.exe
"C:\Users\Admin\AwQscoAU\AygsgEAk.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3032

C:\ProgramData\kKowoQwU\AskkUIYk.exe
"C:\ProgramData\kKowoQwU\AskkUIYk.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2744

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
2⤵
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3008

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
4⤵
- Suspicious use of WriteProcessMemory
PID:2788

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2816

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
6⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
7⤵
- Suspicious behavior: EnumeratesProcesses
PID:2704

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
8⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
9⤵
- Suspicious behavior: EnumeratesProcesses
PID:1716

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
10⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
11⤵
- Suspicious behavior: EnumeratesProcesses
PID:1680

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
12⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
13⤵
- Suspicious behavior: EnumeratesProcesses
PID:1280

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
14⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2708

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
16⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
17⤵
- Suspicious behavior: EnumeratesProcesses
PID:2336

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
18⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
19⤵
- Suspicious behavior: EnumeratesProcesses
PID:2808

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
20⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
21⤵
- Suspicious behavior: EnumeratesProcesses
PID:2524

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
22⤵
PID:1460

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1244

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
24⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
25⤵
- Suspicious behavior: EnumeratesProcesses
PID:2536

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
26⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
27⤵
- Suspicious behavior: EnumeratesProcesses
PID:2600

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
28⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
29⤵
- Suspicious behavior: EnumeratesProcesses
PID:1996

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
30⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
31⤵
- Suspicious behavior: EnumeratesProcesses
PID:1780

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
32⤵
PID:564

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1884

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
34⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
35⤵
- Suspicious behavior: EnumeratesProcesses
PID:1928

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
36⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
37⤵
- Suspicious behavior: EnumeratesProcesses
PID:2980

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
38⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
39⤵
- Suspicious behavior: EnumeratesProcesses
PID:2720

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
40⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
41⤵
- Suspicious behavior: EnumeratesProcesses
PID:380

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
42⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
43⤵
- Suspicious behavior: EnumeratesProcesses
PID:2032

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
44⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
45⤵
- Suspicious behavior: EnumeratesProcesses
PID:1172

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
46⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
47⤵
- Suspicious behavior: EnumeratesProcesses
PID:488

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
48⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
49⤵
- Suspicious behavior: EnumeratesProcesses
PID:2604

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
50⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
51⤵
- Suspicious behavior: EnumeratesProcesses
PID:2832

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
52⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
53⤵
- Suspicious behavior: EnumeratesProcesses
PID:1068

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
54⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
55⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
56⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
57⤵
- Suspicious behavior: EnumeratesProcesses
PID:2848

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
58⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
59⤵
- Suspicious behavior: EnumeratesProcesses
PID:2212

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
60⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
61⤵
- Suspicious behavior: EnumeratesProcesses
PID:1756

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
62⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
63⤵
- Suspicious behavior: EnumeratesProcesses
PID:2128

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
64⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
65⤵
PID:2464

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
66⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
67⤵
PID:872

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
68⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
69⤵
PID:2040

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
70⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
71⤵
PID:1720

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
72⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
73⤵
PID:1848

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
74⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
75⤵
PID:2456

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
76⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
77⤵
PID:2600

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
78⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
79⤵
PID:1448

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
80⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
81⤵
PID:1792

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
82⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
83⤵
PID:324

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
84⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
85⤵
PID:1244

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
86⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
87⤵
PID:2772

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
88⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
89⤵
PID:2708

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
90⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
91⤵
PID:1072

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
92⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
93⤵
PID:1052

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
94⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
95⤵
PID:1500

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
96⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
97⤵
PID:1464

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
98⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
99⤵
PID:1892

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
100⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
101⤵
PID:2688

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
102⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
103⤵
PID:1680

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
104⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
105⤵
PID:1988

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
106⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
107⤵
PID:1504

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
108⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
109⤵
PID:1880

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
110⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
111⤵
PID:1044

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
112⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
113⤵
PID:2816

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
114⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
115⤵
PID:1240

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
116⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
117⤵
PID:2132

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
118⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
119⤵
PID:452

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
120⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
121⤵
PID:1896

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
122⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
123⤵
PID:2580

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
124⤵
PID:564

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
125⤵
PID:2712

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
126⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
127⤵
PID:2556

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
128⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
129⤵
PID:768

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
130⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
131⤵
PID:2720

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
132⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
133⤵
PID:1056

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
134⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
135⤵
PID:2864

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
136⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
137⤵
PID:1068

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
138⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
139⤵
PID:1828

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
140⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
141⤵
PID:1124

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
142⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
143⤵
PID:320

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
144⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
145⤵
PID:2720

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
146⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
147⤵
PID:1572

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
148⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
149⤵
PID:2816

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
150⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
151⤵
PID:1580

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
152⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
153⤵
PID:2240

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
154⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
155⤵
PID:2460

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
156⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
157⤵
PID:2688

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
158⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
159⤵
PID:1848

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
160⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
161⤵
PID:1676

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
162⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
163⤵
PID:2216

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
164⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
165⤵
PID:2720

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
166⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
167⤵
PID:2136

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
168⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
169⤵
PID:1820

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
170⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
171⤵
PID:2656

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
172⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
173⤵
PID:3028

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
174⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
175⤵
PID:1084

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
176⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
177⤵
PID:2724

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
178⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
179⤵
PID:2344

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
180⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
181⤵
PID:2256

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
182⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
183⤵
PID:1920

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
184⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
185⤵
PID:864

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
186⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
187⤵
PID:412

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
188⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
189⤵
PID:2612

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
190⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
191⤵
PID:644

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
192⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
193⤵
PID:2216

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
194⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
195⤵
PID:2660

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
196⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
197⤵
PID:2072

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
198⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
199⤵
PID:1448

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
200⤵
PID:1100

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
201⤵
PID:2320

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
202⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
203⤵
PID:1348

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
204⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
205⤵
PID:2808

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
206⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
207⤵
PID:2080

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
208⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
209⤵
PID:2964

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
210⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
211⤵
PID:1772

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
212⤵
PID:488

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
213⤵
PID:1348

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
214⤵
PID:384

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
215⤵
PID:2800

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
216⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
217⤵
PID:1648

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
218⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
219⤵
PID:804

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
220⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
221⤵
PID:1692

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
222⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
223⤵
PID:1324

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
224⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
225⤵
PID:2564

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
226⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
227⤵
PID:1828

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
228⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
229⤵
PID:2800

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
230⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
231⤵
PID:2300

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
232⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
233⤵
PID:1056

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
234⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
235⤵
PID:2816

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
236⤵
PID:712

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
237⤵
PID:624

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
238⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
239⤵
PID:1896

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
240⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
241⤵
PID:2212

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
242⤵
PID:652

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
243⤵
PID:1280

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
244⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
245⤵
PID:1644

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
246⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
247⤵
PID:1244

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
248⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
249⤵
PID:1848

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
250⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
251⤵
PID:2260

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
252⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
253⤵
PID:3052

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
254⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
255⤵
PID:2116

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
256⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
257⤵
PID:1184

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
258⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
259⤵
PID:1268

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
260⤵
PID:864

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
261⤵
PID:908

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
262⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
263⤵
PID:2596

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
264⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
265⤵
PID:2932

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
266⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
267⤵
PID:2756

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
268⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
269⤵
PID:936

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
270⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
271⤵
PID:1780

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
272⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
273⤵
PID:1800

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
274⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
275⤵
PID:2808

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock"
276⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
277⤵
PID:2112

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
278⤵
- Modifies visibility of file extensions in Explorer
PID:1996

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
278⤵
PID:1768

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
278⤵
- UAC bypass
- Modifies registry key
PID:1624

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
276⤵
PID:756

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
276⤵
PID:1728

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
276⤵
PID:2240

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oycskIgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
276⤵
PID:2496

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
277⤵
PID:1688

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
274⤵
- Modifies visibility of file extensions in Explorer
PID:2136

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
274⤵
PID:1880

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
274⤵
- UAC bypass
PID:376

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nksUcUwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
274⤵
PID:1616

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
275⤵
PID:1904

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
272⤵
- Modifies visibility of file extensions in Explorer
PID:828

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
272⤵
PID:2696

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
272⤵
PID:1552

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zqgYgYAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
272⤵
PID:1772

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
273⤵
PID:2908

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
270⤵
- Modifies visibility of file extensions in Explorer
PID:1548

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
270⤵
PID:1184

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
270⤵
PID:1920

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\emMAEcgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
270⤵
PID:2560

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
271⤵
PID:1932

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
268⤵
PID:1280

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
268⤵
- Modifies registry key
PID:2116

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
268⤵
- UAC bypass
PID:2484

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MksQgQYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
268⤵
PID:2504

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
269⤵
PID:1808

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
266⤵
- Modifies visibility of file extensions in Explorer
PID:2288

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
266⤵
- Modifies registry key
PID:2548

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
266⤵
- Modifies registry key
PID:2624

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oEAkowkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
266⤵
PID:2068

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
267⤵
PID:380

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
264⤵
- Modifies registry key
PID:2856

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
264⤵
PID:2368

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
264⤵
PID:872

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wWUcQAck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
264⤵
PID:980

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
265⤵
PID:1656

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
262⤵
- Modifies visibility of file extensions in Explorer
PID:1616

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
262⤵
PID:1448

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
262⤵
- UAC bypass
PID:2808

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vAMUoIIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
262⤵
PID:2840

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
263⤵
PID:1708

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
260⤵
PID:1348

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
260⤵
PID:2664

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
260⤵
PID:288

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fkkgAUgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
260⤵
PID:2604

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
261⤵
PID:108

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
258⤵
PID:2620

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
258⤵
- Modifies registry key
PID:2844

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
258⤵
- UAC bypass
PID:2652

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FykocsME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
258⤵
PID:1744

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
259⤵
PID:2988

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
256⤵
- Modifies registry key
PID:2836

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
256⤵
- Modifies registry key
PID:2300

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
256⤵
PID:2732

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nCYsksgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
256⤵
PID:3000

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
257⤵
PID:2464

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
254⤵
PID:2476

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
254⤵
PID:2556

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
254⤵
- UAC bypass
PID:2212

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OEUkAcUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
254⤵
PID:1792

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
255⤵
PID:2276

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
252⤵
PID:1728

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
252⤵
PID:2496

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
252⤵
PID:1704

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iQAwkcEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
252⤵
PID:1768

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
253⤵
PID:2480

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
250⤵
- Modifies visibility of file extensions in Explorer
PID:412

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
250⤵
PID:2436

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
250⤵
- UAC bypass
PID:1708

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gSoMcIsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
250⤵
PID:600

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
251⤵
PID:1524

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
248⤵
- Modifies visibility of file extensions in Explorer
PID:924

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
248⤵
- Modifies registry key
PID:552

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
248⤵
- Modifies registry key
PID:2816

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YOEsUsgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
248⤵
PID:2272

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
249⤵
PID:1900

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
246⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1548

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
246⤵
- Modifies registry key
PID:2524

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
246⤵
- UAC bypass
PID:2936

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nAoEQQcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
246⤵
PID:904

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
247⤵
PID:2780

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
244⤵
PID:1336

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
244⤵
PID:1516

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
244⤵
PID:1528

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZWEcQoUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
244⤵
PID:2632

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
245⤵
PID:2088

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
242⤵
PID:2440

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
242⤵
PID:1196

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
242⤵
PID:2324

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PwIQYMoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
242⤵
PID:2900

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
243⤵
PID:2028

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
240⤵
- Modifies visibility of file extensions in Explorer
PID:2572

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
240⤵
PID:608

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
240⤵
PID:2592

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RkYEIgws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
240⤵
PID:1124

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
241⤵
PID:2960

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
238⤵
PID:2200

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
238⤵
PID:2672

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
238⤵
- Modifies registry key
PID:2552

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WkwcQQsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
238⤵
PID:3052

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
239⤵
PID:1676

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
236⤵
PID:2656

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
236⤵
PID:2640

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
236⤵
PID:1172

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eWwUEgsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
236⤵
PID:1684

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
237⤵
PID:2676

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
234⤵
- Modifies visibility of file extensions in Explorer
PID:1692

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
234⤵
PID:1924

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
234⤵
PID:1744

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mQUMQwgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
234⤵
PID:836

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
235⤵
PID:1580

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
232⤵
- Modifies visibility of file extensions in Explorer
PID:804

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
232⤵
PID:3000

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
232⤵
- UAC bypass
- Modifies registry key
PID:2460

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IcMQwsYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
232⤵
PID:1652

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
233⤵
PID:2852

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
230⤵
- Modifies registry key
PID:1888

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
230⤵
- Modifies registry key
PID:1988

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
230⤵
- Modifies registry key
PID:2148

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gCwwogIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
230⤵
PID:824

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
231⤵
PID:2348

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
228⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1996

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
228⤵
PID:2320

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
228⤵
PID:1844

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tMUksIYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
228⤵
PID:692

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
229⤵
PID:2644

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
226⤵
- Modifies visibility of file extensions in Explorer
PID:3052

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
226⤵
PID:1676

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
226⤵
- Modifies registry key
PID:2120

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bWEosssg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
226⤵
PID:1636

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
227⤵
PID:1904

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
224⤵
- Modifies visibility of file extensions in Explorer
PID:2216

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
224⤵
PID:2696

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
224⤵
- UAC bypass
PID:1240

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lmssoIMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
224⤵
PID:1712

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
225⤵
PID:1876

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
222⤵
- Modifies visibility of file extensions in Explorer
PID:836

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
222⤵
PID:1300

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
222⤵
- UAC bypass
PID:2524

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EOkgsoco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
222⤵
PID:1580

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
223⤵
PID:864

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
220⤵
PID:3012

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
220⤵
PID:1528

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
220⤵
- UAC bypass
PID:1724

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cYsUgosY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
220⤵
PID:3008

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
221⤵
PID:276

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
218⤵
- Modifies visibility of file extensions in Explorer
PID:2724

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
218⤵
PID:2892

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
218⤵
PID:824

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UKAgQEUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
218⤵
PID:380

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
219⤵
PID:768

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
216⤵
- Modifies visibility of file extensions in Explorer
PID:1984

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
216⤵
PID:976

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
216⤵
PID:2608

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\imccoMwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
216⤵
PID:1624

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
217⤵
PID:320

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
214⤵
- Modifies visibility of file extensions in Explorer
PID:2812

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
214⤵
PID:1732

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
214⤵
PID:2372

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dmoMoQoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
214⤵
PID:2864

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
215⤵
PID:2992

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
212⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1052

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
212⤵
PID:1464

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
212⤵
- UAC bypass
PID:856

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rQscMEss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
212⤵
PID:1636

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
213⤵
PID:2736

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
210⤵
PID:2116

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
210⤵
PID:2476

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
210⤵
- UAC bypass
PID:380

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fsAcIwYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
210⤵
PID:1516

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
211⤵
PID:1824

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
208⤵
PID:1904

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
208⤵
PID:2256

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
208⤵
- UAC bypass
PID:1556

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tYoYAgAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
208⤵
PID:976

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
209⤵
PID:1984

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
206⤵
PID:2704

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
206⤵
PID:2520

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
206⤵
- UAC bypass
- Modifies registry key
PID:2044

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mGUIwwwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
206⤵
PID:884

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
207⤵
PID:3004

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
204⤵
- Modifies registry key
PID:1012

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
204⤵
PID:1744

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
204⤵
PID:1652

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QQgkQoYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
204⤵
PID:1700

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
205⤵
PID:2936

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
202⤵
- Modifies visibility of file extensions in Explorer
PID:2788

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
202⤵
PID:980

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
202⤵
- UAC bypass
PID:2588

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ugwgsQAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
202⤵
PID:2132

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
203⤵
PID:2836

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
200⤵
- Modifies visibility of file extensions in Explorer
PID:412

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
200⤵
PID:2444

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
200⤵
- UAC bypass
PID:2864

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\seYEwMkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
200⤵
PID:2424

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
201⤵
PID:2128

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
198⤵
PID:2936

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
198⤵
PID:2796

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
198⤵
PID:1228

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fyswYAMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
198⤵
PID:2196

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
199⤵
PID:1880

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
196⤵
PID:1592

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
196⤵
- Modifies registry key
PID:1596

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
196⤵
- UAC bypass
PID:2352

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NMcocEgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
196⤵
PID:1264

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
197⤵
PID:2656

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
194⤵
PID:552

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
194⤵
- Modifies registry key
PID:2548

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
194⤵
PID:1684

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JiMsQoEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
194⤵
PID:1452

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
195⤵
PID:2600

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
192⤵
PID:1368

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
192⤵
PID:276

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
192⤵
- UAC bypass
PID:1636

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gYMkkQcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
192⤵
PID:864

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
193⤵
PID:288

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
190⤵
- Modifies visibility of file extensions in Explorer
PID:2456

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
190⤵
PID:320

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
190⤵
PID:1540

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\akEccAQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
190⤵
PID:2732

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
191⤵
PID:2892

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
188⤵
PID:884

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
188⤵
PID:1048

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
188⤵
- UAC bypass
PID:2992

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MwsYskgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
188⤵
PID:2776

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
189⤵
PID:2492

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
186⤵
- Modifies visibility of file extensions in Explorer
PID:1532

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
186⤵
- Modifies registry key
PID:836

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
186⤵
PID:288

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mCcUgcEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
186⤵
PID:1100

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
187⤵
PID:2988

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
184⤵
PID:1076

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
184⤵
PID:2932

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
184⤵
- UAC bypass
PID:2812

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yuEQEoQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
184⤵
PID:2648

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
185⤵
PID:972

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
182⤵
- Modifies visibility of file extensions in Explorer
PID:2496

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
182⤵
PID:2748

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
182⤵
- UAC bypass
PID:1348

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NKIMcAQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
182⤵
PID:1184

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
183⤵
PID:2204

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
180⤵
PID:2036

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
180⤵
PID:2660

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
180⤵
PID:1624

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FKgMgUgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
180⤵
PID:2764

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
181⤵
PID:1452

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
178⤵
- Modifies visibility of file extensions in Explorer
PID:1824

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
178⤵
PID:2056

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
178⤵
PID:2028

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hgoMAwks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
178⤵
PID:2936

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
179⤵
PID:2032

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
176⤵
PID:1348

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
176⤵
PID:2380

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
176⤵
- UAC bypass
PID:2116

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BqokAYUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
176⤵
PID:1640

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
177⤵
PID:2892

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
174⤵
- Modifies visibility of file extensions in Explorer
PID:2764

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
174⤵
PID:2612

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
174⤵
PID:2664

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QmgQQcko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
174⤵
PID:1720

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
175⤵
PID:2496

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
172⤵
PID:2088

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
172⤵
PID:1924

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
172⤵
- Modifies registry key
PID:1600

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iYQsgsMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
172⤵
PID:3064

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
173⤵
PID:1876

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
170⤵
PID:1124

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
170⤵
- Modifies registry key
PID:1616

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
170⤵
PID:1824

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\siAIYQAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
170⤵
PID:2068

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
171⤵
PID:1776

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
168⤵
- Modifies visibility of file extensions in Explorer
PID:1312

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
168⤵
PID:1348

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
168⤵
- UAC bypass
PID:2456

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EwQkUwcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
168⤵
PID:2768

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
169⤵
PID:2892

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
166⤵
- Modifies registry key
PID:2792

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
166⤵
PID:2464

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
166⤵
- UAC bypass
PID:2588

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ROcogAgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
166⤵
PID:936

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
167⤵
PID:1040

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
164⤵
PID:864

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
164⤵
PID:1264

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
164⤵
PID:3024

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rQwwYAUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
164⤵
PID:572

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
165⤵
PID:1508

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
162⤵
- Modifies visibility of file extensions in Explorer
PID:2344

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
162⤵
PID:2544

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
162⤵
PID:1596

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lIAoIcEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
162⤵
PID:2416

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
163⤵
PID:808

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
160⤵
PID:1076

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
160⤵
- Modifies registry key
PID:2732

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
160⤵
- UAC bypass
PID:1820

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HYAUEQQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
160⤵
PID:2200

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
161⤵
PID:1556

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
158⤵
PID:2196

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
158⤵
- Modifies registry key
PID:2588

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
158⤵
PID:1460

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fGgMoQAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
158⤵
PID:2412

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
159⤵
PID:2080

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
156⤵
- Modifies visibility of file extensions in Explorer
PID:2040

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
156⤵
PID:804

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
156⤵
PID:3064

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cSYIkYcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
156⤵
PID:2712

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
157⤵
PID:2348

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
154⤵
- Modifies registry key
PID:2284

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
154⤵
- Modifies registry key
PID:2636

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
154⤵
PID:2724

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kysYIQkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
154⤵
PID:1124

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
155⤵
PID:2964

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
152⤵
- Modifies visibility of file extensions in Explorer
PID:2320

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
152⤵
PID:2552

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
152⤵
PID:1076

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IgEEkEQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
152⤵
PID:2616

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
153⤵
PID:1312

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
150⤵
- Modifies visibility of file extensions in Explorer
PID:2664

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
150⤵
PID:2988

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
150⤵
- Modifies registry key
PID:2612

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AYEcwQQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
150⤵
PID:2668

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
151⤵
PID:1324

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
148⤵
PID:3008

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
148⤵
PID:1128

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
148⤵
PID:1504

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nCwYYkQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
148⤵
PID:2372

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
149⤵
PID:2432

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
146⤵
PID:976

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
146⤵
- Modifies registry key
PID:1660

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
146⤵
PID:2848

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZCYQgAEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
146⤵
PID:1980

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
147⤵
PID:1600

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
144⤵
- Modifies visibility of file extensions in Explorer
PID:652

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
144⤵
PID:2480

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
144⤵
- UAC bypass
PID:1112

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BMUIoksg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
144⤵
PID:1988

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
145⤵
PID:2804

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
142⤵
- Modifies registry key
PID:1184

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
142⤵
PID:2472

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
142⤵
PID:2452

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hQgIMUss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
142⤵
PID:2052

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
143⤵
PID:1604

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
140⤵
PID:592

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
140⤵
PID:2992

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
140⤵
- UAC bypass
- Modifies registry key
PID:1240

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xcIsQkwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
140⤵
PID:2460

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
141⤵
PID:1708

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
138⤵
- Modifies registry key
PID:2572

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
138⤵
PID:2776

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
138⤵
- UAC bypass
PID:1908

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GiskQUkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
138⤵
PID:2552

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
139⤵
PID:2320

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
136⤵
PID:2388

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
136⤵
PID:1652

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
136⤵
- UAC bypass
PID:1464

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OuYIIkgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
136⤵
PID:324

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
137⤵
PID:2664

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
134⤵
- Modifies visibility of file extensions in Explorer
PID:2036

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
134⤵
PID:1532

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
134⤵
PID:1336

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ecAcYYoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
134⤵
PID:604

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
135⤵
PID:1876

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
132⤵
PID:804

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
132⤵
PID:708

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
132⤵
PID:2300

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eaIMAgkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
132⤵
PID:1644

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
133⤵
PID:2632

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
130⤵
PID:2600

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
130⤵
PID:1604

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
130⤵
PID:2932

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BwkgQEsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
130⤵
PID:2112

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
131⤵
PID:2212

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
128⤵
- Modifies visibility of file extensions in Explorer
PID:1076

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
128⤵
PID:1896

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
128⤵
PID:2260

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xIcgIIAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
128⤵
PID:2904

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
129⤵
PID:2472

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
126⤵
- Modifies visibility of file extensions in Explorer
PID:284

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
126⤵
PID:2840

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
126⤵
- Modifies registry key
PID:2136

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bIYIkMwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
126⤵
PID:824

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
127⤵
PID:1740

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
124⤵
PID:2076

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
124⤵
- Modifies registry key
PID:3028

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
124⤵
- UAC bypass
PID:780

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zCkwEYkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
124⤵
PID:2836

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
125⤵
PID:1888

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
122⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1892

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
122⤵
PID:1904

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
122⤵
- UAC bypass
PID:2320

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XsYEsocI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
122⤵
PID:2104

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
123⤵
PID:1184

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
120⤵
PID:1100

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
120⤵
PID:1580

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
120⤵
- UAC bypass
PID:1808

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yCgkkMkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
120⤵
PID:2672

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
121⤵
PID:2640

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
118⤵
- Modifies registry key
PID:1044

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
118⤵
PID:2884

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
118⤵
- UAC bypass
- Modifies registry key
PID:1596

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qqwMAwoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
118⤵
PID:1636

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
119⤵
PID:3064

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
116⤵
- Modifies visibility of file extensions in Explorer
PID:564

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
116⤵
PID:1700

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
116⤵
PID:2800

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eQkUwQAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
116⤵
PID:2416

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
117⤵
PID:1888

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
114⤵
PID:2520

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
114⤵
PID:552

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
114⤵
- UAC bypass
PID:1172

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\usIkIEkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
114⤵
PID:3036

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
115⤵
PID:2856

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
112⤵
- Modifies registry key
PID:1668

