54b9a1eb70ff5cbe24232176571fc0f76b58091a6a11efc161a1705b298a4f36

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
Size

196KB
MD5

38e74eec51a199732f6c945675934e66
SHA1

c3909e82c3af1d14d479e51c53d01ce813019169
SHA256

54b9a1eb70ff5cbe24232176571fc0f76b58091a6a11efc161a1705b298a4f36
SHA512

9f94bd8361632dbf915fc375b46c7f82a2bf30affed27af8091ff290b79bc07e14694b4b6f6f7221b87689df0822aac334b66bf7d720f57c0364d7ea799bd81a
SSDEEP

3072:TrfEcLvtDS4zMQTOeDmowHDU7nJgG3lZV9bxsesHUMQZAf6w:3fEcTGQi6m5jU7nxj9bxZjZZw

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Processes:

reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

UAC bypass 3 TTPs 64 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Renames multiple (57) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

kYQYwcUA.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	kYQYwcUA.exe

Executes dropped EXE 2 IoCs

Processes:

BUkMEUcI.exekYQYwcUA.exe

pid process

2928 BUkMEUcI.exe
2592 kYQYwcUA.exe

pid	process
2928	BUkMEUcI.exe
2592	kYQYwcUA.exe

Loads dropped DLL 20 IoCs

Processes:

2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exekYQYwcUA.exe

pid	process
2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exekYQYwcUA.exeBUkMEUcI.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\BUkMEUcI.exe = "C:\\Users\\Admin\\SMIMYoEo\\BUkMEUcI.exe"	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kYQYwcUA.exe = "C:\\ProgramData\\tOwoYcUU\\kYQYwcUA.exe"	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kYQYwcUA.exe = "C:\\ProgramData\\tOwoYcUU\\kYQYwcUA.exe"	kYQYwcUA.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\BUkMEUcI.exe = "C:\\Users\\Admin\\SMIMYoEo\\BUkMEUcI.exe"	BUkMEUcI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

Processes:

pid	process
2520	reg.exe
2628	reg.exe
1752	reg.exe
332	reg.exe
412	reg.exe
2944	reg.exe
888	reg.exe
1560	reg.exe
1956	reg.exe
1616	reg.exe
1372	reg.exe
2400	reg.exe
1992	reg.exe
3032	reg.exe
1224	reg.exe
1544	reg.exe
2932	reg.exe
2128	reg.exe
1212	reg.exe
1616	reg.exe
2272	reg.exe
2300	reg.exe
1120	reg.exe
1148	reg.exe
644	reg.exe
1636	reg.exe
2492	reg.exe
1784	reg.exe
2124	reg.exe
2532	reg.exe
1784	reg.exe
2180	reg.exe
2288	reg.exe
2288	reg.exe
2664	reg.exe
2484	reg.exe
1696	reg.exe
1848	reg.exe
632	reg.exe
1028	reg.exe
1296	reg.exe
2656	reg.exe
1988	reg.exe
1900	reg.exe
2020	reg.exe
1800	reg.exe
2664	reg.exe
2268	reg.exe
2532	reg.exe
2080	reg.exe
2404	reg.exe
2848	reg.exe
2056	reg.exe
2040	reg.exe
380	reg.exe
2888	reg.exe
2588	reg.exe
2524	reg.exe
1424	reg.exe
1192	reg.exe
320	reg.exe
2020	reg.exe
2192	reg.exe
2104	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe

pid	process
2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2056	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2056	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1252	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1252	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
532	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
532	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
292	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
292	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2836	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2836	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2112	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2112	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1556	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1556	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2068	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2068	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1028	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1028	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
800	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
800	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2564	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2564	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1996	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1996	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1288	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1288	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2348	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2348	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2956	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2956	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1224	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1224	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2264	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2264	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1568	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1568	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2292	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2292	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1372	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1372	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
412	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
412	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2172	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2172	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1016	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1016	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1736	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1736	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1368	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1368	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2200	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2200	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1160	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1160	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1028	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
1028	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2472	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2472	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2624	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
2624	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

kYQYwcUA.exe

pid process

2592 kYQYwcUA.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

kYQYwcUA.exe

pid	process
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe
2592	kYQYwcUA.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-04-28_38e74eec51a199732f6c945675934e66_virlock.execmd.execmd.exe2024-04-28_38e74eec51a199732f6c945675934e66_virlock.execmd.execmd.exe