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
112⤵
- Modifies registry key
PID:2752

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
112⤵
- UAC bypass
- Modifies registry key
PID:708

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OQQwkgcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
112⤵
PID:2056

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
113⤵
PID:2556

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
110⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2456

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
110⤵
PID:2772

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
110⤵
- UAC bypass
PID:2892

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZesgUIcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
110⤵
PID:2608

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
111⤵
PID:2308

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
108⤵
PID:2888

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
108⤵
PID:276

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
108⤵
PID:2044

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XOQMgAYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
108⤵
PID:2644

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
109⤵
PID:3044

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
106⤵
PID:2544

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
106⤵
- Modifies registry key
PID:1572

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
106⤵
PID:580

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pAMkcowA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
106⤵
PID:2352

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
107⤵
PID:2424

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
104⤵
- Modifies visibility of file extensions in Explorer
PID:1600

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
104⤵
PID:2836

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
104⤵
PID:2168

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vOkEocAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
104⤵
PID:2340

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
105⤵
PID:1688

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
102⤵
- Modifies visibility of file extensions in Explorer
PID:1888

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
102⤵
PID:3028

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
102⤵
- UAC bypass
PID:1976

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZaUwkcUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
102⤵
PID:2676

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
103⤵
PID:2392

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
100⤵
- Modifies visibility of file extensions in Explorer
PID:1076

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
100⤵
PID:2132

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
100⤵
- UAC bypass
PID:2720

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YqMUUMsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
100⤵
PID:2008

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
101⤵
PID:1452

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
98⤵
PID:3044

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
98⤵
PID:2988

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
98⤵
- UAC bypass
PID:936

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aSYwEgsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
98⤵
PID:1772

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
99⤵
PID:2580

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
96⤵
- Modifies visibility of file extensions in Explorer
PID:1628

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
96⤵
PID:1524

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
96⤵
PID:3020

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KcYMQcoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
96⤵
PID:324

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
97⤵
PID:3036

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
94⤵
PID:1644

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
94⤵
PID:1824

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
94⤵
- UAC bypass
- Modifies registry key
PID:1100

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EYYYAsEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
94⤵
PID:1324

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
95⤵
PID:1768

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
92⤵
- Modifies visibility of file extensions in Explorer
PID:2808

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
92⤵
PID:2696

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
92⤵
PID:3064

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HIEgsMMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
92⤵
PID:2544

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
93⤵
PID:692

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
90⤵
- Modifies visibility of file extensions in Explorer
PID:2844

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
90⤵
PID:2392

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
90⤵
- UAC bypass
- Modifies registry key
PID:2932

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VmkIcccY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
90⤵
PID:3008

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
91⤵
PID:1600

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
88⤵
- Modifies visibility of file extensions in Explorer
PID:2724

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
88⤵
PID:2568

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
88⤵
PID:1184

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NUIUsEAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
88⤵
PID:2616

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
89⤵
PID:2076

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
86⤵
- Modifies visibility of file extensions in Explorer
PID:2612

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
86⤵
PID:1036

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
86⤵
PID:2344

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jYAIssEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
86⤵
PID:2476

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
87⤵
PID:3016

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
84⤵
PID:1716

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
84⤵
PID:2224

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
84⤵
PID:2412

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HEcYscog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
84⤵
PID:2960

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
85⤵
PID:2776

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
82⤵
- Modifies visibility of file extensions in Explorer
PID:856

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
82⤵
PID:2388

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
82⤵
- UAC bypass
- Modifies registry key
PID:2116

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qyYAIwQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
82⤵
PID:1524

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
83⤵
PID:1336

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
80⤵
PID:1504

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
80⤵
PID:1552

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
80⤵
- UAC bypass
PID:540

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UKUckEII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
80⤵
PID:2260

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
81⤵
PID:2900

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
78⤵
PID:2308

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
78⤵
PID:2200

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
78⤵
PID:1600

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WgwYkMMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
78⤵
PID:580

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
79⤵
PID:832

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
76⤵
- Modifies visibility of file extensions in Explorer
PID:2892

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
76⤵
PID:2492

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
76⤵
- Modifies registry key
PID:3028

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\moIgwkoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
76⤵
PID:2468

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
77⤵
PID:1700

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
74⤵
PID:3052

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
74⤵
PID:2320

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
74⤵
PID:3016

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lwIIIIEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
74⤵
PID:2676

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
75⤵
PID:2736

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
72⤵
PID:2088

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
72⤵
PID:1048

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
72⤵
- UAC bypass
PID:1928

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FYAUgYUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
72⤵
PID:1036

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
73⤵
PID:2612

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
70⤵
- Modifies visibility of file extensions in Explorer
PID:932

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
70⤵
PID:1768

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
70⤵
PID:2820

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pIAEgQow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
70⤵
PID:2224

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
71⤵
PID:1716

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
68⤵
- Modifies visibility of file extensions in Explorer
PID:1572

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
68⤵
PID:2092

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
68⤵
- Modifies registry key
PID:1736

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bSMUowQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
68⤵
PID:1228

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
69⤵
PID:412

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
66⤵
PID:2144

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
66⤵
PID:1708

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
66⤵
PID:2556

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eKIAksos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
66⤵
PID:2444

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
67⤵
PID:2808

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
64⤵
- Modifies visibility of file extensions in Explorer
PID:2416

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
64⤵
PID:2340

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
64⤵
PID:2012

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\coEQkssA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
64⤵
PID:2836

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
65⤵
PID:2712

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
62⤵
- Modifies visibility of file extensions in Explorer
PID:2604

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
62⤵
PID:2580

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
62⤵
- UAC bypass
PID:1596

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MesossIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
62⤵
PID:2780

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
63⤵
PID:2892

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
60⤵
PID:3000

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
60⤵
PID:1036

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
60⤵
- UAC bypass
PID:572

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\McsMswwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
60⤵
PID:1884

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
61⤵
PID:3016

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
58⤵
PID:972

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
58⤵
PID:2224

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
58⤵
PID:2944

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eEsAIcoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
58⤵
PID:3036

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
59⤵
PID:2088

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
56⤵
PID:2544

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
56⤵
PID:804

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
56⤵
- UAC bypass
PID:608

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PSsIMccU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
56⤵
PID:412

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
57⤵
PID:1676

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
54⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1856

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
54⤵
PID:2792

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
54⤵
- Modifies registry key
PID:1728

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RMgoswwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
54⤵
PID:2716

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
55⤵
PID:2808

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
52⤵
PID:2592

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
52⤵
PID:2668

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
52⤵
- UAC bypass
- Modifies registry key
PID:2720

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZSIoUsIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
52⤵
PID:2904

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
53⤵
PID:2004

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
50⤵
- Modifies visibility of file extensions in Explorer
PID:1632

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
50⤵
PID:3024

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
50⤵
- UAC bypass
PID:1816

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vyIIUAkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
50⤵
PID:1360

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
51⤵
PID:3008

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
48⤵
PID:2572

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
48⤵
- Modifies registry key
PID:2584

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
48⤵
- UAC bypass
PID:2332

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xSoIwwkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
48⤵
PID:2988

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
49⤵
PID:1680

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
46⤵
PID:1640

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
46⤵
PID:2324

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
46⤵
- UAC bypass
- Modifies registry key
PID:912

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kYkQcoUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
46⤵
PID:1540

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
47⤵
PID:1048

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
44⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:828

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
44⤵
PID:1196

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
44⤵
- UAC bypass
PID:1676

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OqogwcEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
44⤵
PID:1380

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
45⤵
PID:2960

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
42⤵
PID:1996

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
42⤵
- Modifies registry key
PID:832

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
42⤵
- UAC bypass
- Modifies registry key
PID:1652

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WAgEAcYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
42⤵
PID:2044

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
43⤵
PID:804

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
40⤵
PID:1820

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
40⤵
PID:2936

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
40⤵
- UAC bypass
PID:2964

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oAQEcAkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
40⤵
PID:2792

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
41⤵
PID:1856

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
38⤵
PID:2496

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
38⤵
PID:2468

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
38⤵
PID:2472

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pqsogQws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
38⤵
PID:2768

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
39⤵
PID:2632

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
36⤵
PID:1932

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
36⤵
PID:884

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
36⤵
- UAC bypass
PID:2128

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VAYssUoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
36⤵
PID:2616

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
37⤵
PID:2480

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
34⤵
PID:2704

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
34⤵
PID:2412

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
34⤵
PID:2896

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HsMckgAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
34⤵
PID:1936

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
35⤵
PID:1848

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
32⤵
- Modifies visibility of file extensions in Explorer
PID:1800

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
32⤵
PID:540

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
32⤵
- Modifies registry key
PID:600

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZWAEIQIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
32⤵
PID:1124

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
33⤵
PID:2840

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
30⤵
- Modifies registry key
PID:2504

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
30⤵
PID:3064

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
30⤵
- UAC bypass
PID:2044

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NAMosEsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
30⤵
PID:580

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
31⤵
PID:2636

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
28⤵
PID:2000

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
28⤵
PID:864

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
28⤵
PID:2964

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MYIIcQEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
28⤵
PID:1072

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
29⤵
PID:1572

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
26⤵
- Modifies visibility of file extensions in Explorer
PID:3052

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
26⤵
PID:2168

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
26⤵
PID:2556

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YYkIgIYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
26⤵
PID:2632

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
27⤵
PID:2656

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
24⤵
PID:2612

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
24⤵
PID:2320

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
24⤵
PID:3020

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kCYEkEYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
24⤵
PID:2976

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
25⤵
PID:2732

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
22⤵
- Modifies visibility of file extensions in Explorer
PID:2332

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
22⤵
PID:1984

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
22⤵
PID:1036

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kaAowcMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
22⤵
PID:2820

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
23⤵
PID:1916

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
20⤵
- Modifies visibility of file extensions in Explorer
PID:600

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
20⤵
PID:1172

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
20⤵
- UAC bypass
PID:1196

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IcUMoIcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
20⤵
PID:324

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
21⤵
PID:2428

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
18⤵
PID:1336

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
18⤵
PID:1668

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
18⤵
- UAC bypass
PID:2056

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BkwAQwgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
18⤵
PID:2292

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
19⤵
PID:2052

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
16⤵
- Modifies visibility of file extensions in Explorer
PID:3028

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
16⤵
PID:2000

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
16⤵
- Modifies registry key
PID:2936

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VGwggIYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
16⤵
PID:780

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
17⤵
PID:2012

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
14⤵
- Modifies visibility of file extensions in Explorer
PID:2720

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
14⤵
PID:2832

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
14⤵
- UAC bypass
PID:2712

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vmococEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
14⤵
PID:2452

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
15⤵
PID:2780

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
12⤵
PID:1596

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
12⤵
PID:1628

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
12⤵
- UAC bypass
PID:2980

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dkEkoAsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
12⤵
PID:2084

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
13⤵
PID:2580

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
10⤵
PID:2540

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
10⤵
PID:2856

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
10⤵
- Modifies registry key
PID:284

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ucIQAcYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
10⤵
PID:1768

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
11⤵
PID:2388

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
8⤵
PID:692

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
8⤵
PID:488

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
8⤵
PID:1196

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QoIEcAYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
8⤵
PID:1128

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
9⤵
PID:1368

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
6⤵
PID:1724

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
6⤵
PID:1660

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
6⤵
PID:1652

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cqkEksYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
6⤵
PID:1548

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
7⤵
PID:2860

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
4⤵
- Modifies visibility of file extensions in Explorer
PID:2932

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
4⤵
PID:2964

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
4⤵
- UAC bypass
PID:2148

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eSgUQYww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
4⤵
- Suspicious use of WriteProcessMemory
PID:2004

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
5⤵
PID:2348

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
2⤵
- Modifies visibility of file extensions in Explorer
PID:2560

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
2⤵
PID:2836

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
2⤵
- UAC bypass
PID:2708

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PUkwEsYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock.exe""
2⤵
- Suspicious use of WriteProcessMemory
PID:2492

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
3⤵
PID:2520

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8780604191963536408-17636379222095177150-893425232-474609630-15509081311569778435"
1⤵
PID:1556

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "10108546116652623454070675971071447350700877353362534-979509606-494691185"
1⤵
PID:2344

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-181053066172271554110198910751577540020-247198308-874289131976617806-1231024498"
1⤵
PID:1508

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "583110391-2079670258-1045501868761919436474143159-1140545061-294863651-689582999"
1⤵
PID:2456

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2072242004-113593063-661066915-1256207047-79681239710510341662005791179-1230246912"
1⤵
PID:1776

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "439271771933114789-1945527615-1468241319-1185756941288354492673643943-1921383951"
1⤵
PID:2588

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-20830990441727681054169582703123404951-1778046871-1020970158-11983453871424116052"
1⤵
PID:2164

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1797391378996065545920745050-899019399617588861365176112514144736-1887122737"
1⤵
PID:2116

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19070298581225051558-350266631-248414343-6198753621349819901172557214-782422749"
1⤵
PID:2496

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2126038073-1981481165177101935-723930340317304412-36943816119061139101928050316"
1⤵
PID:2392

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "208872015-793894075320100435-190142664512240608881830532965-1512586436270361097"
1⤵
PID:2988

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "395486002-50887561-8672498931961449263-1087954855-2135508596-1396112134562968487"
1⤵
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
Filesize
242KB

MD5
69e7fb81d23416e02a1a2c3c970bc7b8

SHA1
800ddc7fccb46fd0910d17462801ec48e41def4e

SHA256
03cf69db96700839ea501d27c069dcb48702a45bef3bc292cc5af71f4ce57f23

SHA512
b2d91a1a54e29e2db813065842b1bec14f434b853e180e12b2278d28615f432fe1ec30002a005b8bf33587e5522cfaf5515bb4f2364e731803c009aab208379e

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
Filesize
230KB

MD5
a724e9938fadc7d72c790a0fad3bd123

SHA1
e08e97b5d924f93644dd4a65ce8d377827d6d992

SHA256
a12424ba09886cd50c07f4efb66ce70a5a539029cdff63e935351416dae045ed

SHA512
002105b1b5216f670cebcecb2deefbc671852b0a3e94b41e1b07903878c3b02f3d9ab5dc55d064aa6c1de7383438d31e7c90a62227deb32a932273ad10488091

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
Filesize
232KB

MD5
8a1319402655c9800f8208d66e385262

SHA1
4f4752bb55a9ab29a37a7a79e0bc5778780775e5

SHA256
a48eefbafad5707dc66e4bb2debe42943df026b647c675f9b2ebe049330bd5d7

SHA512
f639307e81e543a30ed214c06dbf98c1db050f4bb1f55c7c68594e93860cd53eb0bfa628dda1375f098829ee1370217df987ac6ce396433bb35d0339971a2b80

Download Submit
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
Filesize
650KB

MD5
8d1a017f7e33b31382ac58529073b710

SHA1
83cee03748abebca54364d04da00dab2fd7563f0

SHA256
abf2ad2dbdadaa2204b43bea386423404fb855dfc1f16de7a007343939f07cc2

SHA512
1bf25d94c08f7b46e865c2537b0702a356da509678f148f020b64a01114ea3ea9cb63d657d69b8004905486461bf2ddb198454e585145fa24bc3c5ee86785655

Download Submit
C:\ProgramData\kKowoQwU\AskkUIYk.exe
Filesize
191KB

MD5
3fca7ce2bda933c5868850155dd9c81f

SHA1
9524a8b998025b6e9f04d81e9375a3e8c74fb02b

SHA256
c187d2003146bf8c68819417a3caabe1be244ab85b5695a14b11b46ad4708811

SHA512
88b5be3f1be8e26cf4c0ffd8f7bbc73c9dde9353e8c1cd96bc6d5f53d899303577e2e4cf2e3aa01ae009562bcddbd3ce155c99ce55a8bf84a14c415d97bb7763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\192.png.exe
Filesize
184KB

MD5
e0bed9b28a7d9dc801e4f78cf7330e34

SHA1
d0e5ebb07052a4a90d5bf35b697b44fe08b4ae30

SHA256
aa8ca068dbe861d9066d430748a8e281b9990df32e8dd7c917d4451278dbabe4

SHA512
08370e8e80d5850d0532a0bfd03878492b019bb50ec94ccab438dad1d82641ed826b32a711bc26d43c954711914b73eebce28d9e0389fd562a401ca7324dea21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\96.png.exe
Filesize
202KB

MD5
30165fe1e821f5cafa58d33a1bb65094

SHA1
5ba3025e410b60c210d239d6a6e921a277dde8e4

SHA256
bc935e4d800df63b779f565c702daf78f70c75b10923819d649607ca1c390cce

SHA512
969c1f94e9c8a6414af61398fa97cca379e1a4b76eaa2f8e10c9bc56ee3addba6f1e9092dc4cd45850151b00135831462d80557d7e8b763009fda33ec4d2c70c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png.exe
Filesize
209KB

MD5
82a8f1a94fbdfbcfb3ee5476f081fee9

SHA1
dfb5d98796be2ce992b1036ec20297382c9b0792

SHA256
4ddfd17c23ada69c210534722c2143649e0fdd61a35de2d80da0825364a4271c

SHA512
b213e2be6f3541f37ce277e1e7bf49a89a61c84f0b59d5d6ee7cf0f834e7b9992feeffb976fe9d02b38820c0d320c0a0b767ec8c406c31d62317a5e5fa4faf4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\192.png.exe
Filesize
194KB

MD5
e5133a2c9253fdb7a2896963c2853995

SHA1
bce8633b88151ecedc4aa147a50188c4222eebb5

SHA256
56bd26a1ef618903e7f3b075712b5ef4e8e605f65f802f29ea4ce709ffcb8611

SHA512
8060d91f2d7a0417bf6837c8a141f0effe47206ee0f9a34ba761140f34cd80e0e3c17b132ba3ea090b41ef145ae9136a1ce0b4a5f1f834c8dafd78becdf6ed48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\128.png.exe
Filesize
195KB

MD5
880a4370d9e6e44088156ff97519cd86

SHA1
88b64c3ada06ebaae8177e631c78dc6040a61e5f

SHA256
5000ffb11d1333da091a7581a48fbc5ae110b56b8da9cb416c7bd54d420c7724

SHA512
bbc350b9a0742bff9f6d679f8e6d47c0d4d8d5c323f3103e14058a0c1e8ef1637649208f65346c4d4c4ca32ab9f189d3222c34ce1bd185d811a9e39e34349024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\64.png.exe
Filesize
185KB

MD5
04e09c0bfc501b92938a8980fd00890d

SHA1
cbc8c07dbf56f191822f71fbf6d58b29d736d085

SHA256
4904f66cf524d3bb506b3407e72bef5b0057b255b0ad417f120cd68c7ad0ae08

SHA512
0cc12818bbaac9896001eb73324e46e2e766e6e297a62f61130122d767a9b0b7ddb69f9948ee0e2e1dd5c462aa47c39e3e2aacf5fcc6fc95bc8abba4e9ddd8e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\256.png.exe
Filesize
197KB

MD5
29810f39455912efe8832a228b4ce72a

SHA1
46a4e1b845be1b8c2c7f2179d49bf2b97cd39c32

SHA256
0b4965a58ad18dcb9083e57e08a99b1eb6e4fdb747c2514331ff7e25e9e511b8

SHA512
97e91b8b55900c32e2d86072b83d2dfc3e7ef20ab144b909c6b280cd73eafa184a6228977638a430222d236fb9dae00fccf687591439f00176d94280c4563140

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-04-28_638ebaf1bea8850ca9ada168c65de1c6_virlock
Filesize
6KB

MD5
9a73063ea181f944f88c3e2ed083f8af

SHA1
f71c5a8667a65c8c0652f4ae7a4c6b57d6e89d25

SHA256
dc9657a1a14d27171f4d1653a7ff404b5c77db4824a374c44492fe2dcf12bdec

SHA512
a52276031ee722b6d1a6435ff2e8d833beafca5aec23bb7856ca8a8e177f3c5093fcceacd1cfc120c92191533e2e9abc8cbafba1d583707774c039ac3127678b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACIMwYsI.bat
Filesize
4B

MD5
415820998669bae80cfbd812b473bda1

SHA1
b1e4d6a5d2f30fe3a678ed7d2df4057c7fea3817

SHA256
956eb458b9b07f426bb4b3cd2ed24b6e9bb0824d651a60dda8534eb185512a57

SHA512
eca6c85739ec26adb4837296fba7b724e97cecbcdb68d20217924c2a92068bd1d99ab23d42608b81d6ea789947fc190f777badba85fbf208e7c36551d2a3ad59

Download Submit
C:\Users\Admin\AppData\Local\Temp\AQEg.exe
Filesize
253KB

MD5
13949e794b5c172ebbcb1c86c29052f1

SHA1
4e6a7631e8389379d56e18692c8a16a4a837635a

SHA256
24f328f56f2674c8db6148374783288b0f5d3c2a8b9fbfe1e1eb8f289db32b23

SHA512
24052da29fc9030684adf88e4e16dc712b410eecaa3e9badb83e4632319013ac219e5f2fc36fbe5c535c006c1b052af576a08f699a1f5d641abe15943d3ce979

Download Submit
C:\Users\Admin\AppData\Local\Temp\AYYW.exe
Filesize
244KB

MD5
fb2cffc8aee95c9731dda90b01a9c025

SHA1
ba9a3924922d94bd974529627e1edbc0d594d2e7

SHA256
4b44aadf876b4fc7bb19633c8c86748f008dc0cdf6e2cb15ef6ea8107c6b5c91

SHA512
5ed5bc0e1bb2d4a9f8147b78c2b14a57cdb5d455c100a16876ce9a4731c58d372468ad8fa4323e09ab7b05f2e156ca06dfbbdf595dc7c9fdbe616862ddb09607

Download Submit
C:\Users\Admin\AppData\Local\Temp\AckcMcIc.bat
Filesize
4B

MD5
693fb73d40374885d15509b9dd060f72

SHA1
140356d38ab7a73273601efbc52d5d769d7290b2

SHA256
b441589d430510175f98e5320fd70acee494b00f2977ac9117fba668a82bede0

SHA512
05f5dd3e35bd238f60f58ce2f8c09f62c3d81fd309cec07ebf7c0c20a060fd49c36f42a4f05bff6d2431758ae916637cc43eddbfed1ca1401738d914f3830355

Download Submit
C:\Users\Admin\AppData\Local\Temp\AcsMkoko.bat
Filesize
4B

MD5
2fb8a327787c4182661b231cc403f621

SHA1
6209f5fac23cbae8572841ba6f106003898ca949

SHA256
638eb21e8f3c43b6e5396768f8a42738ad2a86eeb29d65b59d54749e61ecb4b0

SHA512
4c2114fb2627d85ab8400f58e64f887efc8d1e5e04a0b55041cc5a660eb4b070697143256fd0d73418a5380f55b8530e04e867853ad7e56574f3b23475a6b292

Download Submit
C:\Users\Admin\AppData\Local\Temp\AiUIQQMY.bat
Filesize
4B

MD5
fe27a84142f116f3084cf259a579f8e6

SHA1
7f7b83660ff7aea851d49e95b36b0f7198557a4b

SHA256
f1ef6be2fa0e938a324961ed65329dc187b3efbd0db654831d2c30accce5796b

SHA512
b4e6aa72546bdc775344b6d93874e080ecb44e68976f1e73685df037ae57b520d8c1711df7d1c827963170db0d5b85dbae405f11226290b12bd40ec8f79e82fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\AiYYUgkQ.bat
Filesize
4B

MD5
53a7b19ab98df61f2929dc2fe076de67

SHA1
37d0cff9ba39fc76bee685906d02f1e6c381ac67

SHA256
9f419615d45ad2ad55a665a53b676205800b63a68c63eb5fd12fe06d77784d2b

SHA512
5a2704c788c19c4397465b4e65ea40fd01e3212102deb32006408e913fb7992f9b849fff603ac299ff8f5b37900d9e663b2ff3a877579afb691eb15d909d0248

Download Submit
C:\Users\Admin\AppData\Local\Temp\AocI.exe
Filesize
618KB

MD5
d82200950b361396e69433273106b977

SHA1
96df98d6e5c41b99f154de6b6307e712700969b4

SHA256
0de80aae27fe7fb707bb213e68e3508137a5d8b8269cc5bb00f10327d7dd1519

SHA512
255247824d5749c96ed885f2ef70ebc26d32e073fc5812f31dbf95392a13b9ecc5a1a43f1da2721fe143079f22aa50c44b511e209b02943bea20849eedc49661

Download Submit
C:\Users\Admin\AppData\Local\Temp\AwEc.exe
Filesize
774KB

MD5
d6c8e60ab83d535b66c8d34d12aa23eb

SHA1
a7b9b08e8d23d80d696800338b29501db23d10d9

SHA256
19fe44adc8d39a599365262d9edcd597d6b1dcd4672c5021e73642ebebed9d65

SHA512
f7ce4c6df0e92e21f68e7e18c136aef3a538a102dda83949eb3bcf7ce3c57730921f3ee3eadfd2ddf51b6b954f281fc29d773543be4dc2c4fb154a93fb2cde0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CAkkUYwU.bat
Filesize
4B