description	pid	process	target process
PID 2552 wrote to memory of 2928	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	BUkMEUcI.exe
PID 2552 wrote to memory of 2928	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	BUkMEUcI.exe
PID 2552 wrote to memory of 2928	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	BUkMEUcI.exe
PID 2552 wrote to memory of 2928	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	BUkMEUcI.exe
PID 2552 wrote to memory of 2592	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	kYQYwcUA.exe
PID 2552 wrote to memory of 2592	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	kYQYwcUA.exe
PID 2552 wrote to memory of 2592	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	kYQYwcUA.exe
PID 2552 wrote to memory of 2592	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	kYQYwcUA.exe
PID 2552 wrote to memory of 2528	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 2552 wrote to memory of 2528	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 2552 wrote to memory of 2528	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 2552 wrote to memory of 2528	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 2528 wrote to memory of 1720	2528	cmd.exe	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
PID 2528 wrote to memory of 1720	2528	cmd.exe	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
PID 2528 wrote to memory of 1720	2528	cmd.exe	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
PID 2528 wrote to memory of 1720	2528	cmd.exe	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
PID 2552 wrote to memory of 2664	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 2552 wrote to memory of 2664	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 2552 wrote to memory of 2664	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 2552 wrote to memory of 2664	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 2552 wrote to memory of 2408	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 2552 wrote to memory of 2408	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 2552 wrote to memory of 2408	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 2552 wrote to memory of 2408	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 2552 wrote to memory of 2532	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 2552 wrote to memory of 2532	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 2552 wrote to memory of 2532	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 2552 wrote to memory of 2532	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 2552 wrote to memory of 2388	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 2552 wrote to memory of 2388	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 2552 wrote to memory of 2388	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 2552 wrote to memory of 2388	2552	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 2388 wrote to memory of 2796	2388	cmd.exe	cscript.exe
PID 2388 wrote to memory of 2796	2388	cmd.exe	cscript.exe
PID 2388 wrote to memory of 2796	2388	cmd.exe	cscript.exe
PID 2388 wrote to memory of 2796	2388	cmd.exe	cscript.exe
PID 1720 wrote to memory of 2820	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 1720 wrote to memory of 2820	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 1720 wrote to memory of 2820	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 1720 wrote to memory of 2820	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 2820 wrote to memory of 2056	2820	cmd.exe	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
PID 2820 wrote to memory of 2056	2820	cmd.exe	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
PID 2820 wrote to memory of 2056	2820	cmd.exe	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
PID 2820 wrote to memory of 2056	2820	cmd.exe	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
PID 1720 wrote to memory of 1532	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 1720 wrote to memory of 1532	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 1720 wrote to memory of 1532	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 1720 wrote to memory of 1532	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 1720 wrote to memory of 2284	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 1720 wrote to memory of 2284	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 1720 wrote to memory of 2284	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 1720 wrote to memory of 2284	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 1720 wrote to memory of 2128	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 1720 wrote to memory of 2128	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 1720 wrote to memory of 2128	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 1720 wrote to memory of 2128	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	reg.exe
PID 1720 wrote to memory of 2092	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 1720 wrote to memory of 2092	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 1720 wrote to memory of 2092	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 1720 wrote to memory of 2092	1720	2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe	cmd.exe
PID 2092 wrote to memory of 1088	2092	cmd.exe	cscript.exe
PID 2092 wrote to memory of 1088	2092	cmd.exe	cscript.exe
PID 2092 wrote to memory of 1088	2092	cmd.exe	cscript.exe
PID 2092 wrote to memory of 1088	2092	cmd.exe	cscript.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2552

C:\Users\Admin\SMIMYoEo\BUkMEUcI.exe
"C:\Users\Admin\SMIMYoEo\BUkMEUcI.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2928

C:\ProgramData\tOwoYcUU\kYQYwcUA.exe
"C:\ProgramData\tOwoYcUU\kYQYwcUA.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2592

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
2⤵
- Suspicious use of WriteProcessMemory
PID:2528

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1720

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
4⤵
- Suspicious use of WriteProcessMemory
PID:2820

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2056

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
6⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
7⤵
- Suspicious behavior: EnumeratesProcesses
PID:1252

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
8⤵
PID:488

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
9⤵
- Suspicious behavior: EnumeratesProcesses
PID:532

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
10⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
11⤵
- Suspicious behavior: EnumeratesProcesses
PID:292

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
12⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
13⤵
- Suspicious behavior: EnumeratesProcesses
PID:2836

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
14⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2112

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
16⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
17⤵
- Suspicious behavior: EnumeratesProcesses
PID:1556

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
18⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
19⤵
- Suspicious behavior: EnumeratesProcesses
PID:2068

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
20⤵
PID:284

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
21⤵
- Suspicious behavior: EnumeratesProcesses
PID:1028

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
22⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
23⤵
- Suspicious behavior: EnumeratesProcesses
PID:800

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
24⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
25⤵
- Suspicious behavior: EnumeratesProcesses
PID:2564

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
26⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
27⤵
- Suspicious behavior: EnumeratesProcesses
PID:1996

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
28⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
29⤵
- Suspicious behavior: EnumeratesProcesses
PID:1288

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
30⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
31⤵
- Suspicious behavior: EnumeratesProcesses
PID:2348

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
32⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2956

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
34⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
35⤵
- Suspicious behavior: EnumeratesProcesses
PID:1224

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
36⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
37⤵
- Suspicious behavior: EnumeratesProcesses
PID:2264

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
38⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
39⤵
- Suspicious behavior: EnumeratesProcesses
PID:1568

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
40⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
41⤵
- Suspicious behavior: EnumeratesProcesses
PID:2292

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
42⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
43⤵
- Suspicious behavior: EnumeratesProcesses
PID:1372

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
44⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
45⤵
- Suspicious behavior: EnumeratesProcesses
PID:412

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
46⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
47⤵
- Suspicious behavior: EnumeratesProcesses
PID:2172

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
48⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
49⤵
- Suspicious behavior: EnumeratesProcesses
PID:1016

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
50⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
51⤵
- Suspicious behavior: EnumeratesProcesses
PID:1736

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
52⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
53⤵
- Suspicious behavior: EnumeratesProcesses
PID:1368

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
54⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
55⤵
- Suspicious behavior: EnumeratesProcesses
PID:2200

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
56⤵
PID:404

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
57⤵
- Suspicious behavior: EnumeratesProcesses
PID:1160

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
58⤵
PID:1152

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
59⤵
- Suspicious behavior: EnumeratesProcesses
PID:1028

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
60⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
61⤵
- Suspicious behavior: EnumeratesProcesses
PID:2472

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
62⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
63⤵
- Suspicious behavior: EnumeratesProcesses
PID:2624

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
64⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
65⤵
PID:2364

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
66⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
67⤵
PID:2280

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
68⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
69⤵
PID:1308

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
70⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
71⤵
PID:1212

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
72⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
73⤵
PID:2432

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
74⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
75⤵
PID:1224

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
76⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
77⤵
PID:1704

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
78⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
79⤵
PID:2044

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
80⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
81⤵
PID:1856

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
82⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
83⤵
PID:920

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
84⤵
PID:1152

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
85⤵
PID:2556

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
86⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
87⤵
PID:2492

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
88⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
89⤵
PID:2404

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
90⤵
PID:608

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
91⤵
PID:1368

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
92⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
93⤵
PID:1608

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
94⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
95⤵
PID:3028

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
96⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
97⤵
PID:2156

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
98⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
99⤵
PID:2180

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
100⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
101⤵
PID:1612

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
102⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
103⤵
PID:1916

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
104⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
105⤵
PID:1640

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
106⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
107⤵
PID:336

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
108⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
109⤵
PID:2096

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
110⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
111⤵
PID:1852

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
112⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
113⤵
PID:1332

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
114⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
115⤵
PID:1036

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
116⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
117⤵
PID:2964

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
118⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
119⤵
PID:2868

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
120⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
121⤵
PID:632

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
122⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
123⤵
PID:1864

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
124⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
125⤵
PID:2312

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
126⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
127⤵
PID:2860

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
128⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
129⤵
PID:2656

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
130⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
131⤵
PID:500

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
132⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
133⤵
PID:2848

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
134⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
135⤵
PID:1608

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
136⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
137⤵
PID:1916

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
138⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
139⤵
PID:2864

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
140⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
141⤵
PID:1036

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
142⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
143⤵
PID:708

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
144⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
145⤵
PID:968

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
146⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
147⤵
PID:1444

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
148⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
149⤵
PID:2828

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
150⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
151⤵
PID:2488

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
152⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
153⤵
PID:916

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
154⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
155⤵
PID:1208

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
156⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
157⤵
PID:284

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
158⤵
PID:652

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
159⤵
PID:1524

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
160⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
161⤵
PID:2072

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
162⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
163⤵
PID:1716

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
164⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
165⤵
PID:2876

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
166⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
167⤵
PID:1464

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
168⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
169⤵
PID:1696

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
170⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
171⤵
PID:1552

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
172⤵
PID:1120

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
173⤵
PID:2192

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
174⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
175⤵
PID:1616

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
176⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
177⤵
PID:2180

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
178⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
179⤵
PID:1792

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
180⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
181⤵
PID:2632

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
182⤵
PID:1424

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
183⤵
PID:2964

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
184⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
185⤵
PID:2400

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
186⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
187⤵
PID:2284

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
188⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
189⤵
PID:1684

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
190⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
191⤵
PID:1656

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
192⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
193⤵
PID:2064

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
194⤵
PID:404

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
195⤵
PID:1264

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
196⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
197⤵
PID:2388

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
198⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
199⤵
PID:2264

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
200⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
201⤵
PID:2780

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
202⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
203⤵
PID:1900

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
204⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
205⤵
PID:2348

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
206⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
207⤵
PID:1888

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
208⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
209⤵
PID:2480

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
210⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
211⤵
PID:1932

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
212⤵
PID:644

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
213⤵
PID:112

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
214⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
215⤵
PID:2460

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
216⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
217⤵
PID:2756

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
218⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
219⤵
PID:1232

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
220⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
221⤵
PID:1596

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
222⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
223⤵
PID:2192

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
224⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
225⤵
PID:2300

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
226⤵
PID:488

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
227⤵
PID:2952

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
228⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
229⤵
PID:2368

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
230⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
231⤵
PID:1764

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
232⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
233⤵
PID:272

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
234⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
235⤵
PID:2616

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
236⤵
PID:708

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
237⤵
PID:632

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
238⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
239⤵
PID:1264

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
240⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
241⤵
PID:1984

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
242⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
243⤵
PID:2204

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
244⤵
PID:1276

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
245⤵
PID:1764

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
246⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
247⤵
PID:3052

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
248⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
249⤵
PID:2128

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
250⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
251⤵
PID:2036

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
252⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
253⤵
PID:292

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
254⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
255⤵
PID:2104