MD5
160a7b4231a2ef30e760979b8695b037

SHA1
bd13ff93bcc99599136f2453111de7038a60c065

SHA256
20fcbdf896e6ec1b95280ab96ff85c9b1c4ff4b875438829685eb52e8e607927

SHA512
1e498a02e3a16fd66cae2728fa77c08be0eb0ec9f2f49be61ec01801a5f067542ba110f23a752d97aa6b753eff0504c986225f6cc0062c781fe7a845942aa6fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CEgw.exe
Filesize
229KB

MD5
efa8aeec0248897669b47ed03fab9f1c

SHA1
53533942583810f20f3f66875defb5687ad47639

SHA256
2179829de21304e5d407c48332a1c73ac0aa03a9bebf1a3a5383825fa543a474

SHA512
65ecd94b18320bfac2c43093a13c9b131a50f01a1b59c1757ed1edc048189337f0f13ec850f01bae3350d88de23a0fc01432be89c52e02d7dba334b66a90674a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CIYO.exe
Filesize
230KB

MD5
7936652e8b2b8a663df00dc40bd4ca86

SHA1
e5285c41254ed09190951386333359b79f10ad32

SHA256
09891806174cd9eca1a0cf70b27a24f91fbec86c8a6c719139de0e412e0108e1

SHA512
4b471d9ca20576bfe634d90e027546f42c037534cc66d0d72b39e569633f258a43e5fd55f3b526461069a578140d959da2dcf73037492215e7c11d24c6ac5331

Download Submit
C:\Users\Admin\AppData\Local\Temp\CMwQoYow.bat
Filesize
4B

MD5
fe4c5352833acc41ffdcac6a3a37d270

SHA1
ca4f3b255c277951084850ab57a8a3cb97e56824

SHA256
98cb3c7211ca11fd15410de0fbc9b443973fa9c99dd05a4bd679a00f8b4c230d

SHA512
067a566aa2584f313297094ba4ea06404a23e779ca3c5393419051c36f69ba10a24cbfd7a6fb403ce2027a2fb26e8e7e61a824cabae9b0c609f6bd3b8c837cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\CukMkkkU.bat
Filesize
4B

MD5
872601663f21b74f188450701696d2c5

SHA1
382c2de8a14a517c9069661d800838f35c1f125e

SHA256
fa9dc4f3a57e4aac7f236c3fd2dfe813f18b499c391920117cd9f3b1e67049e6

SHA512
d3335418ace7902c0d4b19b91c2afb173bcb124f729b67c16bf03655e23a75946785dabc39099806a9874fbccb698e7d709d5e03831293b4266016cf14a0ad23

Download Submit
C:\Users\Admin\AppData\Local\Temp\CuooAgsw.bat
Filesize
4B

MD5
2f3bcb5d131f061e185103dbe664d680

SHA1
076296a76bba217beef4433e13192092060c3239

SHA256
0a3e6646a68ca54ad3baf093720ab6b248e0b13697714b57532c054f98b36d8a

SHA512
71d899480bd51d8faee1467a0c8574cff0c6310970dfa3e00b7b145d759dbbfdec3caa5fb842935588a3cf09d06d777341fb4223469bc512a3c5796536657934

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cwkg.exe
Filesize
243KB

MD5
b7d077f2a0204caa999c64dc483d8d45

SHA1
615a803e303d191080df0dfe0e7852446c6f8031

SHA256
eb709aac770554e18a791575ad2edba5c0dceccacd28ebfb0d04a7e71cb3a633

SHA512
b89534e6ec2f3c507208b5d8be6fe08ad6b15f9813a4a774aa95b9514947fe80f7e680d9e68a79d1ff11bbe04769d7884c8ab9f10d068f0856adc85b715c8158

Download Submit
C:\Users\Admin\AppData\Local\Temp\DMMsUEYg.bat
Filesize
4B

MD5
6d79c9b94dbe4f933b4239810e0f7dcf

SHA1
029db7198bcda50b9f8503610833c29ea2637aae

SHA256
22ae420a22d0bc97b46e54b7ed9aecb8d8e3736911ec685b632f475e985d7f5c

SHA512
e81ced4141b9fe86708a685030acda957163517e5d9cfb23fc6a3ecf32d088ae134d9dc513ec653cd582f2bbe4fefb94fc46726035e2091dc1952a6cb5a0cd6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAYC.exe
Filesize
244KB

MD5
ffe124343f9228ed100e955ce8613865

SHA1
54b9dbd88cc7e653e56450500fbb18ceba711ed7

SHA256
0025b686094030913c6e96295e8751d0a96282f90ba27d4669f1383895356c03

SHA512
532f83db4792c1d5912023db793a2700a681bda4f94a82e6253a8c6300ba28bca1781a9fab95404ccd22bd4e0748e0500ae6584362a4a8505fe10f30174ef714

Download Submit
C:\Users\Admin\AppData\Local\Temp\EUEUkUsE.bat
Filesize
4B

MD5
f1a086e3fb16d66c137e5b8007f63f51

SHA1
6c9612b9c5bd9225dce099fd6d26ce43682e2ecf

SHA256
16d67a41f5884a1cad891a1f3b87a75c394c583f1aff3c413ffc49b4a7d671e6

SHA512
4046c1bf893d58a73242311b20a952add91872b984dca7f0c4d18c5a4678edb2c4bbcba13d43be795a8626db085d84f43691a548baf2a3f418367c9075494779

Download Submit
C:\Users\Admin\AppData\Local\Temp\EkcYcAYE.bat
Filesize
4B

MD5
acd7100bb106c2939ac47e6fc9129875

SHA1
b35d7a5619a68913bafb77ac17a537b4a00830ed

SHA256
7b88472f79e58b86fb1afe1e748ea483e4b112171b2df7d4128954950a848a09

SHA512
15fc6d2097de2fff7e00c41d348715a2acce772026711afb0d9b6b1d3bf4531c1a7b6bae1fffe16708bacb5ea470a125e6dca8e1a5b67b1dddbbaf698a75faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\EoMAoYow.bat
Filesize
4B

MD5
1eb5804514ec0a84efae278f8bf4e16e

SHA1
a0ced96991debfcc867449a93c34e450d831dbfc

SHA256
25fe49e87b66630897b2abc2eaa9dd603372b925047d3d042eb1631d8f75dce4

SHA512
a81e3fedef153b8857ef94f64e51f8757522efd1b0c7c21c7a19f7d5029506fd337c13c9dc2f973424c0f89e176ef6a06595bdd399358823f19acb2f60e6a15b

Download Submit
C:\Users\Admin\AppData\Local\Temp\EogI.exe
Filesize
342KB

MD5
feb2b5e5eaa6cf1faff478035e8d54db

SHA1
3a4b6d8a03184fe44852dee6100cc8234f925bba

SHA256
b1ed515d92cf291d373f078302dbe6bd11b69a5e2bc1c8d549c29be98cc26efe

SHA512
a16bb81a65c00f18ed8eec54e7198f2f71140144c24c33295cd388b5037831e125f08e4173159c7219823222ac447aff4d250419ca746fac06cef914c04828fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\EwEK.exe
Filesize
825KB

MD5
4ce6ad4612f5fc6a27e10a8b614fce1f

SHA1
9f1e0ba10abad70d04e9367a16d545189e6b8101

SHA256
b9d80192f15c0161374ebc9b2725f354891a60f43f5edd57eb91ebfba72a50b5

SHA512
67e31cb3d804153aaf4c046f9d3f19f6b9cc5980f02c732028d669af28660171582699e5ce94df53653d758b70133b6f581853d94eb18a9cc8fd0046c9888048

Download Submit
C:\Users\Admin\AppData\Local\Temp\EwsE.exe
Filesize
232KB

MD5
b80f52fbb93d3497622aa8413f4eb43e

SHA1
0c9ee6f8d97eb971db96bec651e3de8cd5e57607

SHA256
8100614a8c7c4d1a52168bf92732cd8aae63ae4d4e7c81068197750902e31fb9

SHA512
65acbc4a38f9ae19290ff3d33869cef6045952a4d5b6263c410516e916fce50e5f446ab529f938f0ce76a5e8aa6b424ac939cdb3f08aa52d74ddcc9212f6b328

Download Submit
C:\Users\Admin\AppData\Local\Temp\FOsckgwY.bat
Filesize
4B

MD5
f869a3ee522ad061c6dcd5c6b2dfc76b

SHA1
7ff84e551f3668afe291947a80b98b9d9bd2c935

SHA256
6189dfb989ba9adda100b09719e115c10c0fcf4fba965850cb6481ae5a67ac81

SHA512
94b31e86b9c4ed1e44d35f0413eb3936e95acd70ab0e45e993e05999574508530c7b25bf1a71ca3a504eb78b6f406289c4fc17d391a64f9d271b2cf2d9dd6b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\FckgcMMA.bat
Filesize
4B

MD5
cbd343317dc18c6f8f68d1cd1d501d3f

SHA1
698f5cc832a6d387c198d3d271a047311e0dac00

SHA256
ac8ef60620aee54cb6b8f64994e5adfeffc641749d6441022eb3afbb6db58802

SHA512
1d21994544d2a3a690079b6bf49775ea1e735768aafd0f90430dea64d43dc80a1ad65fe3f613f06ccd1057e99e109eac24e76ebda96c3fda4dd0274ab0113fc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\FwgccYIE.bat
Filesize
4B

MD5
c00092047358e70bdafd07e24e8d5867

SHA1
6b4a7358612ca83a68eeb60ca98d42335856782f

SHA256
f1d990ed7f1ba2193914b1e64e989ab1cd4bc7b8f647aa9580bb0b7a0d262419

SHA512
150d9a158298436345189b0f47d76485c120ae59f94ad025c5992c7f3c036c470a8a8964c6bb4e0a724b678da9f3b3af6bddb9b17ff52ef35fbb452a34b85844

Download Submit
C:\Users\Admin\AppData\Local\Temp\GAMm.exe
Filesize
768KB

MD5
f78c54896004fd15f6bbe2151c8bfc94

SHA1
0771dba2a3bf174752f031c17366bc44da1479ad

SHA256
400de4d0038ccb0cc658fd271522ecabdfb4203b2c2a1d08ca845a8af372897b

SHA512
c95f7916b43e12a4e17231739a7b2fba324996e3a09ffaaf6a6ebc271dfc22819b2a1550780d8e99ac90a05c6c4dc6d926017a2f06cdd8fc7da77be2a2020643

Download Submit
C:\Users\Admin\AppData\Local\Temp\GEIc.exe
Filesize
249KB

MD5
d1ffe6c53c227dd278d2965318f2db11

SHA1
68cd61f6e5c6f01ad04abfe1b0ea7b88142a71f8

SHA256
7904d8deba81d56da885f5f2137102c87ceaee6d7c9134dfec00ff1686755a4e

SHA512
6ff7924ab453c05d0b70903e6b31f847e92ed5ec470a2569a49f40862667296257e65693c110d36789053bcd768f6f1db15a825053a105014837e539c4466a19

Download Submit
C:\Users\Admin\AppData\Local\Temp\GEgs.exe
Filesize
952KB

MD5
45225c4af200fe07856595c3ca36d491

SHA1
22e961ab7539cee88f63bb791d232d26b1ad2f42

SHA256
567ba9a6a069d3a4dd3bc3840849a8602719160b057eac131baf4099022f0f2e

SHA512
087b15169c100b4d4a5d458a3e5f499d3bab23b6571841e9a4d1a12e926931d36a55ea9874c9df65f584e01e1fd308f8dc7dcc870ef1a6dd3e378ae65adb5b44

Download Submit
C:\Users\Admin\AppData\Local\Temp\GesEoMAU.bat
Filesize
4B

MD5
79e8dd7fc549bf1e269dceeebef80375

SHA1
97d8cc1ecf33840750d32a2c6f5d0f8e179e3dfb

SHA256
0a5014b7049653e233638f1e8cd58c6ecb784d362005ce5aa1b8afcfad4d1b89

SHA512
07b913cdf573cd0351cceab8540977f437eee80c31ced26bf8db9da745d4f698dd07498069c5bd281d481d1f4673ddc211f01965fbc8306af8191b1799b0f198

Download Submit
C:\Users\Admin\AppData\Local\Temp\GgUa.exe
Filesize
243KB

MD5
353a58cb5da8e3f183003d44867175cb

SHA1
1f1198c0fae14ef0efdaba287dcefbcaa2427912

SHA256
78cf307f29ac5ebf0b68e41045a25a807abe76274ab58b0eef7a9717d0f245bb

SHA512
0983e9169f3f439bbbc305890c53eb625b21a9001d79709a0a57ed021ec81ea05be37a906878290f56234388a2c349599a84a096006f846687aceba1449fb81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gggy.exe
Filesize
254KB

MD5
69d3193611e100d752a80e3b8c5613f1

SHA1
43b97dfb7bbac095b2a612d7e49ea9a5f3165dde

SHA256
4fbf2aa1d0b49f8a0a8a107a2e83e57a6ea81b1e1d402ef1032d1ebf674b6dfb

SHA512
888175dfccc355702e87495848d2ab3423d3d3b725bd66549ee4fbd68246e0b24ee4c24c1068b2de4c23a0b85ae5faffdbf5a6282ef281f60d5792dc7d49327e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GgsQ.exe
Filesize
251KB

MD5
da144e631158a4a59ebbd8167e28b151

SHA1
f9a23eee92f201973736c71f25484bd2b8b495e7

SHA256
3b7fc0b16738b9cb4a359d1070a4008704982319d8f7e8a51db08c6819c2e98d

SHA512
6fd8d8829bc812ebefda87e732ab934e61353b27a36b64ce1486e6319347302b461de768a6d0d5be4ec7d0b8ea80ad26177e52d1386ccadbfa0a262adf267e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\GoUy.exe
Filesize
182KB

MD5
c49e1848fb8001f8fa9c0af002a4ac5a

SHA1
e9a509de08fea2fa9290fda6a984cd549a984810

SHA256
a32b54dd6c4daab2086fbbb37501a0696587ea6b3bda6c167b0124df3b418312

SHA512
08215b39998da8f3ad4c71fff00180e0b36a4c4d75af5163d3b5bd38df7d77aee65d96a31eeecd7f64668747c9ddc24695f506a75a09564de65b8989edeedb99

Download Submit
C:\Users\Admin\AppData\Local\Temp\GwQa.exe
Filesize
238KB

MD5
a80b63903ac282b2fe7b2770616a67e4

SHA1
f3ea973ed6e6c5fc42d161d2bf581da8804cd1a4

SHA256
749dc51a8214e05bb4c398442b6a391ecdc8a6efb50a90151ef7e1b71efff71a

SHA512
db4717acb3d5f72b1bad0ee94a3ed9d3f70d1fee47bec60955683028470fe259277416f7d2f8090ae6a16371bb769796baff87980c8b3f4fe9bea793943d04f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\HEQAMAkU.bat
Filesize
4B

MD5
9d1bb0c2099cc49adb0fe5f60f3a8662

SHA1
3e8f4b4d34a48374b13d97543dcfafe9674d379d

SHA256
519deec042498eaaf7ffe2b92c5d83bf1df314b5d15641952eaf200fe9f5dbb4

SHA512
38148c0d3763f61945d66ef0eeefdb5ff2eef8f3d4cbd5ee26197aac8a06f4aa79c47b60ea17f431d82fe04bc6180d7cffd1ade2d7909e4652ed2eb8000f633f

Download Submit
C:\Users\Admin\AppData\Local\Temp\HGUAQsMc.bat
Filesize
4B

MD5
71c1f41c7e06a50b7f8d96e350a1266a

SHA1
e2b0975f76b995374e9db8a73f29357c95654bf3

SHA256
1c8693b419cd9879e2c271a732f849b8d7ee33dd6b466d37bd3ccb77bc085d79

SHA512
a8c41de1d063caa0e9224aa643aafda4a811fdec8f3008342742a19ff8a024ba0dee6cc6062c0759c94afe87ae271cae9186623d90293a67c13f650a248b78f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\HIUEkQMY.bat
Filesize
4B

MD5
84125eb401bef3f2de8335c9a4b84397

SHA1
7541b8054819864d7f64e2adcc1b2763fb23c2cd

SHA256
165414e79844e6fc597f465432ebeb8f81d80a844daed99620971704f7b58416

SHA512
d65a1b33940cb8496235b93dc271650ba35be6490137b722fd2a47e25830cb07f980d5b90dbfafe97e7df0db49c846f41e7a5c292b5c387e0e0c01c724b5f820

Download Submit
C:\Users\Admin\AppData\Local\Temp\HSoQscAY.bat
Filesize
4B

MD5
3300b07c428bf6beb67964a8f914e298

SHA1
4b685375ac7470b21d82df47c6bfb8f41d4787ae

SHA256
a7e7d1bde3f3f370f19b99bab22396ebfb4e34798ab4cea129e210819b452663

SHA512
775991361b5550056dc01bce34f8c7a041029bab901da63f0a03866548dc15737787efb5e0df47758db4daa3811ff646c8a914c616fa8c1bc5485286d4a0f169

Download Submit
C:\Users\Admin\AppData\Local\Temp\HeYkscEk.bat
Filesize
4B

MD5
8b1700c21341087f9967c8f79528b4b3

SHA1
8c8481634bcb8d5810e58dbcd286cb8cfa9fc739

SHA256
5e9b9e45b31fb1d08408d1db5dcc9dc09d073be7823eccee92cb625530502879

SHA512
fbc4e9c5c3763107064af07f78b0fe7d96232dc7d672a04c60fbced05f3f34948d289e81444ab64830c070dd1a63e897a669fc4be84bee247020a4bdbc633b31

Download Submit
C:\Users\Admin\AppData\Local\Temp\HkUAgowo.bat
Filesize
4B

MD5
b2239f3e4dbaf0c10933fb90fcc8ecd2

SHA1
47381010cc67b80f18fdb6fb0f4c69124220cc9c

SHA256
909ee6f0a3038d8472ec20d332cafb9dd115f75d3a9db45d2b1f4074eeb85dec

SHA512
7e6f761139e0305b70e99aad93e0407b3737af3d0bf83a1f57776cda82e3460931d71433b43950a282ee1a1b085fd4e60b9f72a183d56a36d8106e0f6c0acc84

Download Submit
C:\Users\Admin\AppData\Local\Temp\HkoYosgM.bat
Filesize
4B

MD5
6bdc051720768baac291eeff1c79822a

SHA1
10ca683fa3e2b5b94052cda515a9c03cef15b5cd

SHA256
c4e0dd5524e1692f93f2f2a4ac186349706c89f98fe956c8b38bcc295477e8de

SHA512
06f4cf74cf45f444c3ff412347b8b29e376378732dd0e70eb2df490ab44450314649b3e152c38e499b6fa62cc695c3265ec9616f3ab59357fa33c11f00211bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IEEu.exe
Filesize
800KB

MD5
ae3bedbc467f5c89d047ee6005a8bdaa

SHA1
08e39b5d573f6ce76f022589140681def54933e2

SHA256
0270872e1f4c7e356a43e9460e97860476c8531e6e0797bb813ca76cb7498f62

SHA512
0fadac686c0bbb174c63c8a40786c4ec7d24ca1e571be6c87e844dcb393b875172bb88eb2fd1e384cdcea6ecaff74698c3d38453490e4a845d2b1c93cc8458f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IEkI.exe
Filesize
184KB

MD5
31b561d9fc375be6eba1875bbf9776a8

SHA1
98186dad519b4e77b4d7214fdc595b6131b27cb8

SHA256
5e55070996acffbcf55c3cc1886c08e11b78a2670d07722cb70ddab76dcf7107

SHA512
9c59f579af8872400c23274e2c2c1514de435af199c130c6da2c0685a20daa1933c13f3ea241024f712834fb032e9f11f404d9333ea7ee0a5d906b26ca8f6d8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IeEsQsQM.bat
Filesize
4B

MD5
f85a7e6c8f0de08f4916a5009da5df6b

SHA1
ed88ddb17b1bf5146e1d095f6e610d048bbf4978

SHA256
ea087c5344660999f7281aed58398a798d54e8b802c952ea47645ba3939403d4

SHA512
f1719e3203a2a473d16199b729adce5a221001711bbcaf117052366fbad3b01a7480eea5f93474312017ec1d1332ba7ba6ca68a58cb24ade99d2f7eaebed26a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IeoAwAUY.bat
Filesize
4B

MD5
1f2447e00465b1d125762455b687d16c

SHA1
917a95c2712a58138c156788df476968b799cb18

SHA256
16242ddcdb41ca5f42e694c58356bb089dcbcd765239c6a77c3d12046b5a590a

SHA512
361a41434065dae9aa74c6263b29bdaeb54c0dd5c7cca530bfae163004d96465a3e544c4e47e6dee8d74e57de8e760abde2269aac473aa549f80d5962eeef75c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IkMq.exe
Filesize
208KB

MD5
c52b76d2eda17a31c7cea82b782618ac

SHA1
4428b827b2c38f0f43e11a1061500ff0fc492491

SHA256
aaef06bcd805cb6cf1d84c4215a7fc2c521616f590bc7553c4c5816f623baf1c

SHA512
bdf25c80c8dba90061795281605e7c4f21860cd37d647602842617ade674a08033d15ec9fbf743e237546fb111c8160793969997dd280db91019960bf70947e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Iwck.exe
Filesize
250KB

MD5
304419ffcb20fae1832443994552834f

SHA1
fa417ba14eff29aed338fafccbdbe08447cac79b

SHA256
8a8d201c76c6f43042619915edc7c651572a013ccc1b2a8ef80c3a837f4742a8

SHA512
5b7a3d784bda1a1740049178a51fa13c8e9b5b0c4bb88adfbd4853c5b4362b50cf6e8ab8c1ae757e2af53ed0e30b418e91d83eebe3e3a9a0a6ffced84381999b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IwkM.exe
Filesize
227KB

MD5
5ddb35f73b0fe0dbb37eb82ed0142dbe

SHA1
72d04844e4f9c524da7d8095b1e6c225bd883ad6

SHA256
af4aac16e216bd9825108ea0636d72f7243d40e9dac0e637a13ba3112c1d1400

SHA512
6a25ddefbd00906acf793cef8022e8755587df00e74a462fddc8c848a968845eee08fbe404307fb8cf184e038186db8bcb93b25cc175af064e2b04dd6f025a9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\JgUMgoIA.bat
Filesize
4B

MD5
44eb860d9e058d958119588fb3c17a76

SHA1
fa854c91a0d33c7be50732ea28592a6384145624

SHA256
6aeca60fb7450c263824a3c4f2216c033d6c3183dd31fc60129aca8bf8c2d129

SHA512
cbf389883eafe07ba809d2bda811c9f626e01f09a00170b0bb62d45495628dfb7a9703e9c4781dc8094fdda55a7727335e39ef9b5ec3a6a39ed143116c01900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\KAIy.exe
Filesize
194KB

MD5
4b2e8611803226cc45b41d71721dea70

SHA1
26f5f1fa619e1f616d4ad5e0d60b1d7ed89bb3ba

SHA256
73b63186c5ce8e06ae58186310f7b84f37cac5d73458c9f0b6761b45accffa7a

SHA512
5952da4701d0c95c6b45fd93c7e8bea7efc03b33f49272d972e23d7172bcbfa872ed6ce2c44c6567ba5ae821b3f9f57c4ee4eb2769d062898db7ac248f05c27f

Download Submit
C:\Users\Admin\AppData\Local\Temp\KMkc.exe
Filesize
241KB

MD5
43369e6e1034a18126a451e6e1691da0

SHA1
4d1238b91719ef19d6f6b9194c2e131a56abf990

SHA256
9caaf1cb2654a6903b0c11e068cac34f63563eb7c5711011390ecf276d784691

SHA512
8ddab9d078cd33e63a95a2622296c3b41f225e205d3f8fc93efb1a13f196737dc5026f20f373d6e9d518387816a016a5fb3c1e9e2480d34a28f6d362a5bba6ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\KQUi.exe
Filesize
747KB

MD5
435ce083ecfc3649e576a5b7c4e8d562

SHA1
313067e647c6442964dfb40dd609adb8e865f7c0

SHA256
3ca33802c3e62b72b3248d2d30b6603938acef5f7f75ae6d5e17480ec8da9465

SHA512
7fb8cc48e7fb14f4ea764722f56ab1a072f6751e8db276eb474f004c54df3a8d64eab75ff9730ef144e2ad11d94e83c79205caa88739299e138beeaaa06c72be