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
256⤵
PID:644

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
257⤵
PID:2352

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
258⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
259⤵
PID:1644

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
260⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
261⤵
PID:2324

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
262⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
263⤵
PID:2720

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
264⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
265⤵
PID:2248

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
266⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
267⤵
PID:896

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
268⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
269⤵
PID:1800

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
270⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
271⤵
PID:2896

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
272⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
273⤵
PID:816

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
274⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
275⤵
PID:1448

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
276⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
277⤵
PID:2568

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
278⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
279⤵
PID:2416

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
280⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
281⤵
PID:472

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
282⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
283⤵
PID:1976

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock"
284⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock
285⤵
PID:2724

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
286⤵
PID:1988

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
286⤵
PID:632

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
286⤵
PID:2196

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
284⤵
- Modifies visibility of file extensions in Explorer
PID:2608

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
284⤵
PID:1692

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
284⤵
- UAC bypass
PID:1676

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mCoskEkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
284⤵
PID:1856

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
285⤵
PID:800

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
282⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1800

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
282⤵
PID:2348

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
282⤵
- UAC bypass
PID:448

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AKscksAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
282⤵
PID:2404

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
283⤵
PID:2880

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
280⤵
- Modifies visibility of file extensions in Explorer
PID:896

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
280⤵
PID:1192

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
280⤵
- Modifies registry key
PID:2588

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sUUQEEos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
280⤵
PID:336

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
281⤵
PID:272

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
278⤵
- Modifies visibility of file extensions in Explorer
PID:2068

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
278⤵
PID:1900

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
278⤵
- UAC bypass
PID:2952

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eKIIogIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
278⤵
PID:1088

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
279⤵
PID:2888

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
276⤵
- Modifies visibility of file extensions in Explorer
PID:2500

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
276⤵
- Modifies registry key
PID:2192

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
276⤵
- Modifies registry key
PID:2848

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zeMAAEkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
276⤵
PID:1564

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
277⤵
PID:2696

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
274⤵
PID:1164

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
274⤵
- Modifies registry key
PID:1372

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
274⤵
- UAC bypass
PID:2804

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BYUAQwoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
274⤵
PID:2828

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
275⤵
PID:2980

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
272⤵
PID:1056

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
272⤵
PID:2512

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
272⤵
PID:2384

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lCcIkIAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
272⤵
PID:2780

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
273⤵
PID:1160

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
270⤵
- Modifies visibility of file extensions in Explorer
PID:2664

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
270⤵
PID:2236

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
270⤵
- UAC bypass
PID:2404

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RwoAEIgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
270⤵
PID:2920

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
271⤵
PID:108

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
268⤵
PID:2768

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
268⤵
PID:2412

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
268⤵
PID:2280

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AgEMkAos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
268⤵
PID:2428

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
269⤵
PID:608

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
266⤵
PID:344

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
266⤵
PID:916

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
266⤵
PID:928

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gQYUEUAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
266⤵
PID:2888

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
267⤵
PID:3008

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
264⤵
PID:1212

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
264⤵
PID:868

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
264⤵
PID:3060

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UigoEkgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
264⤵
PID:2696

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
265⤵
PID:1084

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
262⤵
- Modifies visibility of file extensions in Explorer
PID:2128

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
262⤵
PID:2080

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
262⤵
PID:2172

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SKkkkEAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
262⤵
PID:2480

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
263⤵
PID:2544

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
260⤵
- Modifies visibility of file extensions in Explorer
PID:972

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
260⤵
PID:2832

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
260⤵
- Modifies registry key
PID:2020

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eUQEoAgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
260⤵
PID:2712

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
261⤵
PID:2464

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
258⤵
- Modifies visibility of file extensions in Explorer
PID:1764

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
258⤵
PID:2516

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
258⤵
- UAC bypass
- Modifies registry key
PID:2124

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dEcMwoEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
258⤵
PID:1016

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
259⤵
PID:2584

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
256⤵
- Modifies visibility of file extensions in Explorer
PID:2280

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
256⤵
PID:1716

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
256⤵
- UAC bypass
PID:1872

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tqwUIEEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
256⤵
PID:324

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
257⤵
PID:2588

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
254⤵
- Modifies visibility of file extensions in Explorer
PID:1900

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
254⤵
PID:2416

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
254⤵
- UAC bypass
- Modifies registry key
PID:2888

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xsoIMAAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
254⤵
PID:1584

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
255⤵
PID:2792

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
252⤵
PID:2944

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
252⤵
PID:2948

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
252⤵
- Modifies registry key
PID:2180

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tGwQwIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
252⤵
PID:2656

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
253⤵
PID:2848

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
250⤵
PID:1616

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
250⤵
PID:2196

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
250⤵
PID:2700

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OucMgoMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
250⤵
PID:1860

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
251⤵
PID:1804

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
248⤵
PID:1596

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
248⤵
PID:2388

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
248⤵
- UAC bypass
PID:1628

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UMAIgAAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
248⤵
PID:2680

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
249⤵
PID:1308

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
246⤵
- Modifies visibility of file extensions in Explorer
PID:2516