Download Submit
C:\Users\Admin\AppData\Local\Temp\KQsu.exe
Filesize
690KB

MD5
599f28f44b54cfb257adcdea64636064

SHA1
770b4456c406b9aca3ee41eac705e0d16c4e7d6f

SHA256
e99c883403d3ee8dd74e8f6ce5b7b3a7c34ef13ef23ecdde6def450d3b7ef81f

SHA512
a846a4e494a39e3ffaaaa0b52e01cc9cb5d91add4fd4791d0af6dd86e03e91a6676b70e3c1d56a2c253b0c5a7a1b7d65e30d6397355162600bd40cbcba1b12d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\KSsgcgYY.bat
Filesize
4B

MD5
62d1bb4359cc7190580e3bb4dd9c82ec

SHA1
3806c3fc9a01f524f990be8ebcae58a974900477

SHA256
054a0dc03caf4e0303c866533af7019fca7f0782e2adbd3b0ba414e6e1807082

SHA512
a9046e31b6ac76df2f97230602dacbc6655af4fc4d007937a7b638a06d6668923df0794f276ce3f39606b0f7131b5dc3c7ac27ec1e622b9f309a12191ba4912c

Download Submit
C:\Users\Admin\AppData\Local\Temp\KgEW.exe
Filesize
357KB

MD5
cef6be74cfb7a1f7e160ff43b6c6d9f3

SHA1
90bba3a630e5bfb9a0a95a7ab7115864202b9c36

SHA256
16acffefa613c7c6f050a2a2a3c3ad28f5c4de1b18e4a05ff3cfae8cf9ba0767

SHA512
b1d12005332a783c3b7ff60b0a0b715b84a7185d92d2b57a66ec9eeff4f0aee0c81b1845e40293a6ecebffebff69fec793b042b299eeb606be89f8e42ec466aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\KgoW.exe
Filesize
1.0MB

MD5
4b3365c24f534221e4adef7c43dfedd5

SHA1
eeeaa04bd3ee4238fa4a012d113530c00e02c8fc

SHA256
14228ebea0867cee42da5a291078663ec268666e2ea2dbb8ddf9cbd29a0789a5

SHA512
f7a060dd35c4837398fc7002c4bde14be3d5f7ca6c980914b81b3081ad31fb1130e62d4cb50180e4bfff800af0aec67db5e59c5edf8d9dffe0f370c11108fab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kosw.exe
Filesize
247KB

MD5
e11563b6bedbcd25cfa5162a8a83594c

SHA1
0efac5ccfbced656b9bd411cd668de2308939151

SHA256
56e109be5bd84633b13d97eed61d705ee8836e160c5d910c5bcbf3c9480d6f8f

SHA512
fa8ed8341b46dceb8150585dac56ab4ced91e93ef2cdacdade7d90cb597a5b4f4c95eb46c141aca7af63bb74caba0df74f3027a047ab315c6a607524fa975989

Download Submit
C:\Users\Admin\AppData\Local\Temp\LiAIgkMQ.bat
Filesize
4B

MD5
628247e2902255dd5f36ef5c50801310

SHA1
4d5134f71b68285662bec523f9651574b8b3d034

SHA256
b331a8677372fc22332574560a58b18acae4e96572dc15f93f7a22a37d66f676

SHA512
9d7f4a6f52235057d9a22ca2662cd867cfecc61844c4cf20ff73fad13d866b58fbba4ab4016b0f679fec287f007720e4d03b7d3ead26b54775c1913114ecebfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\LmooQgIY.bat
Filesize
4B

MD5
7440a288cf94da470a16cbeb600579d9

SHA1
68b3b5384b93f08bd3c9028c822b0dce5fd87e4e

SHA256
f86ea11921874507661432dfcfa15bd66293984dd8871c19b3dcdc6d565bd9aa

SHA512
f439c2677d09755aca5db7c89f7af0a09f62798e59b967b0df3505581fc873c777d884f0943661116ae020ebf105bc332184f41211e77928265e0e1ae50c18e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\LskocEsA.bat
Filesize
4B

MD5
1fd764533dfcd78dacc9f91a874f6c47

SHA1
ded9113bcbddd58c2e5176441196d17b06613bd8

SHA256
c46fee689bcddd8e03c5d6167788302bd38b8d11e44f229db08459c0c2c3eaaa

SHA512
028da9af7af3e001112b2466c747ba34874c4947eb63ca3626d79851d1a4d114f94d37c1b7262df9d3f9085823dfb70563c0d654735978f4ae57e14547331037

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEsG.exe
Filesize
235KB

MD5
33893dc9744fc7e8eb68fc2cc31e36ec

SHA1
ccda9c2183597b4ab5c49547cf602dc8d3ee0bcd

SHA256
439cf4757e1dcb5a8bf43280776e34afc216b06af60daedfc992dab15e89e0b4

SHA512
2c3dfe49a6159770b2984ac9f1a0343c1431d49b623e85e8d57566ecc530a6c6be5af01877f6906909e89a608c14565d58300a74982f7f1ed3d766e0e33f7ecd

Download Submit
C:\Users\Admin\AppData\Local\Temp\McAo.exe
Filesize
1.0MB

MD5
b137a5babc1177ab0d4ba26e4360f780

SHA1
ef01f6e4499f5c3b4e6328ec3e82073f0d0ebec7

SHA256
76ffa658f1c6fd51c802d917456e74c166aa55462a2c2b33fb14b0bb9cb560b3

SHA512
4b7be050296f73be9a1b53ccf09613662069966e0cdf793f81aaaf29eb7c59d64c173899982ad0f8bdc6caddaa8e1ee59110b0b04970883c5170c140cc8be4d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\NAkgMUAw.bat
Filesize
4B

MD5
7c88dd099f60b105ab98b36b1e88fcf7

SHA1
12b28621b706e1639d711e3407f443a6a0bc946e

SHA256
bbb9d557a7c5875d479507a7919de4c0076932c587234c7442e8b1c5fa13c982

SHA512
3bb3903bc97e61751ef84435e1efb560741b8907905d48d5053d5e924a1223ae06fb3e134a70f2b7054956260eb2c7f3a687844bc045829a4811e98d31ee85fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\NmIcMcEg.bat
Filesize
4B

MD5
b84e7f5306203ad94c31ec9a4f6a732e

SHA1
52bc0fe2ff8c0f818ccd9dd3eddcde200e4b17e3

SHA256
8517119e75425f45b681cbfe2f34c398af185861b80335ecaea2561035af0ce2

SHA512
6dbea68c5e1d73c6166cf8ac41dd52122b08a08ee149aad09ef5a4d40c0c52411d67bc955a407b4990db2b1e9856ad658b275e30c843d9af12272a90b17150fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\NoEQAIsY.bat
Filesize
4B

MD5
ca30873f5026d5b421b8525cef86f3a5

SHA1
b28b5c15e2e1823296a3e1f9d666f94befe95597

SHA256
3e30ec3588e55687497e155a5df8ad667e19fa1c3e592984cb7cec4ecedbf71b

SHA512
1e6874b5aa1cacbe58913cacb67bc5b083db002a8970f15f69fec2798b89ec899ac2f0fdccb7b2fa4aa3cf7518a46ceb7766d229cb16c6a900cc33877eb212f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\OAwU.exe
Filesize
374KB

MD5
690b6a3a5eb812b15040ff34dd9407f7

SHA1
28ab278ae12df177a46e31d983291bd3e4b2ddf6

SHA256
a3f6f28a06be70e83df1da6fe8a96a1b7322c535c88e84e19f87228b303fc5ec

SHA512
f0eb27ca88d0bc85365f52f133c0b8c1a60f924cf6c4a7bf42a4ea42174cf9f0080d587b201b174649710235949f86f23dfe90e5801406aebdf8db31685e46f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\OIMs.exe
Filesize
938KB

MD5
4e8adc4ddd2f2de63572b268c7bdcd3b

SHA1
b8db58e3d0b7f88827db842371c3e059b517792a

SHA256
f9a6c9776d066e23174ea68fb029cdc6d8dd16b128deb7f50e0c18f1668f39d1

SHA512
b3a4217f0a3d7c9fc780d234d669333a07239f6a06bc1a7a3ae6343d5eb6a5340c4f609a7de2dc1b9c5a7138f7aef3a9aa0a9bfaddfde8615903a5b90b2b822c

Download Submit
C:\Users\Admin\AppData\Local\Temp\OIUw.exe
Filesize
188KB

MD5
d4dea35912e856ffbd82355f41ea89cc

SHA1
dba9b13a31bc7e3565b0d11317ab26ebd2ad2c2f

SHA256
7241bc1c636e231a4836242449b5c2c989da24ca51d80b843ecb86c0fca26738

SHA512
9b7cbe39aebd8bf96e0a5b1fdc7c6df7ee18ba346bf6c3f81c0da2d57c4c4c55988055c7ca05d09d9d1a90f52bfde68eb6cf7f94633fc8d81d5020de654884fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\OMEC.exe
Filesize
218KB

MD5
c619811338b33ce24c7798c4464585c7

SHA1
1c71292786c0d77ed5b84fa4eb51c8e9d8055627

SHA256
d62adad509396560a0a79bb01eec9d4d396e1dd82dd2773c33ef1de5e817eb15

SHA512
4ae966f46f12acf12f3500405ea59c935ae1f3989fbadf230f8a21ea9df6ef845f94d57baa7f766cf4dc5fd5019bd60ea48be2a7619879afc5d0a11ce0531eb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\OMoS.exe
Filesize
181KB

MD5
b4012c8fb718e740f6077c61fcb1285b

SHA1
f1382cb117897a2ac538b9dc581414c74a8654ad

SHA256
cf6c417d0ec0aca532ece61770b4e0ed35fc13029184914a76623310c115d8cf

SHA512
d8f021215a48a21276341f43e3a22325cca8ad8583a88284c9d8b87ea261851f921a275cf1f40aed8f48cffa59742b32aaa68585348b9cd607543026686cbdb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\OQcAQMUA.bat
Filesize
4B

MD5
a1c6f69188850cb3120e1c7c36a3648e

SHA1
ed8fb8e9eb5a2da4fa01b32b62a1722d7ebdd053

SHA256
bbfdf61f356d9482ae38a061890cf781b90cf1cd39df73929f8360511588cf79

SHA512
7b513b40cc0a69a70a516016763386aea5c24f944ff8098ac8658c4874d81efc24d4471d46b0eab89253d654d5f324e97847bb9a9be758a98cadb0f749dadbd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\OoAQ.exe
Filesize
193KB

MD5
e2a97d2336381bf96a2463b9aeb6cef6

SHA1
96398e11f516f2eea92f0561373bf607eedc4df8

SHA256
a1e2b12df1fffd420689ca872e31fa65397766b4cf78a68e62bde0391b388b64

SHA512
ec0c1a1441e8f917a65275601a14ecd66a396b97b0c1e6b6ade8b32dd390106cc4661cf88163d5cb6e4965ca42a645788731dbee519458de85925ea544db93ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\OoYIQcEY.bat
Filesize
4B

MD5
71b93a2a14032bd6c071112656fa13a6

SHA1
10fcc0efb4dd21d64b5482dba3312b919e6f1c75

SHA256
8a407048247799262728fdd11cef4f91c5986da5a670d1579b7fb62674931b75

SHA512
a245526a3f16247fce99f7139881a946b270512845492802feee129de363739ec6ae5da5b7bc206733c73baf0ef9a96da94f1c38d78636fee90f28bc190b0479

Download Submit
C:\Users\Admin\AppData\Local\Temp\OskS.exe
Filesize
241KB

MD5
19b16fa9fb43107015e0362bd15fef67

SHA1
df4822c1d633ec574323dabc6ed3c88839d1c8e5

SHA256
8bc9f896c71d3aa874ce580ff8336fc96b37298b563c8d13f91a6bd52b2412e1

SHA512
827edeb30b9799b32b6fc7cd18fd172e1072e3f36c97e1eccc840bf8d4de52464cbe718ba24650655ac192ce7bc533125e6610dd7a9b0c8bcfd000526ea331a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\OwUE.exe
Filesize
231KB

MD5
debb36f353518aee0a43f55b9e142fa3

SHA1
31ea830f332b024771dd53ea46e0723afc18713d

SHA256
4e7834785aa60679feceeb80aafc66d8876591a5a2502ba287a0ac1a3ebc6e03

SHA512
977c2cbd6805efec8b679af6fd23a68f0bf9097b5fff3cc067e789eb4a7c7d27cd18a1873735f57f8028649ea5ba69eaa1c3ab60d6f11cc43864b9c786e2cba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\PUkwEsYY.bat
Filesize
112B

MD5
bae1095f340720d965898063fede1273

SHA1
455d8a81818a7e82b1490c949b32fa7ff98d5210

SHA256
ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a

SHA512
4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

Download Submit
C:\Users\Admin\AppData\Local\Temp\PyEggIgE.bat
Filesize
4B

MD5
453a46c5ccf16bd6c668872ddf5a5cea

SHA1
08c88bf44909d4b066bd71117927e4de8680edcc

SHA256
1c1e9369e7ef5a2996038ab49499a5f50d0de3de9cb53b357c0655dcef16dbf4

SHA512
cceed242cdb95f3572b37dbfede5896189ff34baf3265073b90e14f0ae26c552519cfed98b0f051e92557e3973b3784e1fba8cfcd949eb7afd9a2fc6de9c4ee8

Download Submit
C:\Users\Admin\AppData\Local\Temp\QEQYwcEc.bat
Filesize
4B

MD5
2eeb7c6d8134bc0f8bac8f3696eaf7da

SHA1
9a6e778ea9f77c126689e9eb74af91b7dffa3ab2

SHA256
96baa0045381e7b2b4b1ce919f19a5d4fd52a9aa1d21974983203ff7679d945a

SHA512
0b4d5c28d3f45851a54f247ec5fbcb59287e545fdd56397d2b4624131e0cb5f1e52c22d09f34f9d02c500a4eb5612d8b4e87fb5d175e1dd505144f2f0890a14e

Download Submit
C:\Users\Admin\AppData\Local\Temp\QEwE.exe
Filesize
190KB

MD5
9f2ac415501e027b2a61eb2ff0c11fc3

SHA1
6d5ba008c3059016b2f47736d8e6417fcb8540b9

SHA256
ddae6c1937df0c0158fcbef01e8d489400fd9867299f17865d321e0edf0d6381

SHA512
10220359d2569768485a75e729d61a3bcf808284b53afe1b64b58c63cd8cdc3d443faf4cbd9047413ca6023da89cffc5063e527277ff32aa3d0b3713f6857386

Download Submit
C:\Users\Admin\AppData\Local\Temp\QGYYYIQQ.bat
Filesize
4B

MD5
56bdebdcc91278641ce2ec79408aef48

SHA1
af64d33f2f194f002c4f03e00deb4112474a004d

SHA256
d83d66c0aa3b6f5370657b1002ab5a24bed2596c1ede222a1692e67a2f5cfe39

SHA512
00834183fc19bdc9c15f5831998f415ac0dd8b8213f94255d99c2e909c7acc350f2a8bd2dd7149aa499ecef652c1e34b6d1636a63642c937ac73d647a9144518

Download Submit
C:\Users\Admin\AppData\Local\Temp\QMYu.exe
Filesize
227KB

MD5
b3de731aa0bcd8c28a9a8c2004961db4

SHA1
4a08b897e5936ef7072ced16a39da64497fc82dd

SHA256
8fe1be184f162f071fabb150c26cec86e1a304b032c64010d97196c9393e5ad1

SHA512
48e4762e1e666043c5d0a50f0c9cbafb6cbf863f611a9e179519070d2775874cbb77f394a6a5968c05ecf64a04a132ce3174698e58b071c03527f1db147eb27c

Download Submit
C:\Users\Admin\AppData\Local\Temp\QQkAoYsY.bat
Filesize
4B

MD5
ea74403a3e67af247fd4a19a99d1028d

SHA1
954be1bd13cf1ed5c85c7bdfc5ead7833ac2c361

SHA256
691ba84433fb6090f69943490e36edf96636ebe1654fc978b6ae49994d887d72

SHA512
7457a8703a93c0d0a01632b7167643fc9f1a40037962bc8e4cc66913600ddae05c3f75114444abc96c7676debe6c9a7d1fa2181e8aeddce738db5aad6d0af927

Download Submit
C:\Users\Admin\AppData\Local\Temp\Qkka.exe
Filesize
1.3MB

MD5
0f9021c5d8fb582bc0eff327f2e40526

SHA1
02f98effd3db1e12d1c9a62504bb93d7f5dbe10a

SHA256
e6235d9e7f923c8c1038d4f9712d79f6b33ae350788089af690d08cd5c53fab6

SHA512
68e349ac78812b5c0950067f1f39f20a7bbaad80e451e02b0b4a4b84f4e01cca805a03d39d45e7d27be858840dfe5f47c833a6a0187d899fd6d1f9365a7580e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\QsAY.exe
Filesize
8.2MB

MD5
090ad6bf50b641b79d3d0c6e4da86696

SHA1
9782f0a385e33cb7dd33ec18ff4794b410983b1b

SHA256
75b360609e9f39ad6056711233af315ce840aa479badda06d39d6007d6ab53e2

SHA512
fb00194cedcde2c8a8a8ad47fc33436ef6ed7956921cc07ba7eef44701e0e4576d77f4844ed9e7cf42b2597672874acdeb5ca88a2eb1c75552615a2630e489a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RegYgEwI.bat
Filesize
4B

MD5
9293df501aff235c25a8609a9d7b319b

SHA1
1f9bcf4bee2d2c1e013a6cc0de784c217f502cda

SHA256
a7b6d69c0cc995e4d3fa3e1a5d9262af33fce956cd756fd304c11dfee5b970a8

SHA512
280c64f8b57b0794534e797b5fdeb44f890f9b77fbc646324fb3d44b15b828704cb75be1850d5effe266e11cf1adc190f59f7cd3c68793aa91e93fc985048a22

Download Submit
C:\Users\Admin\AppData\Local\Temp\SEES.exe
Filesize
227KB

MD5
a8d4b26010948f5a6581d5059fb0143e

SHA1
f9955375ec6d692247610e4c53879d446868ddf2

SHA256
9ff0f3edcad6455c36152f72e7d717903e53d9c8b935e9f70fa97f8876f61d8e

SHA512
bc26d1684ee2f0b994044cf7631abcac77f07ddab12ef107521ca7d7a2afa1f2b85cf973c46396bbc4b6db92d1121133f6e0d5f654d6a786044f283cd4c75d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SQYs.exe
Filesize
223KB

MD5
13ba6637d2a27285a8ede75e983756a7

SHA1
e40a5784478bb428788ad6d3f5c312f9316424d4

SHA256
30eab3b5555061e29a408093ae5cc8b3e542895092049d1f944369b2b1f900c9

SHA512
0ddfb69a5f0ac1bd93e691a142531c6c9b84e812450b8dd760b4ce2e56e244b73a5062beee619d84a50cdceae2a115801cb67629af2ec78c2f7f6a10c2eda1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\SQsy.exe
Filesize
225KB

MD5
16ed60124c2075cbfe3d81de026b7b26

SHA1
d33dfa7e7654243ac876995ded1808e31f7f29b3

SHA256
77e12fc98c5fb3e476250d5866fa96b4ded73e984f3bcbbe058fc9436fc63eb5

SHA512
1af92440ebc7a743e9d69effafa102d6139b18612d95cda5a68e43993303d1e9e6f6106352cc4f92bc540f425232b9f06470bc7c1571c7695dd2de27843f6d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SaQQgwog.bat
Filesize
4B

MD5
8cc8776ba35cb81aa76623b72357e7d3

SHA1
4d9f44a354a2bcfde4e6e7efc23be6fda9354871

SHA256
27aa52db48a9ddaf557f1816d8b14885e89bbc655cd19a98adb2e225d3a67ca0

SHA512
d6c3295a4c97e29af30f891d07e063eec922c177b99bc0a769e7e31be27ba373595ab1377f4b65e2ad78f327b71c2d0cb05b82c9209083c62126816e36881e9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ScAm.exe
Filesize
244KB

MD5
29f7d699f60b29810a180b6a64f31b39

SHA1
7d6ebd6f73f2eb493622709562b2f08c08a79fcf

SHA256
7e166518351a29c31bdc53e498793b1aaf85d97b3435ef3c542897c6a559b524

SHA512
5c7406c5dd10b2e4dfc43d6334e936032ff15594800a15bacd94ee8237dfa931b691ad12781ffb967dd23a0360d197d6017eede17e15df4ef120561b96b4da8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SicsAAwo.bat
Filesize
4B

MD5
a4abd12004efcd3fd1794c6c2da5b457

SHA1
4830a87d8f6e1be565f8ffd66e263aef9b0c2907

SHA256
ea168d75b94452c2f17b0e0d8d8e91e53789870ef8f2e9fbe0cba865441403d5

SHA512
55adad32b026afccc84ce0e0f38d4bc2e01013f6ac2b00b6d20ad2aa0f5b7809f7264f1916ec190ac100df2539a213a009842d28f8533f4c534c8bed4d41ec01

Download Submit
C:\Users\Admin\AppData\Local\Temp\TUkEsAQI.bat
Filesize
4B

MD5
166be9548a73124b0eab7293535fead2

SHA1
f3a2fdbcebaacb9a560a47d1308b9854bb457cb6

SHA256
9ca21d28f93a15933980577d5f50533c0f0808007f80546fe797d30654fb827c

SHA512
96715b44997ed50aab2ce20b3bed01790a4ceb9dad25764eb377fb88252ff169de0bee02952e949ec1f1f7bc5391bd3692cbe339c1a1b242c2513912cfa2d07e

Download Submit
C:\Users\Admin\AppData\Local\Temp\UMYY.exe
Filesize
614KB

MD5
5749b923dc366240cbd15108299a068a

SHA1
e4c414032bdcc9d79c5abf8fc1d50f721501be27

SHA256
e700cf98136165c9f9acd71f77f61a9479910edd16fbe1d31a1b724468798d5c

SHA512
12f5a7ef0bc62cb5469982dc4c4897ce0d5cfcd193881475792489d99fd620e48673a4f25501d4b5ce6c5c679325dd081e894b76794d09dba1ba5a7c7508fc7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UQwO.exe
Filesize
226KB

MD5
48f2cc6c0864db44d4f37249d865ebe8

SHA1
eaa76c4eeaa480d6d64688629be3ed3f5e2d5a15

SHA256
09862435ed833bcec43533d65ffc836de2de85ca1a16267dec92728d61b9a090

SHA512
355c661f7e354e5317c12c420926d39c4bc8e9f1df2611c31f6a466f464e7e0f2b608022b673e232c639dd2f55b5da7cbffe22d2cc1c98b28aaeb6fd0ae24aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\USUEsIEU.bat
Filesize
4B

MD5
5fef60d340e697d02613f7e0bde9d7c8

SHA1
fabe06a8f60cfa54593858a628f1354f414539b6

SHA256
13962d06dc786d29051209f317fd3c4f7b66317353fcbc9e070bee7252b62bba

SHA512
f5a10c0b9bfc9696f146691e5b49bac93bf48429ab062690de09a18c7357639cd09a98c6a611bc3a112a5be543a3dc50f2b5fe5e6cd8dd8591747394c97bd4aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\USgkgIAA.bat
Filesize
4B

MD5
d60ba5abaff191f895d7c4a923f00b3d

SHA1
59be0fd84cec1d351a03265e5d3c130f7e1916d9

SHA256
1cc838967c0c1f51a37f6caf7589e52483487d45c5c755ae0af8f0009eb3a1aa

SHA512
b27eec9d7e420691b983957a2365ec623be81cdd513ba0dd4da86be674a91fb1f6ba1fee484f8b002a2b140a07b360b5b2231b6bccf88cab9ea7d8952932d3cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\UYAU.exe
Filesize
249KB

MD5
8e79b184da01e211d2784e6733220137

SHA1
5482ab4ff220c2f71e83110b2a0a6d8746c4725f

SHA256
090418b8c85e05f1b5249644102df3a9bf4efb545c6c736ec5417aa91c3d9999

SHA512
54488667c3648457f6d08283bcdaa36937653881873778f461275f0f117bcbe66bc88cd951ae4b65794fcbf6abfc2ca7ce7cbb06271510848606d1c28d1b3832

Download Submit
C:\Users\Admin\AppData\Local\Temp\UaYwQMgw.bat
Filesize
4B

MD5
b729b09d3ec20bea4574d7d750ccbc92

SHA1
cef9f91ecd2b9c526a27aa52d27665a10b12fd3e

SHA256
0680b724d47d412f9d688e11ae5003fd054d63d4f95312deb26195352c77fa33

SHA512
d262cc6e4680ef2a25895f962f615a20283284b6131108909d31b19c9d8f83f7c04f09e87de5cf24d9760985fff4c9cf9a18eab391629a5ceebd1847c6c08184

Download Submit
C:\Users\Admin\AppData\Local\Temp\UmwIcAwc.bat
Filesize
4B

MD5
4041c25079891feced26c951fec07640

SHA1
3a60bc0f93032a9ae8ccd8c4c56de439fd43a040

SHA256
c1920e44176aaaf1768b9e0fab23bb45c49b8a469659f50ac1c44731d732d24a

SHA512
13badf99a5ece388cd6b3444ccfb9395330ba2b6d232e173b07270320bbb1764734a0c1ed695fc756d80d936a6d6b7411bd5289e921f70c41af47fabe7d5943d

Download Submit
C:\Users\Admin\AppData\Local\Temp\UwcEgsQU.bat
Filesize
4B

MD5
2d7e716c287d5777e5478c002e89b3f7

SHA1
9aa1cd7cb359d40b73039903904912be6857fc4f

SHA256
64ba8bd21a1bf9804977e57f6b98d3aaf8739d3fbbb7830b3e8d44eee479eacf

SHA512
38ec608932c1ac4fd8023a26c04e2dd0d9b67e74a82383b3cd7add3cadb775d2166c54e02da0734082a6727b41f2a45e6f70c644f3d5c50e006d56b4699963ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\VkcQkUAs.bat
Filesize
4B

MD5
c2fa3afb18ee5ea393d2bf8aa40e2891

SHA1
8fd9456a34e4b22119d8130181144c9c4e4ac524

SHA256
cb19feaaa5b25d2388ffa883d5099094cd780695d8debd2d5d570f11934245bc

SHA512
dd4c64add3b71e6595b43524af86d5f1dd289ba3e73264c593fdb9f6a1ca5a5263494c61460d0e0e1ca9e861155fabdea0f279712162c23933e226573facbd07

Download Submit
C:\Users\Admin\AppData\Local\Temp\WUEO.exe
Filesize
233KB

MD5
684e089df68d5b5f5ac7c01eddb63add

SHA1
fd102ff5d4068e03326ec040eedd90919e0d093c

SHA256
3a05758e46aec5e6a7c7df06ffab541238209d5be799cd58024336eb76fe6020

SHA512
b941db8d91a0daba85242a063a2a0d9ea092aa8f7fd04e699199ce8cab37aa14a81c10c973ba3cdaa1d9ed3496d55e4c17cede200303cb6e73785678f80441b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\WUEu.exe
Filesize
246KB

MD5
38bbd5acf2f3414decbdf1a41a9bdd96

SHA1
559036eaa523bc98c2976c4352ca36f0c4757f2d

SHA256
bba94a26ccadabfc3ce0e30e1ad00010f000c0915a3000a1258f630eb4a2263b

SHA512
d626583717affc8cc5691acab1bcc5e7dee59f51a958488d44a9541a914c63030e38f3fbd54b039ef8439577d3a110277696379f2b8a31ec2c2888b650dde14c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WUwK.exe
Filesize
249KB

MD5
1f893bab5e6d64b1f2b6fec3939103e3

SHA1
524ee1bb34f6374849b498af4b039a77b729abfa

SHA256
c6e160c0ad8209c12f1aa1676b75946f67f49676233fd6d11e03aade3e501924

SHA512
76d10413b30587b95d3a8b812044b299663adbf498476a7f2c309ad5cbc663411e800e92bcc052a882d0b6519ea7dbc0d024423d4349b82d99b550f2c4ef70e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WosMQooA.bat
Filesize
4B

MD5
bc4f3dec152d3ddd115fe788b1f9e239

SHA1
b723302960d80df1aa7bfa757830f73091feec6e

SHA256
dc1749ecd0934c1743b3fb763ba03bd798671ae4418f85e579ccae856c54f375

SHA512
056e745bfab179acab35adb970d535437a65a5274cd9edab4059a6eae54283a5ff95855a75a8955d879995fd4ba03bc317a72357b57b72b9901750ec8ff5e78f

Download Submit
C:\Users\Admin\AppData\Local\Temp\WwQq.exe
Filesize
227KB

MD5
50a1e036160d8b532c7b09ccc4b7377f

SHA1
8b994f80e3272b464a50744ae7dbe9891d55fa69

SHA256
36eb53d62595aba614cecde56480882bdb52b0fcf3827510185b3513abaa3d97

SHA512
d59f02d0ed65eb9b783a89cfdc2cf6d5854f45accdf82c85c8de51cc8943b1a09542b4e3afb4e8930a63857b1493cb193a5d571d21c307f9b29282e58d8c2146

Download Submit
C:\Users\Admin\AppData\Local\Temp\XwcccUss.bat
Filesize
4B

MD5
09c8dc88e992cb974e5cc1363cf3601b

SHA1
2d681a9e117c874ab6b86cc8742a839a156df485

SHA256
af626df99933a807a11d0eafb4453867fb8393f68aecba833cecb08d11d9a1ca

SHA512
ccb216a8ff54dba8c846f64ffa54361bc231346780d2620a94cfa37c1711d2e3d20ee0f012c6c505f4367efe50af5b295feedd9a5fe970ddcfecc08615bb65d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\YUIg.exe
Filesize
244KB

MD5
3024ba6def99314423e7b721bbfd6d82

SHA1
f51dbfd6d866dad17ee0b7aea415dae4da69866a

SHA256
5cd89e442e95041d6905a1aab7156cef0867b3caf4631e89d5c391ae938928ba

SHA512
83ae3006159ee31db8f39582efd0fc0772eaa2c0748e2302993f67f7794954de779dffcf0e0c6424a282b1e81d42932ba8519e9072b5b04cec4546da5fb7248f

Download Submit
C:\Users\Admin\AppData\Local\Temp\YYAgIkss.bat
Filesize
4B

MD5
7429bce260171752aedf81d2aa9951e4

SHA1
e32b94c082c7e6c1b70eb971085280d571bfdb35

SHA256
1e9f0044dd46c809ba23ab353c44e92aa3219b8257652dfca1722b76617e0091

SHA512
1524d4402b06e2a08c7a23f2c7a5572e53d6a6cc977e33dee2b69ca2fd13fa6ac53e05f23e4e751d02b61c3a51aa687ba61a22e372c8549a2057e19f593c76a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\YYsQAEgM.bat
Filesize
4B

MD5
ba9a5542ffc53365dc12432ebfd54b6f

SHA1
48fab05214edf6814c5903238de4a6d4e27da66d

SHA256
1807b28d0fa9af70a0d37908e6d4913b6cb528fbacf5608c76fe2664690a0cd1

SHA512
208aef6842706546400a23a28f2680553abfb06198425437bd83e7dff3685c9c7ad2125bccf8e61464f8671d54ea46995e73b657e1dd9110b5824b345990852e

Download Submit
C:\Users\Admin\AppData\Local\Temp\YewYwcIQ.bat
Filesize
4B

MD5
354a402babca26ea2b4575f59a44b41d

SHA1
b61f5e248116dd6d1125fd22d7d671576b47631b

SHA256
8967cd690f1b3c65195eb090b5da21de7185a3b98a047216002193b7d1cf81ec

SHA512
c4f135c9c2efdf5960153fb8dd0ada05c055d5c6ea14bc6708f713f9c8b86239619d86e2a4688edd173a936a2f79646f72e65a3e7afecc19d30e09b873cafe20

Download Submit
C:\Users\Admin\AppData\Local\Temp\YgcI.exe
Filesize
231KB

MD5
bab22bc69d657a76b5a03f6e921d1935

SHA1
72e9adb5b0ca1e596e9132d8ea71c86f0977e126

SHA256
e8df0639ccc7aaf5354997f816dc57ac42ca5c599511bb210d4efdb551dbb78b

SHA512
76200cacd68f323307732ecf30284319489b38ea5b3ed2fe81cb74294fda5b8a05aefdebac50ad4566bc7eb737483603d3d11bde820e2a3844fa09a66d72bd2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\YsYi.exe
Filesize
200KB

MD5
58c76130b6ee4a14329e61c6b08869ff

SHA1
662b4216929ba50afbe4d63baca9f1a45a313649

SHA256
3d367d3261877cc54df32bdd264b59e3656173df9a5973e8459c6e8234f40183

SHA512
e890de15212bdfe22601698fa44c2cf4a7d5a039cf1aa2875d3f30771c03d6484f2102927313cafd171871a8f369ad55c7678c9be3dd270e77c8de39a4c62420

Download Submit
C:\Users\Admin\AppData\Local\Temp\YwIC.exe
Filesize
4.1MB

MD5
9c08a547f4274d70bdbf1780ce3da628

SHA1
7eebd9cb049c805dc3e9b55541c0a383fbe3a29e

SHA256
9384a2e7d5e66f93a6f3a31b024b7d9472dbf89005de706dae3a64a3d4fb6a70

SHA512
1d1b649046f12aaa9ed44aee214d26c78f6ac67b585b6d7ee4fd3e92aba5d240106d23d310179320c96215bf1becc2a365e59b2142468d8f2837f398274a6301

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZKcEgsUo.bat
Filesize
4B

MD5
488da247a9df4212a4878f6fe4bd426e

SHA1
46a77df755e831d30dfb915e2fad2622a7305bde

SHA256
6ac8547371fb5590e899e201bc0463679958a9bf7a1ba7b6659d8fbf0ae7ffcc

SHA512
24391657eaebdc4ef261cd4f43ce57978b897a6d022e459cacdd8775e884f1a62076caeced27082f52b6c82e9e62f97bed85fe1ee90f5cd79b0511eee5227f5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZYgIQMIY.bat
Filesize
4B

MD5
851428c62391a7dacbe90ab7d82db4bf

SHA1
4689a532b30955db07c13e7f3777a3e4f3c42344

SHA256
d98e6365d389fd172febc53967ec989f13ba41201c5b1cb4d2a2935423d2455d

SHA512
48d4b627430aefe87667c75d081a0df83fb97852799d1191ca52172f9136a591fe3835ed5529806025ec34590622a6d5872150634d30fb366ef55d7d05702cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\aEoq.exe
Filesize
211KB

MD5
fc5ea60260e0a835242842ed2f58c816

SHA1
3f4e0c6923bc6266f4ac6d5453e55030f4a7f749

SHA256
1422e662c2df1a43dbb7c869d09a2e29c016a4526430947fb7900c1f78b70c03

SHA512
2308c4fb2450e4d300f239343dced7939ca7990ee6733ccd677f4a03e6912ca2ea20d10ac56349f18d8baa3053d06ba46ff78c032a0d1c47423c6edc7e1613c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\aQcMUgIo.bat
Filesize
4B

MD5
74422a3cf5ee26613a777b81306214cd

SHA1
c121570098b16d34ac2c80f2066098f9f6c62c1b

SHA256
74c49d011d60ede4f934a3daf137ddd0c699a5c9163f562e6fd809046beb4f7a

SHA512
0a949eda16f7b583ffa6f93a484fb3005a5068e2e6248a791bf5e0fb943895a5c639a97178daf8cd83fcaa17227a0c15657d25e7349e737546419fe877671b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\aUUc.exe
Filesize
1.2MB

MD5
adce8d0cd1ce052c43e633c62dc86363

SHA1
385b2efb7a48b877d514707ea9f15441eb7d8f54

SHA256
624abcfdcfacf71d019c7b3242b50a77c15b3c92db6f96a94e9c8248ddfd9475

SHA512
5c769193f9630b4680d6843db32c8f91719344c569fa46b0e806d1597e5c923c3f3ab47f4524bcabe88394cf91e504ffdf2a5a046256717e0fa2d61e84aa3a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\acMO.exe
Filesize
204KB

MD5
3ca4bb6f21c3e07a31ff9bf48afd3353

SHA1
771d372bee973faf2fc5efdf7ca051a8fde9f209

SHA256
b0776a2f0563d145654e0cc550bfdf7d77e95e17a7ee71bfe11e78fa9cd19e74

SHA512
20a63b1b5b5b132c970234e65310809ec851e05a0687285a92960abf554c8a4dbb8d7013f8a436f19157356ac1f2469435c63a5b9a1dd8210922d1b27666384b

Download Submit
C:\Users\Admin\AppData\Local\Temp\akoC.exe
Filesize
233KB

MD5
58f8b543725b226ca5c58f32b4181bb3

SHA1
bf8e5918bf0bec80da5c7a0365bb586080210685

SHA256
6fd630abc01ac2f94f5313e79f082e39f5d804f3543e6f3fb55e342ed711c76f

SHA512
f2a476c63b4b331f70519fff5e4525142fbeaaa3a3673b63826515c30c6da45f7833fa332e0b045d6e388002f39ca829aebb938bc2b85f489659799e01f41308

Download Submit
C:\Users\Admin\AppData\Local\Temp\askC.exe
Filesize
250KB

MD5
834d6871f2677ebc32b360348d948132

SHA1
824473754650c646ca39966c62d7fe7df0a5b789

SHA256
fb15a068d3c13dbe3774887e66bd0ba7985798fb4ff9f8e006002fa7b36989e4

SHA512
e7ec8caddaf4a587b1e77bf07fb4d238143fa319fa3da350f5345c220632a1829af1c0fb324ea6ad2633c5de2e5b5eee40458d7aa01caf8e0ca9ce107d722826

Download Submit
C:\Users\Admin\AppData\Local\Temp\bQEAwIEc.bat
Filesize
4B

MD5
b829ed2bbaadef54a139156812fc78a5

SHA1
b91147874801a92ecd87cad9b77970c70097a5b4

SHA256
4a402c3eb338bcb9663c32071c86f33757d41fee32916862b98b48abdc6a98f3

SHA512
7e33fb2bb276c44e20ac9db8a45b61faf9b97141f4ca05e6ecb25277f38a82d0e1cde8a9ca2cac7ce8c0b8a9ccba85f2a09ee6728175c2a8a11f85abc4a27f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\biEQQQIs.bat
Filesize
4B

MD5
2efa57a7b8edfe86c6f7310e8575920f

SHA1
6942f6470715e0c636db248428e6e088b03663c3

SHA256
8a4a3eb531a5aaf791242844230c24c7fe71fef53b41b54e3f262f2952e42fb0

SHA512
00fd2ea9a2d506729ef58a1f5192cf869e1e54d5d2507d6f043d63a3d7b837bbcf08225defba1a6cb27d0bcdf00bfaea2cf74e7282fbe1e25d0a92905541cb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bmcMMgcY.bat
Filesize
4B

MD5
592077ea1996bc718beb06d679768e04

SHA1
8e274ee84acbad0758ae959ac12ca14e0ff38c12

SHA256
0fcaf062b86d0aa9dc14c6a7dd25160c4750fcd7ce6e04dcfc1911499b626770

SHA512
e98aaabc5fefd508203d79c507d52c85b0cd4a56a12d5ea8b2bc4b3c8541d25459fc32cda9d1eea61329339629e459e3d5b4f2dc1f0cd398fe2f9fa5b73c9320

Download Submit
C:\Users\Admin\AppData\Local\Temp\ccIy.exe
Filesize
253KB

MD5
f961e8f11e8deb611f91a940e2660ea7

SHA1
e1921214173dd3e16db752c40f1abfa0278d43ef

SHA256
dac344a88c1431a835b57d8696d63edd84a3b60eeade01736658c297189e86c6

SHA512
2ceba73a382112c7fb1353228e2f5a7585096e8c7e5e64035d0c146b5477a405cb782c9d78d48faf5c67cc92d2ce62488a0f083fc17d720006d6829ef2352b13

Download Submit
C:\Users\Admin\AppData\Local\Temp\ccMIYgsE.bat
Filesize
4B

MD5
63bbdb67cd67be02b09dc9e064831293

SHA1
291101f7a5572fd86609bac9a6ebcdfad2528330

SHA256
1d87eba5d0d690bf3435c00f24ddda67456555496812aaf191b62e209169524d

SHA512
b8d1046aebb480602b7d7aed283d623e7feaeb04c846460bdcacf7b47f94e75724d1d8a97cfe0e6bf73c46cffd281ae3be91eb83692804fe63677f9d25c9552a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckYK.exe
Filesize
239KB

MD5
36a4fb7697d995bf682673fd3fed3334

SHA1
9d5114e45d1771bf4ce263e43034b04796301fde

SHA256
3a83535b7f6b1d69db09c65e406f2b8731a59781ae0692d98307dfa2e4d7fc0f

SHA512
517ed55f12e82a27a771d9bace75f02a0070555c89fce2a2cd55bbdc7da4762582d621b84b1da5ecc46ebb3308f49d51b3160765493a8ff4d2fb38484ff7d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckso.exe
Filesize
234KB

MD5
4023a8fab310c988a41d858ca27dc864

SHA1
5390fc874845eb632c8e30442dc123ae646dda06

SHA256
4c340d1ee079b8590d4607b1fafd75c633ac0f2e347a7918f39033f7e8a16a1f

SHA512
33e6f07e58dfcef67485039cc12fd56a89cb0054f7eff34f0f975631891c310c53a1939312915145bb6474c819e001f673a6159e5e69bce660b1389aa07e5862

Download Submit
C:\Users\Admin\AppData\Local\Temp\cmsMAkog.bat
Filesize
4B

MD5
259e568bc30f3339213046a1b7e179f0

SHA1
bef78fa161f517b14e887546f8d876c05ec1f678

SHA256
a301ffa6b3cec37fd6680d281fef11cf0dab4f25d5cea1f11286488997a37dc4

SHA512
2836f034b094027e7a816cb523c9c76fe12c9b46a25fec37fe7b32e9d06916017972834b62739f6276a1808c50ce2645c919df407faf7102a0830c7a2e02dbe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cssS.exe
Filesize
208KB

MD5
cc98fa3e843d2926bae224abb92f5786

SHA1
58c8d813a5481ac1ef1924bc446c20de5f6e7397

SHA256
1285e72784b40494012bbd2b54972ab9d059de179cf2faf0405b9f346bf279fd

SHA512
09f8184ddc03a02b420980fee248860696cd603ffef696a40981de5487b4c15e7e21c667d3156429b0bc1c257d8adf7e3edcd47c922fd8a3ed122f2ae1f8ab29

Download Submit
C:\Users\Admin\AppData\Local\Temp\cukcAsYk.bat
Filesize
4B

MD5
dc75142b191b2478180389ae6e2bbb6f

SHA1
78732dbc9dc94dfab3e3a5c5963ee4f0b9af2318

SHA256
6b2462d1818e944d6b5c391ea21a22d0731b42fa9ee7f2b93f21c459369b6a9a

SHA512
4e0cef4372de82bd47bdb1d7cb3b191f2696e9cf45acbc5a501902259cc88114aa7172cfc8333e87b7240bedb5fe0bab8452ad71c5982579f7005fd1a0bc5831

Download Submit
C:\Users\Admin\AppData\Local\Temp\cwcK.exe
Filesize
231KB

MD5
b1531f9dcfcba783c40c6f2df34d3a6e

SHA1
329709657ced1388353b09065ef19b4b497ec05f

SHA256
19b5357c45e03f4018687a503fe3b6b0dc1636702fe91925c246f510d7e68276

SHA512
7b02d350fd4f611d6c08c8d588015d31fd9f968f1f6c7b984b15b30612e2d54585b57b98c54ba97361a4ffb4d9ffba9f9cbaed3f8011d892c29238ddae63e4c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\dGEUkQog.bat
Filesize
4B

MD5
c996e18cbd09a41cc8e4118d755dd596

SHA1
3f43533effa7f81e029fc6c35098d851a0be1d67

SHA256
4e6c8934e5b3f0140264c1dd648ba5ddde6c01f257846c39e2654826c0e84ff5

SHA512
31abca8db61b452e86104f78fb7a7cd9c3e01c1ffba15ba3ea10a5e0caccac53c0112b5747a129d98ef49286e442fec37af637210caa9978ca95e4c8f4ece6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\dWgMkIAU.bat
Filesize
4B

MD5
d6e415f77bf4b5fd111a48a290ff2ed7

SHA1
1451e175d49d27a286656a7d5a4793d9dcfd1f0b

SHA256
cab78fa08f0adb3143c2f2311a431bb991b9306fd6f7e0ef114ec01f0d174f31

SHA512
595ac9b6b3792bdb3970679018a5a4537a6195cf0f2303750bcd30df8487390d9f1290fffe9dc0343199546ef68e26da4fd4dbf8e47e22c9c02a4e3bf62265b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\deAkAIUU.bat
Filesize
4B

MD5
70464b10c20e72f943ede49fdcf8247f

SHA1
17d798aeb1be38759fa0c27ad03bfb9663a1e44d

SHA256
c7e70165d53e866984b1edc95bc001d31cca6f5fca6aac10062f2faa29fcc271

SHA512
0721ce9c687206ef8ea08a493f85e45954d7e063aab6b30d9f51ec95d7b6e5f34cc894a0c84cdac5370b815ea700b15afbd701281831b8dda325d32863a7d323

Download Submit
C:\Users\Admin\AppData\Local\Temp\dekwcUkM.bat
Filesize
4B

MD5
2a045c612e6044b4b7f388cf4a9ed31a

SHA1
87470767e8ed6c9cb65ad70047571cfdd5274c28

SHA256
7491398dcb6b1dd5f43fe548915a77ba7f2be482adeb91330af81d32d7dd70ee

SHA512
f0e115d7b85abe3a5c406ec0a4278660ce21ccadc68568dcbca6d92201463edcdc4c67dfbea909a897b82c85c0983c926ae62004e56dce9446cc7a9c527f54c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\eEIw.exe
Filesize
184KB

MD5
ad290890b0f2ea918f6df2a5aec120c9

SHA1
6f638c7b81dbdda628bda818c804d13fee3e14ba

SHA256
51ae3a2dc2a44f21540b81eda8081316a022892c207b8758b0653f556b297e42

SHA512
9a21738eab79666720feb0f2b5649176b98fb7caeed9dcf8a6039b82ab89d86f3b52698185df9f54fcb6f82a735b25f50fd10ef247984c7265e7b5e7e42c10d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\eEUS.ico
Filesize
4KB

MD5
47a169535b738bd50344df196735e258

SHA1
23b4c8041b83f0374554191d543fdce6890f4723

SHA256
ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf

SHA512
ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\eEsg.exe
Filesize
4.8MB

MD5
450fabac09828fa209d55bce1e34c548

SHA1
160a13b3d1cda8f816bf9a51469044f6e9d9e683

SHA256
b4be05f575f9748ec8a82f70568f58f42d5c4c853546d61983db78d0200b4800

SHA512
e5c063ddcb0ef76bd23b90dc06ded871eb95530c44ddbd8b990a1e5302fc9f6e12ffe4a31846a836ce616fb26c4fdf258aaaa68f38f2b8a0f11176d10960ddd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\eIIo.exe
Filesize
233KB

MD5
78d10ec81a76a4832ca1c06aee805bce

SHA1
743c8a47376ee35b394f160e2931a8f2c6254b35

SHA256
8aba1a339eb6ad2c29801d239358d7d258ac7060256b4b306997363ed36ddda6

SHA512
43deb7fae4df1ebe00d5a1c984b0507928670bede7e19bb89f8ce2f55e9224a50de96be74b376c5472843d68dc1fcc9c4c5fe98dd3558630a5a37f64a44e4341

Download Submit
C:\Users\Admin\AppData\Local\Temp\eIQEwUEI.bat
Filesize
4B

MD5
9c5fcd22cc96cf82be77e5e9f389f677

SHA1
3953d4ae08d7b6f0d260089d7b58fa01ae4783e6

SHA256
6b71f0c6397ba9e0a9f52ee490018d163af6ff2e4b58a79bf8be654cf1821d89

SHA512
ca5eca0b4500c6d6dd3c6fd05a09f1c33faf5d3a982009a3d8c5c9375fc4a27e831cadbf74155292f0b289ac00b8eb85b480ab0601f90fdc57bd3fabfc449e29

Download Submit
C:\Users\Admin\AppData\Local\Temp\eQoM.exe
Filesize
230KB

MD5
a487e1c9dcb53760c775b299a7a40249

SHA1
3b61534add392728439d86b2a1cd3c93d7c5adb1

SHA256
bdfb6fe0728f8b652a2cd4cfc6f3698bf6dcd249589d0b1fc8a07e0eb313fa66

SHA512
3588d55e31a5fe2ae8d9dcd51f3a7f05693ea908a39319204a2582a05ebb37aec9b7a57c339a09bc7af36d1d9208792771a0e73761c8525e23543154792eacdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\emwccAsc.bat
Filesize
4B

MD5
7257b71eccfed101364d37f528c09cd3

SHA1
6a7e1d181fd84bb38f63f9a1d678e23da397be28

SHA256
10d91e000fc24130f463252169e16352381f2cf4cfa52af6394be63cde31ed57

SHA512
1015b069e8640e35e99c069d59eb59c79d8f594958e55f8d7851de5b0b64ba020186dc65250d8b4f963afe90181c17c584a03bcc0030f9ef5100dbed1f919011

Download Submit
C:\Users\Admin\AppData\Local\Temp\eskUIwYU.bat
Filesize
4B

MD5
b4465b46b368b5206775e15743d8eb0d

SHA1
f7bbc9adbd3d5b205a7237dd891c2795c371006e

SHA256
8aa4fd4fb59b408412df08e5cc6d072a0f8ee0fe1f1ca93491cf58d419780db9

SHA512
9544f5e790e59e5d8457e2de5400d1da0a4052ba000f9af590d80458924c890f0ed7c50b3ce339c04314a47d4504b141e84ee66c157acc9d4b0ef8c113d2213d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ewcS.exe
Filesize
181KB