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
246⤵
PID:2236

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
246⤵
PID:2488

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kccoMsck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
246⤵
PID:1904

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
247⤵
PID:2468

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
244⤵
- Modifies registry key
PID:2932

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
244⤵
PID:324

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
244⤵
- UAC bypass
PID:2820

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CCksMoMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
244⤵
PID:2588

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
245⤵
PID:908

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
242⤵
PID:2368

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
242⤵
- Modifies registry key
PID:1544

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
242⤵
PID:1584

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SAcUcAEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
242⤵
PID:2280

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
243⤵
PID:1428

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
240⤵
- Modifies registry key
PID:1028

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
240⤵
PID:1420

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
240⤵
- UAC bypass
PID:1556

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RQAoIMwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
240⤵
PID:2768

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
241⤵
PID:1456

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
238⤵
- Modifies visibility of file extensions in Explorer
PID:404

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
238⤵
PID:2300

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
238⤵
PID:1252

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FEQcUwoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
238⤵
PID:2212

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
239⤵
PID:1804

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
236⤵
- Modifies visibility of file extensions in Explorer
PID:2276

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
236⤵
PID:2572

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
236⤵
PID:2328

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LMcogUgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
236⤵
PID:1520

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
237⤵
PID:1308

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
234⤵
PID:2188

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
234⤵
PID:1636

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
234⤵
- UAC bypass
- Modifies registry key
PID:2664

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ckUgEMQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
234⤵
PID:1380

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
235⤵
PID:2484

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
232⤵
- Modifies visibility of file extensions in Explorer
PID:2896

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
232⤵
PID:2428

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
232⤵
PID:2268

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wcsccoAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
232⤵
PID:2164

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
233⤵
PID:908

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
230⤵
PID:2204

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
230⤵
PID:2424

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
230⤵
- UAC bypass
PID:2280

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wwUwoAMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
230⤵
PID:1384

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
231⤵
PID:1472

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
228⤵
PID:380

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
228⤵
- Modifies registry key
PID:2944

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
228⤵
PID:2768

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mUgYMYYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
228⤵
PID:2200

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
229⤵
PID:356

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
226⤵
- Modifies visibility of file extensions in Explorer
PID:1864

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
226⤵
- Modifies registry key
PID:1616

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
226⤵
PID:2544

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GuskwIMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
226⤵
PID:2060

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
227⤵
PID:1560

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
224⤵
PID:2712

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
224⤵
PID:2092

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
224⤵
- UAC bypass
PID:1676

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pscUEMII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
224⤵
PID:1580

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
225⤵
PID:816

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
222⤵
PID:2152

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
222⤵
- Modifies registry key
PID:2404

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
222⤵
- UAC bypass
PID:2516

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tWMQYIUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
222⤵
PID:2484

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
223⤵
PID:2420

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
220⤵
- Modifies visibility of file extensions in Explorer
PID:2052

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
220⤵
PID:2332

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
220⤵
PID:1548

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bmgYUwQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
220⤵
PID:908

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
221⤵
PID:540

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
218⤵
PID:2520

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
218⤵
PID:2552

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
218⤵
- Modifies registry key
PID:1696

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GGAsQcAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
218⤵
PID:1208

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
219⤵
PID:596

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
216⤵
PID:1920

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
216⤵
PID:2632

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
216⤵
PID:632

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\omMcAsUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
216⤵
PID:320

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
217⤵
PID:2044

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
214⤵
PID:1656

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
214⤵
PID:2476

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
214⤵
PID:284

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OoYMkAEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
214⤵
PID:1380

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
215⤵
PID:1636

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
212⤵
PID:1940

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
212⤵
PID:2312

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
212⤵
PID:1384

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UqAQYwAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
212⤵
PID:2416

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
213⤵
PID:3008

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
210⤵
PID:1208

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
210⤵
PID:2968

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
210⤵
PID:2980

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NckcMgkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
210⤵
PID:2760

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
211⤵
PID:1612

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
208⤵
PID:1448

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
208⤵
PID:1604

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
208⤵
PID:2044

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tQUsYoQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
208⤵
PID:2724

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
209⤵
PID:1808

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
206⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1148

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
206⤵
PID:828

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
206⤵
PID:1656

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jOkYwcwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
206⤵
PID:3052

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
207⤵
PID:2516

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
204⤵
PID:1764

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
204⤵
PID:2448

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
204⤵
PID:1216

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fKowIAAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
204⤵
PID:2416

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
205⤵
PID:2696

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
202⤵
- Modifies visibility of file extensions in Explorer
PID:2512

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
202⤵
PID:1572

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
202⤵
- Modifies registry key
PID:1784

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mYUAcMUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
202⤵
PID:2624

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
203⤵
PID:2552

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
200⤵
PID:2844

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
200⤵
PID:2756

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
200⤵
- Modifies registry key
PID:2484

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QmUcAcwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
200⤵
PID:332

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
201⤵
PID:2724

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
198⤵
PID:472

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
198⤵
PID:2184

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
198⤵
- UAC bypass
PID:2300

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CaEcocUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
198⤵
PID:2468