MD5
2844971cb3c4af47a0621fb7b8ad5dd6

SHA1
35f29e99f60e01a368458a8aa77c7750d9564996

SHA256
183cd9696dc49ec5b04bf1d62ed3cd77d2c6128bdd4b91a8f3aac50ab600d311

SHA512
9f25f7b79a4a5b423f7bc9fb358694ed37cfa47a16fdf65960d783035614e9c9454314ed3034d346d3c0d40977b84f43817774bcfc9d85121ea2746b645366f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\fcAEEwEA.bat
Filesize
4B

MD5
7a9db4f551cc536025ecc0227a529f49

SHA1
5090ba10868cf335b3cdf4c3e198816dca4a72ee

SHA256
ae97c24126587bf3e8f90fcd1ff5a2549441978204a66103459b5473f9a30e59

SHA512
9046805e5712e0ef3c6f5d6be82f12b217caed8bf900917c3e0ced5ae4be0ff4dcd6fbf04ab533e14e6b1b62788884daec293716c4d9fb99a303b19bcc58f07e

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.vbs
Filesize
19B

MD5
4afb5c4527091738faf9cd4addf9d34e

SHA1
170ba9d866894c1b109b62649b1893eb90350459

SHA256
59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc

SHA512
16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\gAEy.exe
Filesize
235KB

MD5
7c35f5c38d179dbbc6a70171b3eeef81

SHA1
a3cfe3de3867c05ca430a44750b9cc2254302625

SHA256
560ae64c2c70fe67006f0872f284cf3b26681ed736569c8dc3041fcc0f151645

SHA512
69c840c05a749d81852d096f29f57f5d655f0ad7705737dacd7bf1d21a90debade94b985f70b226695de58d4fa3bf74093896bbc9df82cc15d70b1ba194c51eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\gIcE.exe
Filesize
190KB

MD5
bf42d0009dc2346661e6a8438227afd5

SHA1
ab7413ba0cd1fd69d8dbe7739a2f36d52c2d6f69

SHA256
d5b27885944c1e82e7b9d6c36f073d281b899527568912ce586d2f3787288d24

SHA512
3969bfea7e482524d3f4941d2536ec7600a0f1a795605535587d178e1cd9aa8f0d5d896b8dc5aa25778d2d2bd87994906439687ed30c54246d793f5b9ceeb55f

Download Submit
C:\Users\Admin\AppData\Local\Temp\gUcM.exe
Filesize
239KB

MD5
993b7a1acab86ae56c7cd78b130560ec

SHA1
06758a4ffc11bebf5af6aae7e6b6411653abd532

SHA256
e6ce9c54ecbc2510f7a4a79b7335590aaacae81c5af6dce042691a6f211e655a

SHA512
d2f47c4cae9c4cfc839148667023e49beb72e3ca9c9970229020105534ddc1ed4526854fa765ec105df4bc7ece0189455a2d37faf06a56df89f6a482b71941c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\gikoUIsU.bat
Filesize
4B

MD5
91ae9d3a9fbaed0d83755ddda94cd425

SHA1
fbef45f8dbf35132fa146a02ff98b4bcdebd13dd

SHA256
517bc0e85de014a20beaf02bcc12caa20c69a274f7e2e3a5175df5f9538e3fd2

SHA512
292d2cb28783965576a2f3ec63b4d93f4f7db5ede89a765417476de255af3740390046f642cefacd65add5acd66ce965bdd19a897de1a6e5090438a40c8a9dd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\gkgI.exe
Filesize
233KB

MD5
b0026150037f1a2248972ea650530407

SHA1
1da13ffba5bb07a2b365f2587aa28777ff5ec326

SHA256
34ee6287ca636278fa12e5282b71a51be1816ffe41b2520e7f6215d819cef63e

SHA512
bc74cfae68d1c82ca6ae45bdd818e1ad72e83f8fc2921287a3ca39bd1df97f5dcc7e3df28d3e19b8c828f7d66db9d3905d8c59256d78ada7b68cd9dd258a5a26

Download Submit
C:\Users\Admin\AppData\Local\Temp\goQQ.exe
Filesize
242KB

MD5
22f1faff27fc036d8ef619927b3f8ea9

SHA1
0c86d48d1f02e689a498df3ff57ee5c8e8478cb1

SHA256
4841eb3708ecefc205edeed506c93192d5774adb62c397a076795e0ea9a4c709

SHA512
88e553901aab00396d0d89a8205a2e672886ea8ef052bbe80d49ed343b9713767be30981b9c23bd4773d3b32c18f188d958af013b67feb9a7bbab42f37a3ce20

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsgi.exe
Filesize
998KB

MD5
7b897414f6298b37030bc5e925c1279d

SHA1
f9f86374b9b688d663cc72ef72c0be2304c5ea55

SHA256
c5153fa073a9fd35ac8718c95855dcdeecf8e623c26a5f49dbff75834214843b

SHA512
6b536e3ca13892ba06d34c1bd659087f3649d1db9292dad48a23f7f18b865f21a48f1fcc10049229303f76b119403e9d2d0237f24add74b96fa1409b03bf5724

Download Submit
C:\Users\Admin\AppData\Local\Temp\gskMMksE.bat
Filesize
4B

MD5
c0a8f14bcd5e608070033aeea309bf14

SHA1
e29f67d71966232e12874c26ad238caa1448aed5

SHA256
e75de3da6f5b0599a6795877c5c86e423443acbc49de04b9fa9c3b12af76c1f1

SHA512
fcea37e104dbe5146cc64ee9c3ab7542916dd2f058ff853f148c31e52f2551f391f3e67a5020fee6d62715e333811c7c0ea243954f14dfa594980183f374f0d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\gyIYYAEc.bat
Filesize
4B

MD5
905d434da10d71b9e467023e9076f8b4

SHA1
cbf2656afb4a93f69d915062fd996b68e5f34408

SHA256
61ea8e71066f2f5fa66d2aedc0751123ea7f1a3bfeaa3202581359c8c9637f5d

SHA512
77ebdc189fec5b392d0192fb0077fd4ff44cdb97d43f4113be663983f9f33bafaff97e21c59660fafca1cbb242db16584ff4faa311db827fadb7f5dc217dc35e

Download Submit
C:\Users\Admin\AppData\Local\Temp\iMco.exe
Filesize
317KB

MD5
f8359826848df059c617565a30cbd95a

SHA1
a679f26f997478213871f8b6ac119cfce206382d

SHA256
84b2136493688d0ba12e33aada0d8b9cbcd40ae3ea4c1aab18f71dfc1d28f1e0

SHA512
bfd2cd8322e6a6ab1541ed9f1a76bedf1feaa89d498beac53a9070de8d2e12fa56227272ecb2e06bdf802051b8671699bda8490fd0ff3c8a6313e26782258071

Download Submit
C:\Users\Admin\AppData\Local\Temp\iMoC.exe
Filesize
204KB

MD5
d3330b2c6a2bffc7fac8373541ce9237

SHA1
a124a4efa39e0a66b5bf04e350aab6eea926b695

SHA256
3dd89798f2f862ea6c15c6fd87017254495dbdc7457a8c2911e8166b9dae138c

SHA512
4e6a5fc09f165ee01ed475b9005ca8a69c3277a743ad81659e111748eaf33f909e0dcc2a52d23fbb48cfc71210270b23ff2796c0be4fda5074019fc250463578

Download Submit
C:\Users\Admin\AppData\Local\Temp\iQEI.exe
Filesize
250KB

MD5
303910c3ce07e4fb84e3176e4b61dbf2

SHA1
0e0a228ca515d5a7f69fd046db13039b1a4c0091

SHA256
3b5277ce5dbf532ace32950930b2173c96cb0fba32d68346699962b10da20074

SHA512
42024e2370b8f23e21f451de4e90b9109b96a693ea9b5652fe1d8e92cebeb30b0939bb29071036d6de9a1c93a9435bcef374ed9394fc54ff9f34f2b03adf0fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\iUMwwYEk.bat
Filesize
4B

MD5
dbc609cc8bb591b283b519d7ed6289e0

SHA1
e1b15b5b3d5c89fff52c69967d310438f3fdef85

SHA256
7be54d4bab47f982fa17aedf9ab8923c7487d02f27e7743d103b62dd76e72644

SHA512
ac6a929224fac451c3bd829c80cc2681ca25681161ef8e1591533db79a0ed5ff9b1a1f0185dc28327e41911ae157c13f98b95b978b82f66a6eaf937ff36631d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\igcY.exe
Filesize
235KB

MD5
d3a39472b154c53702310c915f49c1b9

SHA1
01ffb234571a473d54d840f10dbb19cf3f96bf3f

SHA256
f0b05073923602e1055d2ccccbfffe04284ddaef0ef27ab0f44c4c114c536791

SHA512
ce2822d0fb5834fedc5f9df364f7ac6b1e4b2f397161ea522224275ca896a0652a60192633578cb5113c7c38096f8bbe1bd8b4a6dd1453bb84956b8e9df98728

Download Submit
C:\Users\Admin\AppData\Local\Temp\ikMm.ico
Filesize
4KB

MD5
6edd371bd7a23ec01c6a00d53f8723d1

SHA1
7b649ce267a19686d2d07a6c3ee2ca852a549ee6

SHA256
0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7

SHA512
65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\iksUkMcY.bat
Filesize
4B

MD5
4be4b8188f0f8558472f33a59f07f6ac

SHA1
bcf69009e2ca6faccfdc8f679410b07b651aa600

SHA256
56633f654c71439a6b73dd28bbf6e1a46516b9f591b5efe42db9243b434cf6c7

SHA512
ec01c9acf5a07456dcf28afbc7b116a009a0b3d1db96db0ca11c33852759b40b4155ead6dc909b6a4a27d957828fb052961d3af9a6ba7b039685db85b5371245

Download Submit
C:\Users\Admin\AppData\Local\Temp\isYy.exe
Filesize
199KB

MD5
8b4bee36703f02ac9d72c409c2aab20b

SHA1
1acc284c3267e3148ec746b3b0ce05172cfc6e7d

SHA256
a3b5b9c29372c6f9c654b8a173963ff021eb09855d3150e9d5d6f706caa966d2

SHA512
0652769b5460f8f76cabdf15a6cb6c277316b1ad1828d70288318f6b525a6c7f5d3351f5e839b4dd9e67e5d7ab851433d352edb8abc672d1cd079c4c0860e30e

Download Submit
C:\Users\Admin\AppData\Local\Temp\iuAwwUAc.bat
Filesize
4B

MD5
d73ff507d91e7bc9431bd25bbf2e4c24

SHA1
3908680f1776da7524c359586f5109b73cea8ae3

SHA256
b363e63155371b88778d9e386c2d62e59be80786e248613483226576cf112897

SHA512
3f0ae2af94a23eb56853685a192d12586b365d9e6b8d1287ab2ae4d1cd07c292890c0ff2eec3a20d3b99116f5ba2bde057dde4b4301ebc395c4ed8a22047cb2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\iuwkYYIU.bat
Filesize
4B

MD5
5d10453a38434b28b0186e4e1b963aa0

SHA1
c664f8b8a9ab6f793aa953ce5cd6605cbbaaab67

SHA256
0d49f7f7d3c0eedbc6ed24dfb571d7e28fc427db3f81e053b4f2d51548c2774c

SHA512
b41ee7add2d0490c5b57320041051c9f76691917be1293f8c8a320f7bb730a2e6453e7519b09f4f2e4a1a85e40d000a7f45fcfe6c5faa07a95cbc8687d248f5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\iwQm.ico
Filesize
4KB

MD5
ac4b56cc5c5e71c3bb226181418fd891

SHA1
e62149df7a7d31a7777cae68822e4d0eaba2199d

SHA256
701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3

SHA512
a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

Download Submit
C:\Users\Admin\AppData\Local\Temp\jIMYIAsc.bat
Filesize
4B

MD5
abcc108b94046eff381e63b46260b95f

SHA1
8c1f93e1ee948ef316a3961aa4d8b79d3c123e59

SHA256
f74ca11db87d8eb1d3fd52ab8a9b2dc599a7eccace917e4b526782897e838455

SHA512
991ad86b698bf4784d8b542fee89fc7fd0d8e5133421a33ed9cceec276c565faea1ca11269094d757a73434ee54e172f26a87c8364519757d3249d780b5276f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\jIskQIQo.bat
Filesize
4B

MD5
eed2b34abbcf4178201bd1578177e5f7

SHA1
838d4306a90c2107ac675bf3daa3dd787a38cf79

SHA256
eb4f2f2c9edfe1fd841a166fb7e141d663e50a24fe6ab9f41d0767910bc0304f

SHA512
ebf10d6a50f5fe6eed745e78fa9d90adf34ecd3253d80e19c745cec2fb9930955868e3832d8de1340f69a688dc512a82d8e1744be55dc4b588398f6780df76d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\kEQU.exe
Filesize
251KB

MD5
dc5770f19b0c272d47b32a7d3c785d2c

SHA1
57df29f9467a163ec18dee3f34d7d99cad4adf28

SHA256
4b0b47ba924baeea67778a367571a28b9575623f64d939ea1364ebf570e1aea2

SHA512
5699959803dfc81fd6d1cc8d82f54a8dfc5198f17642c27faa930049d3785e7e214fe130ccc2c4500eccbf99c71ee4acc6c87ebc28b3430fb7794b164dd1dae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\kEgc.exe
Filesize
234KB

MD5
d8ab22a56f4f49d31057cb56923f9a2a

SHA1
eb328f1788109fae91e30e3a16306e54d63f9b93

SHA256
ea3964ad12bedc8442e3c2f9efddfc613044f5d1126d98a42569bf953429ba9d

SHA512
218680c889a8006b1c305ede2b4392ccdbf43eeaee3ebaac0336a7d611c81f8f7535e7514b7f6e3d92a3c0945715970e023835f70230e8dfb9013130bd293e90

Download Submit
C:\Users\Admin\AppData\Local\Temp\kgQe.exe
Filesize
322KB

MD5
e6548c159feee996dc6109a46f922c92

SHA1
294f2e0c3d3186ab35ede2b7a540e9084e33a0ec

SHA256
f372676ebfc0dc549ccd264a9c76ece496d6688b2cfc2223e29ad1ce5e660a10

SHA512
a5d8aac221a0c87a4827706a50f021366040fd6c723d56ba1b86c2554396d4a5fe6609f844eebcc3d5224e2c0ca0d4b0a56c87f9270bd50fad8d3249e8b093f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\kgoQ.exe
Filesize
236KB

MD5
d98008a308f5cf0e109087d05ac407fe

SHA1
fbf024d650935dac0a0ab18c2dd80587d67b6794

SHA256
5861497871617bd3f0489d9a500c1279de136f1655de8e6c6f1bf3089a3a7b7f

SHA512
498e9b29e1978b3bde0896bbb3d696df276e48fd37ef5009a421d581afdff949221da483dff92271c9b811e566687aa985bae4cb2d257fa21b68000d07302088

Download Submit
C:\Users\Admin\AppData\Local\Temp\kwUG.exe
Filesize
1.7MB

MD5
0a00837b3b334e6769fb854aa3e603ef

SHA1
b190bb31fdda37e2a532ce119dae508967b98983

SHA256
5c4539d0fbfd86900fc88299e393b08230bff5ee9f2c8d4f8af984c66dcf66b9

SHA512
2fc194d9fb64acf2853e0abaf68b99c52571f4ff2e961dfae878aeda695b5e667c92b543b7331525895f52b131281c2d5d9deb301d15ff34fa93880e77dfe98d

Download Submit
C:\Users\Admin\AppData\Local\Temp\kwcG.exe
Filesize
1.2MB

MD5
ef2d04633d2fd885aedc497d90f02ad7

SHA1
276d48bb545564e2d2b514bd62db7c487910c1b5

SHA256
b2327cb7bf25bc1721ae3f8365843c72748b97165769041a1a5e6bbb0f47baa3

SHA512
0ae9f76b73091668b713b5da37102cff1cffcbca9311d4d8f3f55fa92bd49e7c0d4ae9e18db01155a8d8825d9df25e2c7f14878c06e32df228c676bf6092b1fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\kyAEAMwY.bat
Filesize
4B

MD5
4362242882889cf1d5fb3f36367dfc92

SHA1
3f787c7ff6dc847d0ec83adceaf3fdf05be3f240

SHA256
a36de5b569fd888ed41c5fa4b1d2d2483c07a7558886238c744826c4ae2f849f

SHA512
f6b57574f270ee04a9fdb31f007907d9eea46287e157d66dd351746849063d36a419cc44f49839a22fb5937b881cfb43a312bf89a1656c65ab970ae869e4e11a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lYAwEEAw.bat
Filesize
4B

MD5
34bd7e3520497f0467cf7fd7f6af968e

SHA1
b9e3d932c0468254dbde29ab21ffbbc395e493c3

SHA256
fae2ad6f1f43650e1f70ce16a23f72d8f589e43c7047b75cda30d29d735d0ccd

SHA512
1730d7821b3735b0c04c06a36cb172997ba6ac790f67b74e579b9a888a48717ca040f5302f06c165bd50738ef0656dbd6cfeec875b595b2f079e1cb981a13310

Download Submit
C:\Users\Admin\AppData\Local\Temp\mAIY.exe
Filesize
639KB

MD5
9d9e782a3cff839bb56c7e23f1ff9316

SHA1
a77a24b923ad74bccff462f9b654c63f46f0ed37

SHA256
106be090bebbc3496c262c0d5ad206635e7130a54eb99753ecc9764efd57ac34

SHA512
1d0d3ea4e7dfde8862686e1af070de373eb7af9639881ccbe9b052b12d155a638de831bbee24db2ca492b8922a583be976cee15fce1cc3e6366abe48325b59f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mIww.exe
Filesize
240KB

MD5
eeaa563baed141657509bc1a1663bb28

SHA1
ccf196c4d8841d27d10e4f7f53813b0dc29603b5

SHA256
75961ef7da0866eec5e9619b699297b5e70804e1de07fbad6f792adb12770464

SHA512
41a09ef9d6b9802b11688de60c43414a96a7d5a934059a79581060f03546f16a55e353947936c60e1dfb460d9b65940bca16d79bb9f4495879454b206cf9821c

Download Submit
C:\Users\Admin\AppData\Local\Temp\mMUC.exe
Filesize
319KB

MD5
e366dfb9915c14a792d2e5c44e7004d2

SHA1
a518c37135022a2dce5b822ffbc9fe6501cd1855

SHA256
05a7d86452d645674a9598d37a9dd452c99548e400f9f2749c49c12007177362

SHA512
6c810058191a5853501f7d89629c00556b3f98d8bb800e0e2b498627b0267b99731eb18705cbd915a0f65dfbebc5b3c255852b7dbdaeee2f6ede286b81f30f74

Download Submit
C:\Users\Admin\AppData\Local\Temp\mQEG.exe
Filesize
250KB

MD5
1195ab260567c81c6acc191ad745e0b4

SHA1
1c2c46c3f2dbbab0fb58c672e15bd988e879a91f

SHA256
f62e6eebc3358db2bed2fa5b713a90c6ab385af46c4bcab78eca36ce02ab9a6f

SHA512
0a80ed168815da9fe19122d9fe904f82fbab41c6ad780ade4071a3d145ae3db7128fa779f27f2dd8a7c71511652d15cabe9123b7f52c421df74ba2409a393327

Download Submit
C:\Users\Admin\AppData\Local\Temp\mggYYMMQ.bat
Filesize
4B

MD5
553bc70c39be8ecc7568353914ba9f3c

SHA1
4eba3f71e431db8bb0c2f192c001817748f4b416

SHA256
9ccb6af614666805ed1b7a0d45e05f2ac64e509bd8f1ba480603c51d78b8889d

SHA512
c5e03155cd719a04e9277760595821cb534d4489bd6bf21e7f6452e3dfe0d577d60719ada4536ab87f1561947457abc9536071e72f425141e85b05d8a2321dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\mkwUEoMU.bat
Filesize
4B

MD5
8d272810c4d015ff46cc1d7391b4decf

SHA1
66b5cf230437c2203c7cce3864cc6d66177438e7

SHA256
3a3bfaba7f53eae125136efd31be92a94d9fb93b10eb2bc396934b51cb9e903e

SHA512
c017d65d7b77ca0f5e207866163effef78cd6bba392262b3d023e038fc189df5e2ee76927b601a01ff6f290576c51e5af9fbabb77de1438979a19361877c021f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mwce.exe
Filesize
206KB

MD5
57e76bbf237f08587a0c8448a90eeb81

SHA1
a6436fe833e6bdeb3cf5610ca0dc28766b0f22e8

SHA256
a64a48578035b0c454a34ea2399785eca6687b37473811bc86fe9b9c4b80b2df

SHA512
1fe408d1e58baaa67ddac293f78f21f1a8b29999d9d5ca69ee380829aea884cbdf89494ec6bf19f4eb148c7aec1bd46efb0bd38ff9288db3453e1663146866c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\mwgu.exe
Filesize
245KB

MD5
5eed4970c43c1bd95709ecc1bcb65ae6

SHA1
5dc92eb03ab4ced670b7a49931ce1b537ca4a186

SHA256
56bd220bdd1aaf56e94733e5f9ef4474fb01598035a806f575998f1a0bb5ac80

SHA512
8c13b7cb200c3f1dd5e0a1fd5f49a88c2164edd09c5fe9b9e9451268b42562fa779b6ce1e4ae702fa29df06a80e60d71082375babdcbce59d95b8d172465005c

Download Submit
C:\Users\Admin\AppData\Local\Temp\mykIQwQc.bat
Filesize
4B

MD5
cbffbc9ee0505876e846a1d524e4cfb3

SHA1
a4d307520e5bb08b774066e0e55db186c91f2628

SHA256
777667f1f461b0e39578b26d9ec49a7eef790477edd198a3bd8ca44c77f42ef2

SHA512
a7b29f932ab2507aece20cd09a547c7b8238ecf8d484c47463ad8501156e68dc700e42502d027fa3e4878409d9fd918a75ed55f10e4c30cf65651e35269f1ec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nyQIcYMw.bat
Filesize
4B

MD5
555fb831aa4a9c09b081bf35b94c7e68

SHA1
dc2cd2e750d41cacd3c7fbccb27fcaa67b6b9f4c

SHA256
2404ba3ab8e05a920273189ffb266770c4d6448b851179895e6ee75482caa02f

SHA512
189650d900d36e1dd1c293e47a4131fbc0f5fe2735a82c631b8c0bcda989d2bd1ecee56a3861368bdaec07faa543f4c50a2ea549cdfa84e37374ac255396c4f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\oQcA.exe
Filesize
960KB

MD5
a60864a044212ee54a93eb5eea275233

SHA1
0302054ef888c35e99a0fffe6126db753d9b14b5

SHA256
68d52b9adfde19d08d2c56af32315a4ec931b0f598bb641e9977666c6a926843

SHA512
bc23c618007b65de6074ef468838fcee352f98d8ddc31f1ee3ff3890d816658b629edcee71bc5fc7234916dd0350dda4bbafda87a048a7fed9d712c2c51e0f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocEUMYYs.bat
Filesize
4B

MD5
2983d7b884cd4e62752b162249e2bc66

SHA1
f374a171b08d7040c18833bf768fcae6404afde2

SHA256
f3793b5f5f3263f35d7d66d2d7bd63a39ce12131d28d105d537aae2652efbc36

SHA512
bfd6a1ede2a96477d3ddcebb25eb6c9170405463a7794f6733e40e46fa3ea53c61e1d97544655ebb222b0a325fbc36d47bcd7b6d6643ac54a1b49192a5ebe8df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ogYI.exe
Filesize
219KB

MD5
b3cab56952b0b6c625da75ffcdbca545

SHA1
339a7d61e5cba05f3d8c57590eca827d5d4f48d1

SHA256
a4cecc3e623ecebb36410ed48f21c3cf5306f0f4949585e3e9f9ff487e8f30ad

SHA512
64aec7129c81d56bbd36310e65168a02c229838e71f126705514f6351ba7205ed3f6b0f2e0cec2dfe3bfbf1c1309d983bcd43da3b1ad5a662523f7be44462fcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\oiswscEk.bat
Filesize
4B

MD5
7c23f398af02b5f6d0e55afe8e595229

SHA1
75d4ce6225c63616087353c6d15f0b4f5940dcda

SHA256
4d2da5d7c5d767ce97c015f6f737b5c7eb1e9cc8250f0c30a3218ea5a0caf181

SHA512
6fceaa498da0f556b51e2136c6c25b46fbe4faecb6f667bf2435bea2e6e119199e9426f6e91e1b1dab7597938dc279d13cbffac928f151f2f1f5d313f757d4f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\okoMsQkA.bat
Filesize
4B