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
199⤵
PID:2588

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
196⤵
PID:2212

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
196⤵
PID:2684

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
196⤵
- UAC bypass
PID:896

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sEQYYEsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
196⤵
PID:2416

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
197⤵
PID:2376

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
194⤵
PID:920

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
194⤵
PID:1928

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
194⤵
PID:1628

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pkMssMwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
194⤵
PID:980

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
195⤵
PID:2700

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
192⤵
- Modifies visibility of file extensions in Explorer
PID:532

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
192⤵
PID:1276

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
192⤵
PID:2532

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zAowEsMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
192⤵
PID:1920

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
193⤵
PID:2484

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
190⤵
- Modifies visibility of file extensions in Explorer
PID:1764

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
190⤵
PID:1556

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
190⤵
- UAC bypass
PID:1992

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NwcksIQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
190⤵
PID:2560

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
191⤵
PID:2300

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
188⤵
PID:980

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
188⤵
- Modifies registry key
PID:1900

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
188⤵
- Modifies registry key
PID:632

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DQAAMUos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
188⤵
PID:3040

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
189⤵
PID:2864

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
186⤵
- Modifies visibility of file extensions in Explorer
PID:2532

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
186⤵
PID:2972

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
186⤵
PID:2112

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oswIIUco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
186⤵
PID:2384

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
187⤵
PID:2352

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
184⤵
PID:868

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
184⤵
PID:2156

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
184⤵
PID:2948

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oCcccoQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
184⤵
PID:2568

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
185⤵
PID:2088

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
182⤵
PID:1616

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
182⤵
PID:2540

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
182⤵
- UAC bypass
PID:380

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oQogEoQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
182⤵
PID:2268

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
183⤵
PID:1288

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
180⤵
PID:2988

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
180⤵
PID:2616

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
180⤵
PID:2172

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aKkEEIwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
180⤵
PID:2096

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
181⤵
PID:1928

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
178⤵
PID:1444

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
178⤵
PID:1368

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
178⤵
- UAC bypass
PID:1736

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bAIEEUAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
178⤵
PID:928

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
179⤵
PID:1752

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
176⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2080

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
176⤵
- Modifies registry key
PID:1784

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
176⤵
PID:2512

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\peokEgME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
176⤵
PID:2072

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
177⤵
PID:1544

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
174⤵
- Modifies visibility of file extensions in Explorer
PID:2844

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
174⤵
PID:2040

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
174⤵
- UAC bypass
PID:1704

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jAkggYoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
174⤵
PID:1568

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
175⤵
PID:1764

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
172⤵
PID:1592

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
172⤵
PID:1680

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
172⤵
PID:2468

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zyEgokwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
172⤵
PID:2616

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
173⤵
PID:2032

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
170⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1224

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
170⤵
- Modifies registry key
PID:1988

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
170⤵
- UAC bypass
PID:1468

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NsYgEAoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
170⤵
PID:2696

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
171⤵
PID:1940

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
168⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2020

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
168⤵
PID:2348

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
168⤵
- UAC bypass
PID:2216

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OuEMocgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
168⤵
PID:1164

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
169⤵
PID:3024

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
166⤵
- Modifies visibility of file extensions in Explorer
PID:1056

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
166⤵
PID:2404

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
166⤵
PID:2272

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kyoockcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
166⤵
PID:1644

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
167⤵
PID:2056

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
164⤵
PID:3008

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
164⤵
PID:1448

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
164⤵
- UAC bypass
PID:780

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\suowAoMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
164⤵
PID:2084

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
165⤵
PID:2452

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
162⤵
PID:1528

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
162⤵
PID:872

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
162⤵
- UAC bypass
PID:1308

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yAYkUAwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
162⤵
PID:1640

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
163⤵
PID:272

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
160⤵
- Modifies registry key
PID:412

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
160⤵
- Modifies registry key
PID:380

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
160⤵
- UAC bypass
PID:2080

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BwcAAMAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
160⤵
PID:2416

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
161⤵
PID:784

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
158⤵
PID:2544

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
158⤵
PID:1888

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
158⤵
- UAC bypass
PID:3056

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZIwgscok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
158⤵
PID:2680

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
159⤵
PID:2796

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
156⤵
- Modifies visibility of file extensions in Explorer
PID:2152

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
156⤵
PID:2484

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
156⤵
PID:3008

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dOcUQQQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
156⤵
PID:1604

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
157⤵
PID:2440

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
154⤵
PID:2836

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
154⤵
PID:2480

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
154⤵
PID:1808

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BYEYQYUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
154⤵
PID:1468

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
155⤵
PID:2464

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
152⤵
- Modifies registry key
PID:1956

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
152⤵
PID:1984

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
152⤵
- Modifies registry key
PID:332

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PWwsUEQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
152⤵
PID:3052

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
153⤵
PID:2056

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
150⤵
- Modifies visibility of file extensions in Explorer
PID:2492

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
150⤵
- Modifies registry key
PID:1752

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
150⤵
- Modifies registry key
PID:320

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qYYEoUcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
150⤵
PID:2584

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
151⤵
PID:2680

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
148⤵
- Modifies visibility of file extensions in Explorer
PID:1368

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
148⤵
PID:2824

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
148⤵
- UAC bypass
PID:1656

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KGMIcogA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
148⤵
PID:1888

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
149⤵
PID:2452

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
146⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1120

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
146⤵
- Modifies registry key
PID:2628

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
146⤵
- UAC bypass
PID:2848

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aoEYYcgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
146⤵
PID:2236

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
147⤵
PID:2756

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
144⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1296

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
144⤵
PID:1784

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
144⤵
- UAC bypass
PID:2200

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UmAwkUQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
144⤵
PID:1308

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
145⤵
PID:1536

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
142⤵
- Modifies visibility of file extensions in Explorer
PID:1584

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
142⤵
PID:2432

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
142⤵
PID:2780

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VqIcEcMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
142⤵
PID:2068

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
143⤵
PID:2196

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
140⤵
PID:1580

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
140⤵
PID:604

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
140⤵
PID:1380

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PCUgEssU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
140⤵
PID:1556

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
141⤵
PID:2028

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
138⤵
PID:1588

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
138⤵
- Modifies registry key
PID:2532

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
138⤵
- UAC bypass
PID:1564

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DGYoEkso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
138⤵
PID:2400

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
139⤵
PID:1284

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
136⤵
- Modifies visibility of file extensions in Explorer
PID:2156

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
136⤵
PID:2132

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
136⤵
- UAC bypass
PID:2452

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TSkcUkAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
136⤵
PID:1596

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
137⤵
PID:868

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
134⤵
- Modifies visibility of file extensions in Explorer
PID:356

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
134⤵
PID:2476

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
134⤵
- UAC bypass
- Modifies registry key
PID:2300

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kqsUokwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
134⤵
PID:112

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
135⤵
PID:2484

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
132⤵
PID:1560

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
132⤵
PID:900

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
132⤵
PID:1848

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YEwwgEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
132⤵
PID:2192

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
133⤵
PID:2576

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
130⤵
- Modifies visibility of file extensions in Explorer
PID:2536

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
130⤵
PID:1808

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
130⤵
- UAC bypass
PID:1484

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IYoYUUIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
130⤵
PID:2104

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
131⤵
PID:968

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
128⤵
PID:1920

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
128⤵
PID:1428

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
128⤵
PID:2980

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cMQIcQkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
128⤵
PID:632

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
129⤵
PID:1620

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
126⤵
- Modifies visibility of file extensions in Explorer
PID:1596

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
126⤵
PID:1604

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
126⤵
- UAC bypass
PID:1932

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LAEcgYsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
126⤵
PID:2524

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
127⤵
PID:2568

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
124⤵
- Modifies visibility of file extensions in Explorer
PID:1784

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
124⤵
PID:2920

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
124⤵
PID:472

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JmgUgYEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
124⤵
PID:2624

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
125⤵
PID:2268

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
122⤵
- Modifies visibility of file extensions in Explorer
PID:1472

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
122⤵
PID:2128

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
122⤵
PID:2224

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JKoQIIwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
122⤵
PID:2512

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
123⤵
PID:1088

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
120⤵
- Modifies visibility of file extensions in Explorer
PID:2384

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
120⤵
PID:1368

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
120⤵
- UAC bypass
- Modifies registry key
PID:3032

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xoMYgMIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
120⤵
PID:1152

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
121⤵
PID:2184

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
118⤵
PID:1716

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
118⤵
PID:1160

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
118⤵
- UAC bypass
PID:1608

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LAQYgsMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
118⤵
PID:2212

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
119⤵
PID:1148

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
116⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2272

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
116⤵
PID:2028

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
116⤵
PID:332

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yAYIcIoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
116⤵
PID:2536

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
117⤵
PID:324

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
114⤵
PID:1932

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
114⤵
PID:2236

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
114⤵
PID:2204

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gMYwYAsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
114⤵
PID:1232

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
115⤵
PID:2864

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
112⤵
PID:2364

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
112⤵
PID:1164

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
112⤵
- UAC bypass
PID:2188

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AWYsIsYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
112⤵
PID:1596

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
113⤵
PID:1192

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
110⤵
- Modifies registry key
PID:2656

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
110⤵
PID:1032

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
110⤵
- UAC bypass
PID:644

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yocgwYwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
110⤵
PID:2276

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
111⤵
PID:1456

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
108⤵
PID:2684

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
108⤵
PID:908

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
108⤵
- UAC bypass
PID:792

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rmwwowQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
108⤵
PID:2600

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
109⤵
PID:2124

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
106⤵
- Modifies visibility of file extensions in Explorer
PID:2972

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
106⤵
PID:2724

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
106⤵
- UAC bypass
PID:1728

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BiAYkMoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
106⤵
PID:2956

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
107⤵
PID:1308

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
104⤵
- Modifies visibility of file extensions in Explorer
PID:2348

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
104⤵
PID:2080

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
104⤵
- UAC bypass
PID:2740

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XocYkwoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
104⤵
PID:2920

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
105⤵
PID:1784

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
102⤵
PID:2480

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
102⤵
PID:2364

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
102⤵
PID:2780

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TmMkoocc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
102⤵
PID:1736