MD5
d80c13848cf0db9dbef103e5af24464c

SHA1
2e5fea8935954621a27cb40ef7f281f32277f0cb

SHA256
4c9d189d667f4b3b97ccf5ac259a876ece7c531621db589e9c2f1a35e8acb94a

SHA512
e8ea4705a0585a40c70f0b77885a39c80ff034b0bc39b578a8b73b563a12ca88990d175741614ebd7b052d0f2388f0f2242557eb6969249d5ec87fddb1e62860

Download Submit
C:\Users\Admin\AppData\Local\Temp\osAU.exe
Filesize
236KB

MD5
0225899114df70bd8c6233e04d618451

SHA1
28b759b4627300e4d688632d4e0f708dbca5a02d

SHA256
a9fb0a21ee43ace7506e6b278323ab3afe2cb66bae27d0c50174bd3a11510c7e

SHA512
12b7fc0268aa28f7e1106473ff8909d43cda3a2462d504146358c2e3926b319ddfbec53c0790cb5a5f683478ecfa2fc40e365090e479e0a9d58aee3976650d1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\owIkkIEk.bat
Filesize
4B

MD5
2aaca9d45c8a344de098e4a8cf2bd5a5

SHA1
86bd4d047790e50f136f2530f8949a2ac0e82595

SHA256
f7dc401a005e68535d4e02d16a3e6a3edc1f5c7639af061b090c9d3c128bd941

SHA512
f55578428f6edad11ebe29721255bb9513c5734033313cfa9b95558fb73eefee559273a91d4044301fcd467198574d4d5ac1142ce0901d500368f15a031ea6ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\pCkMQoIQ.bat
Filesize
4B

MD5
e9013eec3e9279715afc808b61df6e1a

SHA1
b496d7e7e73890cde26b74505c359faac025f17b

SHA256
57ced6a4975db7b64655939b11bade7af804023881507a58f9a73c7e2f0565e2

SHA512
aaca5d95a0e57799088ff3af9ababfbbdd489bc8b4eb90d40a46fc3b72c8ea496b7ac5df66e54b5d6c4b77a92f5be34921c6fc8ecf618529e6c197a52023975c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pGsMUssw.bat
Filesize
4B

MD5
6f8bd6653eb9ae4658c5b2819172b407

SHA1
5a641774c0426f85efa9605c670eff1f773da238

SHA256
eb9e186d181b003adc3894924c34dfdb3be31f3b9f648e8dd885272cd012d823

SHA512
951739327093120ba03d6890cf43bc423fd8f9b2f60007d5deb88b06588b9fe2b5af4b0fd5998fa5b0032a2880b085f4f451dc0042b2a01b145c61781d5dd27e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pOoYMEkw.bat
Filesize
4B

MD5
d027a16ff5bad07b1f3503a3c470ec8e

SHA1
f69bacdc798ff35289a0e015f61dd699b0575f5a

SHA256
a56e8471f482edc201effd6e1c70abf3368ce12be3803f326606e6cd8f840064

SHA512
5111a42388f9f2acb5d5875e5ec6ee880177c6361606a7cd057dbe98b4f7194798749925dcbb4e964fea5faeca252fad0a7b42193c969bb21e610cc2986a5970

Download Submit
C:\Users\Admin\AppData\Local\Temp\pqUIokgk.bat
Filesize
4B

MD5
96c93df2fb75a05278005f514d85eaec

SHA1
eb64577dc60de87bf3f744a7fb2c44d3fec054a2

SHA256
ea576c09a0124e927145ebcbabc79cf76ec6501b1de2b8ce10da01c46d2f7acc

SHA512
68e310f67fc0c1e189361d3eb4c45b0ec5845c56f4fce1aa8cec9ebd701a9e4f29b90bfd1ae71bc119d02590fe38dddcd156bdf6e7ac16c0ab5045deeb0bd9ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\pyIggssk.bat
Filesize
4B

MD5
dfd386ba97369e49aae1c183877b71b4

SHA1
fd209ee5f0e397354ffb7628407da03cdfb43675

SHA256
0dcb99cc293123921db31c1daf1bdfac8f0ed8870136f5ac87d28bc152dbdf63

SHA512
01c439675157ac60800fc36c5e009c5739201a1b3ea3c6350ed01372fb95f3b02178584f5f93a3a183b7e976e5fed58653a6c6526f56dead2dd24033346f190e

Download Submit
C:\Users\Admin\AppData\Local\Temp\qMkE.exe
Filesize
245KB

MD5
0934c14e6bf87d32ea55c287cf2059ae

SHA1
63a73af2844364b69c5cc904704b194490a995cf

SHA256
f124270aab4da7ce4602c248d5d0c3bc72813c8a755baa087a9993ff90bca224

SHA512
bb5ad496360149e861ee917fbe3993c172c1331f52b056221f8c658983b1d411520d08c103710ec4b00b40c2c540a77316b97e110ec00f498207252836624f1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\qMoQgIcI.bat
Filesize
4B

MD5
c38eb1ee05dd43147311ac4ed0c06ef1

SHA1
599a328b2c43dced445b61ec83cafaf8bb2a60aa

SHA256
acc3b407d4c1fcc2a674676fc5faefb9bb2e450166803355b6b96178729dbbb8

SHA512
817ba61dae3b53fb8849b6760fdfb066a2ce6d675d0bfaefd250b688c8ab5d1c70f2cc0f890b54a7b96be688fa024209c497b904b9a7942b5cda99683935aa12

Download Submit
C:\Users\Admin\AppData\Local\Temp\qaYUwkUQ.bat
Filesize
4B

MD5
6a93ae91d74f05b90c5f993adc28a62d

SHA1
6a3d57601b01fe4a6df2ab12dde4c87a68b5a747

SHA256
ddcdb28183f15d19805a3cc3fa453229f62d923512e4d694cc26da4f2df43bf6

SHA512
d4dc055b1f8a4fc84bc514d10e2ccef2d3e706aaee7f6eeda712bc9c697d402039ffacfaf75bc2333744a6830cf0fb8d8f549cbeb68f76c20f74726a86d81b6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\qcoo.exe
Filesize
235KB

MD5
3528a3af05f855516d13633b876a3b50

SHA1
af8c9cebc0aaeb6c2b34fba7866b56f566cc675a

SHA256
8c0447aa5a265b000bd9dbddc41885fce6f0db33a07f63db812c3dd6f087cd5d

SHA512
ebb39368bbfc30f32c559b3c8d7050eecfed11f8f7ac0dc5c2fd8e4a0da814585e6853492736fdd93180317182d91ac5c6309bf17923d0749bccb199213782d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\qgoU.exe
Filesize
238KB

MD5
2bfb89d92ebf582f5d7cf3801dddb3e9

SHA1
2b5bed84d1d21b428c18395c8d3c4d80c53ce1b7

SHA256
ce9081e44fbb8827bf893a43f357740cd4da45646153fa38510d4392336236f0

SHA512
f4a2908d6e126e930cd7858f4f959280974fc8d2d6442f8f5a7412f0ec30ff56693319adc0742277368525c82a9342cfaaebdb6de0fe5f09df44d6e17f966b5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\qiYkYIgw.bat
Filesize
4B

MD5
7ecf2311315f5dd0da6aa31b49faeb36

SHA1
1a65e1eb7a30ba134db5da2f896f739589de8264

SHA256
625c923b9db1dc1fc7bd661b74cea335487bb8d27ecb02615ca5fdbee6412847

SHA512
3cff0cd5aa9b3cab8d16b7ab265144373e070ffa5d12901e518f0edd455e0a6248618c9c58e9c74233dbb915426eb6f8dd8b76e8caa80cadbc7a9a8728e5bed8

Download Submit
C:\Users\Admin\AppData\Local\Temp\qkIc.exe
Filesize
588KB

MD5
0d86ee7aaeb135c4c588efc5fabbf230

SHA1
7497b215bf1419cbe26687ee938d360248975c67

SHA256
0d45c3147969ad5bbdf8016a1e786c5550e6ca177f9cbd995c4643aa4780e650

SHA512
da81702ab6a5a04436a59cc2c816b1063e1bcfd18cf0da49fe53f6612520e5672a0743e3c60bafd9cdfe10f99b8518e963b28b899b5fb0aba14683697bd187dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\rCAcUYAU.bat
Filesize
4B

MD5
91e5566faf4b0189683ac8f58ede4157

SHA1
3c93d68dfa6e3e2e6b569e85cc7582e4ed20ddd9

SHA256
9d07c05f8fc4fd74237ab9c864e6945c28a0e1c8f78b186207375ba986b4ab7e

SHA512
86f44089fe91a4c0c9ed035762c5d2580b191f8080299080d780e4f47b34e713f7b8b5a22078349bd14de4370c9e8eab0026226c250305a252788bd67d9bad33

Download Submit
C:\Users\Admin\AppData\Local\Temp\rCMQoEgQ.bat
Filesize
4B

MD5
072d99801157ba8f067770546aedcf06

SHA1
109f2cbdbd05818bdf73bccb152c93d732685acc

SHA256
28220356e991e4eac0b0394d7599449754acde641b1826dabd46875f3a3e7a6a

SHA512
982be85431a8df4c39ead9f1d8bcdbb637883fde912c45f405909a27f6642b006a9319869a4d0aaf3bec02042d5c238d7948c0be00a9e78d1b8d84ff5682d5e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\rKIwkkAY.bat
Filesize
4B

MD5
6ca65e0850ef987a28b3834ce866c307

SHA1
0625e5ee5402b7b63106c66f02d00dd0a8d420df

SHA256
98d3e6bd1907cd2afcfbb470f2e2a2ccdf03164dae962bfc3cb5e4cc12bf017d

SHA512
169b44f634294e0011d6a44ab0d3afdfbca8881bd7051a8289f3f73c746df005756d51a2d2ce59998eb837d949a1683b2135a78e4a6ef1d204765f737374d560

Download Submit
C:\Users\Admin\AppData\Local\Temp\rWQkocgM.bat
Filesize
4B

MD5
90b86c6c34c1e6d4aecd2122197fcde8

SHA1
3f818e62fa35eedaa8f4205d521453cd74075023

SHA256
47a20a5f8cc3d2ec63ee14b1b23e7e15e87356bc85e6d054efb2430360c6993d

SHA512
f76e9dce28a266be9cd6a3c1aeed3015aa9ee68e927808d8a5511b8ebe4ba6bcc3bc201f441e078f01b5f20dd67bcdeb6bdff07eb45f8f856e2f3083487abf6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\rWkEwEEA.bat
Filesize
4B

MD5
9b40542a729e91014183e168cda7d086

SHA1
08b03f126b1cbda1b4809bdf6fd3b1e091562105

SHA256
af00479dc09e8a447db1fcafe2054a2bc5301bfe1b10fbb9136107d151a73d0a

SHA512
3a4aa933edae781a12d75e2e3adfecaa9ef0993f68d5abc874c94d048e16b23b60646c0c813ed1854880fe510d9ef668ccbcf6c618ed8f24bf6c917673d3e4e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\rgUkUQEY.bat
Filesize
4B

MD5
50bed958b169af2b9550bbb875d7fbdb

SHA1
959b39dab9aa9ee6a8712eeccd2c37d6fa13c03f

SHA256
a8c593fd23657b8806db6755b4749ce4c5acd5405775e487c347199e87a5e80d

SHA512
8e8e7571752197360f21a0a8715e46242987c0ed0ec0dadf8c31c23959d6cb5b404cfa3e5dbbfcefa6c7d9080178303a8667625079fa430ec9bf0cb821ff1b98

Download Submit
C:\Users\Admin\AppData\Local\Temp\rmQQEkEo.bat
Filesize
4B

MD5
5f25afd73ad2a612e7155fe0b990ffb7

SHA1
46d9c9d3eb023c2b9e5a70dd12df6a4eb926f9cd

SHA256
86f3e3278fcca2d7deb7e334c30cdcee3018945f7e309614539d9ec17aa6dc35

SHA512
7b060c10011246e09827760d059d298f54786ad9d0c700765f2044845ae26e6da4caf00c6bae6e939a72a405dc69618f4afb810c655fac0b1052b4b4c9aaecd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\roUcckMs.bat
Filesize
4B

MD5
2e9ab7c3c553540ae0876ac956c72a3a

SHA1
b7d2186f12c9ce9e925f7213e886a5366b816918

SHA256
18cccb3fd6b942edcc86bd3825510bb52b47b5bbbf3719eda7ccad76af2f2de6

SHA512
0515a4c1d0b307d1e2d78b330a477945f5eccfb1d8941f5d1e4f3fff7bd049b992555bf22d4e17a3a3179d4496c21c383c5b7e0b55a4024cc120830ad336f938

Download Submit
C:\Users\Admin\AppData\Local\Temp\sCIgUIYg.bat
Filesize
4B

MD5
ba68ee240f1b36d5c9259af9701fe325

SHA1
a09f0642972f714e1f7da4e8a8a7e3ff2339c2f1

SHA256
b71cb1ae02f7995a6ced3fbda3621cc80b6dc5530022272f150246ec46292e0f

SHA512
dff4498d7ba9fae3532944cee04bf80b826d056eea2960da18f91435ea7c1c9d04cfe77abc365efae4f5d31cbd5eef47fb4e990fed54e5898cbf72fb907d1798

Download Submit
C:\Users\Admin\AppData\Local\Temp\sKogEEsY.bat
Filesize
4B

MD5
b78ebcb714edde43bea420c5d4e35b33

SHA1
ff5c49e9ae2aeaf7a582fc5c6737ab45bfccf899

SHA256
b434b171fab62ee2ad44ea269598b83f76c09fadec541a087f908f768eab4c90

SHA512
39b6171ea6dccae7ae1647ac79b9b8ab4366b1511520e99f7d9ef8280162e276f7960d9a73470f6d3efac8d5c7436cff020086c2883f07ddd6d95781bd7bb4d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\sMMYYIMI.bat
Filesize
4B

MD5
8152ab9f9b69776e0e122607c7c90ea9

SHA1
94fd312fa63af0aa4c164eaa71302da3b836d55e

SHA256
5856b41dfb4d3b93f978e6336325159b78dc18018d4e5071c2e1b7d6577e8f3e

SHA512
56faccfd805853e8119d133b13e43dc224c84fa3abce80ac34d440ab9a2047ec5b97067f468c59f7d5874e504d85bbf39cddf40c31450a8186b4ff8abafc372a

Download Submit
C:\Users\Admin\AppData\Local\Temp\sQIK.exe
Filesize
242KB

MD5
f4dbd40c32efeb292177a4a6333bb707

SHA1
e007956dd036accf43d03b20dc5a7920cf94f7fa

SHA256
a87616aedccd72cfed5251efd16fa29feefe3a5d5641c3f865e28d7c946d9b5f

SHA512
fb0b387de44c1a8aee0e23c232124cbdc22f6373a7bff48537ca6b81501783d6d7fd36c295f59e693912d8edc47d44dd5ae2534235fb4ce44e2af7b703586131

Download Submit
C:\Users\Admin\AppData\Local\Temp\sUwG.exe
Filesize
658KB

MD5
cb198c0ec21af531caf7f2153b013a2b

SHA1
8767b90c6674223cccaea0c2d0a7a9f4ffd9a659

SHA256
7b50f90027e31ba4246baa4cdec6e6ff2cc120a9a5e4cc51e73fa01aaa528658

SHA512
85a866c3b65f90a94ffb01b9aeb2bfea03cb7685ed9903ba45d07d9b4de1cfc2be10d3d996472747efbce44bbc899ebfcc298c6953a8bcfe644da3dd78a1ad48

Download Submit
C:\Users\Admin\AppData\Local\Temp\skIgAAAs.bat
Filesize
4B

MD5
677c1e70fbc265173fe756b2cb4d6eb4

SHA1
2d50d82da9cf2a18eb9acf47bc8c571cb57fb5c6

SHA256
56e79f7354d0be66933d1db4b5d3f27bf99ba07ef0a64fa4861082be00cabf43

SHA512
ac63b1ecf65b268c5243860740a4170e459705f43b066c2b2342f6375b919604f0e69b5d82d971380116c0c6001393982c3925cc59f63882f63eafee8cd0506f

Download Submit
C:\Users\Admin\AppData\Local\Temp\suAQIEgo.bat
Filesize
4B

MD5
481acb436c552ff111e1466ef63c7d34

SHA1
e5d931ca1cf219a6ef5c424c7e6c4954c8c373cd

SHA256
0ccf2684ee4f36bcee5b0eaa14cac7021e2fa99c57529bba03957efe899a1afb

SHA512
3e86341da2e7a14d76d4a3426b142e5b72ff47e69f3ac80aa6fa821393679d6f32410ee520886928a7c7fdc2e8cbf638ba0d4260e0f464333658f614a8156ca7

Download Submit
C:\Users\Admin\AppData\Local\Temp\swAw.exe
Filesize
242KB

MD5
c6b52ad4bead7c5dc1ff297147c7a044

SHA1
409b01c2fc5884585cc4ccd48dfe430cb9822214

SHA256
30dba00c2652e2d1408d28e2215ce8a733ca15dedf7801907d966c74534f133d

SHA512
4906445b1301d4a0048cb5549027f7bf2c4785ab18db232bac468b77de1a268b96da7befc99c4f4a16e0f5433dcab240eaf4cd7276af0cd47f6448b115829323

Download Submit
C:\Users\Admin\AppData\Local\Temp\tAIoUwoE.bat
Filesize
4B

MD5
4574dd5f1cd4c5a188645a15c3223956

SHA1
01bb8b637518614753212ef1c338514f618e4d74

SHA256
8f2288586982ff8df8d6cf51f9a5530580175c93acdd2d37ab77b4b505ceaf8d

SHA512
39bc835095cbed9317b3015dd0b7cb079d767d6946eb34146d325acd1a95c8bccfce17673bbc19b42f0414fcae3c820b9d45d36c5f32b714b8a9f574933e7af0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tIsccYkw.bat
Filesize
4B

MD5
749b5f78cb21cae2aafa734967bac95e

SHA1
42c02ecd0a3da0637cf5a7a0a94652840731f46d

SHA256
01e71da8b19448393f0b67f1d42747ce11eb34f60a5c907dc1ee31e9d5a01ef4

SHA512
fe11fe07bd0ac43ed1ca3710f93c53950af0d9d793835bf769e71cb4fab1bec49cd1c673a8e226e9227713809d57ce0f2e34d954f04a0ebe0045ddb6d07957ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\tWwMkAks.bat
Filesize
4B

MD5
53d8da88cdb758948be03f05661a57c7

SHA1
b8a808b7af68574403bf26c7498d976d96a77eca

SHA256
2aa5a890696f3c0ffec5507aeffb09c3486834b1c1442cdd44c8110e68aa11f4

SHA512
6885dea5d5a44d3216971363ab4196d2fb8670158eec68a6b90aab77f328b729e0e7845e6ad3aad83a41121da985b824e34bb3e6b6e9553d393b8f1cdbbb5c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\twgIIMYA.bat
Filesize
4B

MD5
8cfcee2d93290bab0e980fdffa255892

SHA1
d9dd317d72de36118e50bf43d6ef32dce3343c25

SHA256
49c93a1fd7e0e927398afe6fc67aa006d9312f946c1c5bba6d0d63f736766695

SHA512
f9e1c4f2681b20f466933b13342d1db3d09e0cf5caedbfb8b995cc9ccdfffd9001890101befee2f27cb7ddcf281755ddb019093ee8dd7362790f9b9ca5c89bec

Download Submit
C:\Users\Admin\AppData\Local\Temp\uEou.exe
Filesize
208KB

MD5
9edafc85c51e1d426f9965edbc215bca

SHA1
26db8c64af99aa56787ac01ed1233640776b0b85

SHA256
f75ff00df17c4ec755a92ccf7bf43c6ff1ad3f1f2c8305801eecd915c556e65c

SHA512
4b5d02e0dce546737999483fce0b8b1a71a3c854fbc6e02d1a3db4e0619723656513a7ba2cab5155cb361707c2815b14b927e7e1402691307da825a46dd20d27

Download Submit
C:\Users\Admin\AppData\Local\Temp\uIQo.exe
Filesize
955KB

MD5
3a9da1cba916aa87e7cd4d495ad89d4a

SHA1
28b12ed4dfb0825b00660b0a06961df51833679c

SHA256
b46a497a6489c397309ec0f4238573bac1356a1398b84d24c717e1e676899907

SHA512
5daa3cf061c55d1512d8922bc11750b3edc62f1f35d541453f3993c09301d6c80d7c2a5eb4c5652b4d0ae2cef9ffc18d61f2bcbe7f4cd440388bf2aff105532f

Download Submit
C:\Users\Admin\AppData\Local\Temp\uQQe.exe
Filesize
194KB

MD5
926875814d689b1f1f4f74c89ee8c102

SHA1
16ddaff7b4ea4a2bbf6c875f234a6e76de4bdfb3

SHA256
126b172b28ca14d56683460db4fb63464b178bcdf84ede1b544df1c7748d575f

SHA512
eaac6181be98f5b24de6adec6b886f5ce3381ed1f28216bd195b3a11c24430abfcaf82680e19939334790aac67984e1c6e1da9c92359b8092a0ba6cd8b459bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\uSccUYEM.bat
Filesize
4B

MD5
a32ef1074b3c410c14fe078838ac009b

SHA1
2eece925131aedbf6ae49074c5c613392c89a3f0

SHA256
f0178ea3a8ce60fb5176b73ec707f2a34411afc13518606f6d81ef0edd790416

SHA512
532d6a3047982a4395d93b6b8467e04005446af9e83f31c8f4b274d187121ce2f619a71adf8e986905f4ef8f4e345de60ae9e87b5fda114430fbc03c754f5ee0

Download Submit
C:\Users\Admin\AppData\Local\Temp\uUMgcQIg.bat
Filesize
4B

MD5
4ebea844719dc5cc83b5102591dc62c1

SHA1
96dfce88a099443f31bc72be755bc71a57942f66

SHA256
cfb7328049077ae3e2dadd995ed5eb05dfee8fb85e6c3920cc25902e596d03b2

SHA512
2a1dce971aa2756190e07e98b7ecb6a64e9306e3d5b69d5f407801787bd56b86de3544503432ddfe4e48fb6cf1007802a42f64f35a6b9049d92ee404e69f9146

Download Submit
C:\Users\Admin\AppData\Local\Temp\umIEsEsU.bat
Filesize
4B

MD5
19a952a8562173acb87a5228e05fbcfe

SHA1
3a64449f241832076844cabf54bfd169c6fc5e36

SHA256
4c9b34450a50428d6f218f4687013d0919d9d345e6513188bcc8620223e64f3d

SHA512
a74a7d3a1f485c650ba0ebb85176a7cab62c99da2ce68bdd827d43d636c7e18fd952cb6e47bc32d9c80f8b7f463ac34cb0a1271dd0223213b46befd07d1b4320

Download Submit
C:\Users\Admin\AppData\Local\Temp\uwgC.exe
Filesize
236KB

MD5
c74f9a5df6b5e51872575e7518618903

SHA1
cdffffa4177cf106cdd46d873f764fe2539a597b

SHA256
515353a09627dc03d1660d327340f040586f7dfca3a180fbf1924c43cbaa83e8

SHA512
6034fd3931be7d83094c007bbda0c750bcd118490d64f4bc0909e7968b1ad2efdf646599e5ec23ea952c907a9ad475b0014b6df772d2d4720e8630ba9df817bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\uwwU.exe
Filesize
248KB

MD5
e6c2d43e6705ac9d34a01b5ef3e5c974

SHA1
8db3630e16f8789017556ba2d4a8342a36ecd8ee

SHA256
af055cf03ac8b105a8a75ed0b04836137550b1466ae42ce1dff87c14c2e87226

SHA512
5c28e7141f9b20ea7e25a2c904d84cc725a6272289656986dbfe212eb58c13453dd0bf19b476081b49210ae8c86f0347f4017a86472a3dc31342dc7e2e2a5cfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\vCEggIkY.bat
Filesize
4B

MD5
91501ff983e6a4dd97f7175efac8974e

SHA1
ead4f8599511cb0233e96a52dae0fc315851657f

SHA256
5d904944878b3291252e336f0ba0cb276f4432558930a7de42c02c29ef48c00a

SHA512
50abd56680410899aeed06fcfb7a64625f75f169a5faf7c9ee3b18e8008e860fbbf7b2d4b777e9f1b5bb89028a33e3cfa339b4e3f340dc6329501edab518abc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\vCUIMooM.bat
Filesize
4B

MD5
616f23f24b29bd84b07639f72929f92f

SHA1
df937f40f5f37a50498c2a8fb17dfbfdaff5f85a

SHA256
f2fed9f3cfe9bca9b638c725d97aeb1bb72ec9d75e51f656ec6f0a2f446ad676

SHA512
f69e41f56c1762bbbd5c74d4b2d6db7effa631974e7e2d63977ea52536097e534935f8f1fc12a20d6c28f3eac58cb6d8ee4afa94b9b544615736ecfd26abed74

Download Submit
C:\Users\Admin\AppData\Local\Temp\vCkcMEEE.bat
Filesize
4B

MD5
1068960dfb92bc0d6c9c9d7ef3b9b435

SHA1
dbec294e67a0b4b2020ac82b448087a2c89c6fe1

SHA256
aad0b4a9112dfa20b4b902d1fd34f068dc7297324901ea44763a22fb0474d881

SHA512
1037375acdea6f4f0e1aaad5beb0f0d79537ffdb8228777223c62df8273021f4b103553238c7137aef6efdd08a7dbbb8709e381c93d11765052d58e025a5147f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vMkMQgAI.bat
Filesize
4B

MD5
1df1eb34d6cf6a08639fd939123627fa

SHA1
1aade07aa5c013206e6035d27a24fc0a41de3dcc

SHA256
4824021c07d2407ed4aa2e06ad51c998d4bb0d85e2f521db0e6f0e643849b785

SHA512
017d8e7f00ad0b4416f892056d19e3376b97bef0bd1cdb0d71f02f5da7a40174a5f4689f708cb0a57cb1524117ee4960d82c6a952a71e661d3336ac3479f7d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\vWUYkoAs.bat
Filesize
4B

MD5
79d0c70111baa0363c6fbe01ca968e5b

SHA1
7fe29d2640792e320b19c1d81f8fff4883e0c9bb

SHA256
7ea96a93e6de374491eb9d96d70917254aa5c687032370b90ed6532875fb3b1a

SHA512
a22749008f28edcb951d5630b7984f2b41d57979952d90f31c21d43dc8e8b27225809470a8c80cbccffbb5a0faf70188a0c745837b600f23310e27f8b024359e

Download Submit
C:\Users\Admin\AppData\Local\Temp\vksEckMI.bat
Filesize
4B

MD5
5894ffca49b9c7c1ffd6813c780b9cf5

SHA1
84005f084bb34afb12ec08bb19a67beae0be915d

SHA256
6cf179fedbcf7b5021ca63457a3d50b7fad015d64bbec3e287a8d919ac7daadf

SHA512
b71fa035b89710d7644a9cbc088e08f51f059430b37a2ca9a64507ddbae7d1e656ce18ca8529340e6cbdf2629a6c2a3c767c4a120a940a1b4455384ed83217e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\vssogcIA.bat
Filesize
4B

MD5
3fd3063aaff78c4616eb3f6798adb987

SHA1
66cc310344b705fdf13ed7cfcddb9b4d147d4def

SHA256
546f623301a6023a60fad53a06c5966d3565c8b2e96962e455913ec2f91743bc

SHA512
40dbd0cae72303a04632da50f740553d9b25992aad70e5b7708c841ed63a3f6b294f310ed12d52d4626092337c9fdec40f98977d89b530f9c57852ad4756c2e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\wAMG.exe
Filesize
234KB

MD5
19f719b59c17c9ea7f77e267b2f6e3f3

SHA1
30ba99de4e6d3efff40acbe9454e7f4dc5069757

SHA256
f38fda86685f24d99e97684e2f6a9ba743496cbf64cd088a30be7c69ca0522db

SHA512
cce736e37d4ca9d1508b07cebd6bc86c71e934b9506cf2fe31e6031b9063be2bc3366fde44dee79ba9a42277e82714d6fcec02102e05ecb62c8b9a1c807eb33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\wAco.exe
Filesize
244KB

MD5
82da7e6888acc0cff64a697c5f6ed799

SHA1
fad179b2efb8f340b585cbeb9ea4cf468b1d0f3e

SHA256
b31d73907a3f808affa17c0304e0e78ec8ce9df8617c825e25e8373acdab06e9

SHA512
1baaf937486ef66d8d44c2ea0c9c0d2ff715f510b2d8fe33a6a28de532eb05a41ec7ecda20b296a5f3519f9cba6401206e213f2559489cc4a6f8a6af651754b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\wGokccgI.bat
Filesize
4B

MD5
88c9a3aae75ea30cde54cb4b28433ccc

SHA1
2909916d527860abc36bd413ef9a783944fbe4b5

SHA256
b2c0fef78a5ad5eff0700e416a87a73de00aa178d22435e633d28f3070c2224a

SHA512
9f84d4113adbe64585d4c0de1de70c901a1182ca1c661798a3a5e44ba55c28773e79598eb721c72ed0a91d889b97a004dfc3ae7cc69010ab1e9766d98557b9e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\wIcm.exe
Filesize
241KB

MD5
64369dd1fa0f1fb2689881d3fada9af8

SHA1
3ca02941cf649854d39b95604130ac080e0e6ebf

SHA256
1000c9b7057eb0bbccde1a7c085dbb01811245c8990be7077b465529e31fba50

SHA512
615cb0e25622ffb7be6cbd6b3bc2d118ae59d1e114f49082473fe239532fb8a9ee4e443ea2315f81f515c23473f0c9c92d97a083c6a1ca6004d65c60752dac7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wUAU.ico
Filesize
4KB

MD5
f461866875e8a7fc5c0e5bcdb48c67f6

SHA1
c6831938e249f1edaa968321f00141e6d791ca56

SHA256
0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7

SHA512
d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\wYoO.exe
Filesize
834KB

MD5
aeaedf5a7fc99a6caed8f43d0bdc29b9

SHA1
93c32f0875d5ce09bbd85e58a28e5ce682febb0b

SHA256
5f54a100a037e39150dd58df572550c552e6a3a5477a6b95ebd0a434532bbb3b

SHA512
cc1ec19134c7ad6f45a34087db9409492da19420175c909c2f3eb60d105feca0b47f38fe4ca1f452999fd4d891c10f9c851b0f2035134ff57982d3b6868f0c0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\wcUo.exe
Filesize
244KB

MD5
545c14e7d332d12701be90e8dfcf3692

SHA1
fdc6a3bd57cd635c5a57dbba9330e7ee3a69f00a

SHA256
fbb99115ca74b2d49689d93c73ea29e7359e9f1b08e315be393a8a960986fb62

SHA512
5513b889ab78c3b2d6455eef972f181352f773892de3bad3ac76a068a313857414bc0e5f3cccf338ed7aa0fb7fad6028bae7bfe8aa3ee5ae9a07ba588ba78ac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\wcYI.exe
Filesize
628KB

MD5
92bd3a4ab238ee55e6c1b61c9ef0a258

SHA1
cc22b8634988b69ba4ea207cc70793dd345579c4

SHA256
335539882294c4a9ed9d964c037eb035bea7a0fd8f115efa19c7746c775b65d6

SHA512
421c24734bdde9db2faca80e135ae90734a2275b5c16f8a520d9180ea2eff96f127916ace1b8cb2051274c6d9e7acca333a113b1008e5491134399df104dc0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\wcgq.exe
Filesize
226KB

MD5
7ba22e1a7e75f4f594718f1f803efcab

SHA1
882f755708d43b51c0313de1590313362f59333d

SHA256
3fb198ef4704c188c17a4adefc4dfa0adc54f276f1e77d9dae6e5edec128eec8

SHA512
6cc89ad1e42098fb6457549bc46e7f874b8ee7bd6a33c9e574a52e5feb3a32dd2db154d997744acd48a457649315eebdf9490df27e87721aa86ef30097fbef63

Download Submit
C:\Users\Admin\AppData\Local\Temp\wcscYUUU.bat
Filesize
4B

MD5
32607daca0f795f4dfabff13e239dc78

SHA1
33ea1e6e58e4985118aa97d2e834b25b897df471

SHA256
019e0cbe7860f0ffde6f0c8eca12e7c78a23442191de60fcbfc5e93538fc3ac6

SHA512
5f942c4dc8b1363a85e0db2201cd38bd9f87c5442d0855ac0a8ffb34cdbc01babb93419f51d6e19219f489eefcafbd685de8844a40b60c8d8da98b1a723e28ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\wgoM.exe
Filesize
231KB

MD5
6b64760b12e5e3be1527739760cfc2cf

SHA1
3744cf4593badedc2ae160e665dbcb7025d2e51a

SHA256
f710c5594563748cbac5b38558d679fd11c10cdd39736d73025aff0b66b4b9aa

SHA512
5e417e0b0176d75620a3964320bd91301af4f9290b4266fab3fe84b75a790688f5d94b776fb8d810b580b0253a3ebe28775f6bd4cfe6f68060147542d6ae717a

Download Submit
C:\Users\Admin\AppData\Local\Temp\wgow.exe
Filesize
231KB

MD5
8f14592cacd6ee604ab3b0dbb5272594

SHA1
00cea2fd6ebe189daeb8489177d5733eacc11174

SHA256
765f2f40c0cb71bdae22593d5f3eb2cba2360f5bda1aa6db946ce6670aa77a47

SHA512
58069b10412e0e88f130517f6ec0ddfe8b379000503bc17a0d68965de562800f15eac85dc77495d92a299b4b2115a53280efdb5d9daa38d59308a2689ff31805

Download Submit
C:\Users\Admin\AppData\Local\Temp\wkUa.exe
Filesize
243KB

MD5
420ed0b6877b45b5c23bf2402ae30341

SHA1
47db98e1616528cb8a0921b30ab59c3525fbc7b1

SHA256
beebc7e079c132ec92251c7b8a375a988be93a46a8b519f2000e1c35e8326586

SHA512
c47ae3eb1de6d868daef19d84587e5d81f9810cd3cfaeaa78090d95283bb18c4397e248663ac0168c2bdfdfb0146d03fbbd3876ef6e067fb8eba79cf04747064

Download Submit
C:\Users\Admin\AppData\Local\Temp\wooQwMQQ.bat
Filesize
4B

MD5
ecb4e48917366b9d1bfe22437ecb44d3

SHA1
932b1cbc6ba58feb631780241a2ee9a5dc72f86f

SHA256
affee08c344ec3ea89a1543f7c8de1a68c59f432a2c607c287d06ef25c03443c

SHA512
73f994cdf84ce919800e1f919eb55602c9de0a9911d0ce87c8cc922001873c4b0943460f14996889a1c29160f8015136dc6a9cc5fd422b015accb43734c2ce49

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsgO.exe
Filesize
316KB

MD5
9c0c49bbb4b4fa3eb2e839df3e8960c5

SHA1
01312c03280c27b276978a99e97bd97081ffaf1e

SHA256
ee7adb54531898be63d374935e9bddb5e4e09c350cd03ca9ab14bf748b1c97c2

SHA512
a4e9427dbdf528d97d6e586ef2b4b1e2ef48a242f7d185e9c5c48f2225947ca59b8d79d9d771a3f11b1ee93413173f436dc922fb11e7f7a7a1741062731e7b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\wwkY.exe
Filesize
245KB

MD5
a36ab38ed7082e9bb0c38d12da109b4b

SHA1
de52f15351004aee776ab1f897eba2b414f42607

SHA256
39876d9e0297d7fb38c687252fdc1e69872d9dbc99bd50b5f4e27ab6465028e6

SHA512
98a08cb1742343a4ac6ee1d91c5d1e96a26cb98d905fcfcfcb94e5f2a734693c10f409a6b23ec4263e2257ed24deb6b3bdf8e5ce9e38ac45696a9f6dc1b9c432

Download Submit
C:\Users\Admin\AppData\Local\Temp\wyIcYQgI.bat
Filesize
4B

MD5
aa531af5162556f976fcebfeadcd4d5e

SHA1
c91e4ddb136d723503701a38f729f5ebaaac7885

SHA256
4ebba0cc20d1e3771d1fdb17976fe2f1e59656c1415a6dc6c7f67979b2e55e88

SHA512
415ddce30434404e3c9588e04c5af37d6cb355b0ba268c593e5278751483cca374a4961af8c3ccf567148aaf04dfe42b4760b29be674c5ca11de1d86f7d7dbdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\xYgkEAcg.bat
Filesize
4B

MD5
67f4b6e15b4e44e13dd09c886e109dc5

SHA1
e8c31e33f27f97c779133cb2712a1d8b85f72185

SHA256
ced1451a08d07b0c1074bf02909583dcacaa016e5fef9eb026bdb8c3bf1e8d74

SHA512
af8546e4cc72a4a8c9d2bad25b48bf42ee077f6f55bbd21cea84b5c6450473a7e798216595f4c14fc4f71076f0b18ddba0f98ca618d1690f9659ab791715dcf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\xoAUokQE.bat
Filesize
4B

MD5
9f31450f4f99618e986fe337f68349fa

SHA1
44db80600cc720d67dfaf7f15e43b071c4b51f8a

SHA256
c5c6b79f6edd7a66768dece48507349debf85bbfe07f7d50c9b7980e0fe861cd

SHA512
e417410eb64c899485763ad79472b1559fbf1c24f946f47db29b5935f1751c1de0ee9de1a6b4e12f2f3ff682c751aadb12f6782fb3bdc9665605377063fbec13

Download Submit
C:\Users\Admin\AppData\Local\Temp\xwUoQcww.bat
Filesize
4B

MD5
53e633b0ef399b12856676bb6695e762

SHA1
ee63b5ceb65e663dd98fd419ec8e5ea7f5dd4704

SHA256
b56c461347640f83ba072e405312c4090da6d6bc772644f3221807f35721a3e8

SHA512
ba40d3407cf99f0e245cad2e9165a7be8e8e25b2f41a3a42fa188e1384f1d0761d9f4422afcd23e00c628fa48d81a58605036cf4c7994952183dbcaf12e55b49

Download Submit
C:\Users\Admin\AppData\Local\Temp\xycMQkcM.bat
Filesize
4B

MD5
3bd32493f13222b5deb987eb2533a311

SHA1
7ff4084a4f1bf8641b055bbacfd63c3c4e3a560c

SHA256
6c0a86c72e852accb8a1b59108d0be3423297c6eb6cbd09b87e9f72ba0dc3210

SHA512
e7dfaa1aff00617fb925bf65da0c161ba413e39e9b676c1d5832906ee7f4bd497e6c7df4e8b00813ac95378a2bff245ac55bf2ec0f0a5250403dfe1e667b62af

Download Submit
C:\Users\Admin\AppData\Local\Temp\yEwS.exe
Filesize
240KB

MD5
44f393ae0cbe9b830d7a4b9e1d67155c

SHA1
b9c2c373d3ca86ad82268e8ed54a34442a61c3aa

SHA256
1a325de3925e0c36bb3f0cc6175d839f6b4c1e48e91dc89f386752b9288ce0b4

SHA512
716ce0c9c7cb5b4330525b621785e90a607681e359b1fcedd241312e28d6abd84e2a193b3243912381f5f0cec9e2c64a7a14f43bd0bde51e88379f4e2f720143

Download Submit
C:\Users\Admin\AppData\Local\Temp\yMEI.exe
Filesize
249KB

MD5
744b0706de8247f32183329f821f0d2f

SHA1
8156fc21de82b7308bf8bfb5863955847c1716c5

SHA256
798be095a2a50888caf6e270ba7e21fc91e3a8b400a8730e9d795c6d8798db6c

SHA512
930b4fb8e004e00b0fa24ba3f20ef43819c616f0eaf89238a51c8e8bcb169975740482d9c966127ac6aec989b31bb818be0adfbe5f50914727c974ed3ef78b5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\yMgc.ico
Filesize
4KB

MD5
0e6408f4ba9fb33f0506d55e083428c7

SHA1
48f17bb29dcd3b6855bf37e946ffad862ee39053

SHA256
fee2d2cfa0013626366a5377cb0741f28e6ec7ac15ef5d1fc7e286b755907a67

SHA512
e4da25f709807b037a8d5fb1ae7d1d57dfaf221379545b29d2074210052ef912733c6c3597a2843d47a6bf0b5c6eb5619d3b15bc221f04ec761a284cc2551914

Download Submit
C:\Users\Admin\AppData\Local\Temp\yYgE.exe
Filesize
218KB

MD5
512b982db3a4e52534ec508ec0220088

SHA1
88833780d9d2ef13f71b8de3338f7e6b73444618

SHA256
1149d6453819fa11a283bf2bb6204be670d1835016ecceceef2049dfd9491c02

SHA512
29f825226ae1e68c5e8fc53bfec9889f12a087445de0bd13e2779ae76a6a22dd1024347bc6afc355823eebd38351e384c6c797c13edbed9587f41bb8952af55f

Download Submit
C:\Users\Admin\AppData\Local\Temp\yaYckkcg.bat
Filesize
4B

MD5
bfc55d29c30c21d056731aeef05bd711

SHA1
3a35601a85a77bf3d888672b6e18bbdff98da796

SHA256
458883fd3db920ae7487a6df3a0bc107460b92c2d73f1f08648051a220beaeee

SHA512
453db5edcf4ce626f89e4d205e28ed8aadd6e107a4860fbdc17b907c3a1c1be24433cf2987dc79dd463e36b8807fc8deb7e361bb732bbce57509005e5576ae96

Download Submit
C:\Users\Admin\AppData\Local\Temp\ykAgIwQw.bat
Filesize
4B

MD5
445f7f09f9526671057ecb3efdf26feb

SHA1
6c10ca479f0230eaf91c5b948ad620f5209c9a73

SHA256
2cfe2ea57e3b1d4ec2b338b6c835c53a570675d62181a844f7bd554d150cc16b

SHA512
dec8a7abcf5b41b4a4568a745cf66eedad59bd3999e25ada3bd76a7a5e12e7d9d36c057637edbceb88d86fb678a380f59819f1ce4a1747a21e3c655964b8f1d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ykYY.exe
Filesize
643KB

MD5
c9251c85149115e29a86db6a5ac0c76c

SHA1
05f1f36213705ef0070bf981f19f90a9d5b5878d

SHA256
7318670ff568d5780320211a54f8aa21e8735343500b3fdc480a9d7701803fd7

SHA512
88d6f577694ae8b7f591041c98209c980b38a2742e4bcd4fb55cbafa597520d578a16cbcd1f529f353cfd8a926862a866e166703bb8c2110b77d624f4b3745c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\zecAskcw.bat
Filesize
4B

MD5
6dec279ff08c0bc084b89095ffc4f533

SHA1
f82e24739cd1d4b5a05fcd272ab52e54867df491

SHA256
b045e3f4cddc9c93b1a41e70be8c61e941340b4ab4afd195b52f24aa5721c34a

SHA512
abfdf357c9f2d481d67992be7c453fc2b5fd4ee35a1853945a2b770d9efc7d11f3b2bc058eafbac0db2e9f9cecc7038f799dbec64072d6f3032673b9a42c809c

Download Submit
C:\Users\Admin\AppData\Local\Temp\zkEogYUY.bat
Filesize
4B

MD5
0f38aa53b9b01c22482fd728d63e8a2f

SHA1
6a414971e6710dbe7c179208a55b11ad529e770b

SHA256
2f8996d80a07bb0c010e0956147c7dcc1bf18f150e126e40925f9b78a12b7e2f

SHA512
6f26160280dad091261c56993e8ba7a19d69265847f12ae4e26c421eb69aa7bc22f6ed668c127331d000e4af78db4abb824c72682a408068ac158a0d62768d81

Download Submit
C:\Users\Admin\AppData\Roaming\SearchPublish.zip.exe
Filesize
434KB

MD5
081074ca8936af24a1bcabefd0822a03

SHA1
c64360562ac1215bf687d40c89d8c6fa4a6e140f

SHA256
1643b95d1af71f607f789eddb08a58e8c5c845ccf0f0946b79d5b958d5c09905

SHA512
d9f744b8d9f1a9f60eb70775b6bed82b4a29751cde0ed73022969e4936d98853003f57f25f0e754e66d2f599dd80da5eac1b557b5536972adf310f09757c9709

Download Submit
C:\Users\Admin\Pictures\My Wallpaper.jpg.exe
Filesize
213KB

MD5
0f7ae7d65cc2637937f346e23e4131a2

SHA1
efb7cc4001fa653daa463eabd4eda271df087c15

SHA256
72e73aa56c7054ff406032abc00541bb246ec56631f6e77f5fe74be9a5b8794d

SHA512
3c4a97d116736bfa952921e92360cd3946d6a69e63fb0bde5ade249d33040934b1e734444a7b5db6aa2e0f4de17e5155b988c18b4a25e4e722543d902e56bdf0

Download Submit
\Users\Admin\AwQscoAU\AygsgEAk.exe
Filesize
195KB

MD5
b55c97b5661dc83a1288cf351743f613

SHA1
f72bd89696f2ae05a7df80776fec92073d391a28

SHA256
e42f29bcca9992999070beb27ddda7a8ad3bf600c6c7fc21871ab1920b73cb23

SHA512
d08c50a9b7838dda83e22ac75fe03faee921ecbbfa5b3683476822b8a434feefdbbecc49b770a6a24ff1f0eaa761872f0b052689e0a50f0039c3ea60a5e07730

Download Submit
memory/380-516-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/380-485-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/488-579-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/488-550-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/564-391-0x00000000001D0000-0x0000000000203000-memory.dmp

Filesize
204KB

Download
memory/832-343-0x0000000000380000-0x00000000003B3000-memory.dmp

Filesize
204KB

Download
memory/832-344-0x0000000000380000-0x00000000003B3000-memory.dmp

Filesize
204KB

Download
memory/936-81-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download
memory/936-80-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download
memory/936-548-0x00000000000F0000-0x0000000000123000-memory.dmp

Filesize
204KB

Download
memory/936-549-0x00000000000F0000-0x0000000000123000-memory.dmp

Filesize
204KB

Download
memory/1068-611-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1068-641-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1172-538-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1172-559-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1244-305-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1244-271-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1280-186-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1280-154-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1460-270-0x0000000000310000-0x0000000000343000-memory.dmp

Filesize
204KB

Download
memory/1548-505-0x0000000000170000-0x00000000001A3000-memory.dmp

Filesize
204KB

Download
memory/1548-506-0x0000000000170000-0x00000000001A3000-memory.dmp

Filesize
204KB

Download
memory/1552-223-0x0000000000270000-0x00000000002A3000-memory.dmp

Filesize
204KB

Download
memory/1552-224-0x0000000000270000-0x00000000002A3000-memory.dmp

Filesize
204KB

Download
memory/1672-130-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1680-131-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1680-163-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1716-140-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1716-107-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1756-105-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1756-106-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1780-369-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1780-401-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1780-537-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1884-392-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1884-424-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1920-651-0x0000000002270000-0x00000000022A3000-memory.dmp

Filesize
204KB

Download
memory/1920-652-0x0000000002270000-0x00000000022A3000-memory.dmp

Filesize
204KB

Download
memory/1928-448-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1928-247-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download
memory/1996-378-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1996-345-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2032-536-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2032-507-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2092-632-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2172-631-0x00000000002A0000-0x00000000002D3000-memory.dmp

Filesize
204KB

Download
memory/2204-484-0x0000000000290000-0x00000000002C3000-memory.dmp

Filesize
204KB

Download
memory/2204-483-0x0000000000290000-0x00000000002C3000-memory.dmp

Filesize
204KB

Download
memory/2240-6-0x0000000003DA0000-0x0000000003DD2000-memory.dmp

Filesize
200KB

Download
memory/2240-41-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2240-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2240-28-0x0000000003DA0000-0x0000000003DD1000-memory.dmp

Filesize
196KB

Download
memory/2336-200-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2336-234-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2464-589-0x00000000001F0000-0x0000000000223000-memory.dmp

Filesize
204KB

Download
memory/2524-280-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2524-248-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2536-330-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2536-295-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2580-569-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2600-354-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2600-321-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2604-570-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2604-599-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2608-319-0x0000000000170000-0x00000000001A3000-memory.dmp

Filesize
204KB

Download
memory/2608-320-0x0000000000170000-0x00000000001A3000-memory.dmp

Filesize
204KB

Download
memory/2632-609-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2668-176-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download
memory/2680-367-0x0000000000270000-0x00000000002A3000-memory.dmp

Filesize
204KB

Download
memory/2680-31-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2680-368-0x0000000000270000-0x00000000002A3000-memory.dmp

Filesize
204KB

Download
memory/2704-117-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2704-82-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2708-210-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2708-177-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2720-494-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2720-461-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2744-30-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2788-57-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2788-56-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2808-257-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2808-225-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2816-91-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2816-58-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2832-590-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2832-620-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2884-438-0x0000000000310000-0x0000000000343000-memory.dmp

Filesize
204KB

Download
memory/2884-437-0x0000000000310000-0x0000000000343000-memory.dmp

Filesize
204KB

Download
memory/2952-153-0x0000000000260000-0x0000000000293000-memory.dmp

Filesize
204KB

Download
memory/2980-439-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2980-470-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2992-293-0x0000000000200000-0x0000000000233000-memory.dmp

Filesize
204KB

Download
memory/2992-294-0x0000000000200000-0x0000000000233000-memory.dmp

Filesize
204KB

Download
memory/3008-67-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3008-32-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3032-13-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download