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
103⤵
PID:2720

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
100⤵
- Modifies registry key
PID:2492

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
100⤵
PID:2052

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
100⤵
- UAC bypass
PID:1948

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OmwwwoYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
100⤵
PID:2352

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
101⤵
PID:2408

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
98⤵
PID:1852

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
98⤵
- Modifies registry key
PID:1636

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
98⤵
- UAC bypass
PID:2132

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YAggwAAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
98⤵
PID:2432

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
99⤵
PID:2532

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
96⤵
- Modifies visibility of file extensions in Explorer
PID:2300

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
96⤵
PID:2252

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
96⤵
- UAC bypass
PID:1656

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EIMcYoEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
96⤵
PID:2860

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
97⤵
PID:2496

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
94⤵
PID:2092

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
94⤵
PID:2792

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
94⤵
- Modifies registry key
PID:1992

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KWcIkwko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
94⤵
PID:3056

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
95⤵
PID:2832

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
92⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1424

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
92⤵
PID:936

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
92⤵
- Modifies registry key
PID:1192

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KacUEMoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
92⤵
PID:1976

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
93⤵
PID:2280

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
90⤵
PID:972

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
90⤵
PID:2456

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
90⤵
- UAC bypass
PID:2068

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lQwEYscw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
90⤵
PID:1640

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
91⤵
PID:1384

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
88⤵
- Modifies visibility of file extensions in Explorer
PID:1628

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
88⤵
- Modifies registry key
PID:2040

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
88⤵
PID:1428

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TGAIkAAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
88⤵
PID:1556

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
89⤵
PID:2116

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
86⤵
- Modifies registry key
PID:2524

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
86⤵
PID:1904

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
86⤵
PID:344

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vwEMkgQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
86⤵
PID:2264

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
87⤵
PID:2880

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
84⤵
- Modifies visibility of file extensions in Explorer
PID:1540

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
84⤵
PID:632

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
84⤵
- UAC bypass
PID:1212

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BeUwYgsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
84⤵
PID:2708

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
85⤵
PID:2180

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
82⤵
- Modifies visibility of file extensions in Explorer
PID:2944

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
82⤵
PID:2952

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
82⤵
- UAC bypass
PID:1308

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\agYQMMEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
82⤵
PID:1148

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
83⤵
PID:2576

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
80⤵
PID:2100

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
80⤵
PID:336

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
80⤵
PID:652

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Wowsoccs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
80⤵
PID:1120

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
81⤵
PID:792

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
78⤵
PID:2148

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
78⤵
- Modifies registry key
PID:2268

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
78⤵
PID:1384

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eWAEYYMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
78⤵
PID:708

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
79⤵
PID:380

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
76⤵
PID:1456

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
76⤵
PID:1556

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
76⤵
PID:2788

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QwsEYYsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
76⤵
PID:2024

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
77⤵
PID:1000

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
74⤵
- Modifies registry key
PID:644

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
74⤵
PID:1996

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
74⤵
- UAC bypass
PID:780

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sYIgskkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
74⤵
PID:1644

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
75⤵
PID:2428

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
72⤵
PID:2884

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
72⤵
PID:2396

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
72⤵
- UAC bypass
PID:1572

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hswUIcQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
72⤵
PID:2532

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
73⤵
PID:2588

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
70⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1560

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
70⤵
PID:292

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
70⤵
PID:2768

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LmsQwksk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
70⤵
PID:1696

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
71⤵
PID:2496

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
68⤵
PID:2196

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
68⤵
PID:2416

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
68⤵
- UAC bypass
PID:2204

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PyEggsEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
68⤵
PID:2888

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
69⤵
PID:2608

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
66⤵
PID:2808

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
66⤵
- Modifies registry key
PID:2288

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
66⤵
PID:2216

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vgIsIssY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
66⤵
PID:2324

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
67⤵
PID:2212

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
64⤵
- Modifies visibility of file extensions in Explorer
PID:1040

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
64⤵
PID:1968

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
64⤵
PID:2116

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\beoskMsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
64⤵
PID:2912

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
65⤵
PID:2964

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
62⤵
- Modifies visibility of file extensions in Explorer
PID:2764

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
62⤵
PID:2880

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
62⤵
PID:2468

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sqIkgQkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
62⤵
PID:1032

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
63⤵
PID:2372

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
60⤵
PID:1692

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
60⤵
PID:632

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
60⤵
- UAC bypass
PID:1448

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aKcUQUwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
60⤵
PID:2172

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
61⤵
PID:2628

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
58⤵
PID:2956

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
58⤵
PID:900

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
58⤵
PID:1932

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wKsogccM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
58⤵
PID:2724

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
59⤵
PID:2832

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
56⤵
- Modifies visibility of file extensions in Explorer
PID:2348

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
56⤵
PID:2460

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
56⤵
PID:1372

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\waQAgwUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
56⤵
PID:2860

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
57⤵
PID:968

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
54⤵
PID:2268

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
54⤵
- Modifies registry key
PID:2056

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
54⤵
- UAC bypass
PID:2736

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LGgcUQQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
54⤵
PID:2448

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
55⤵
PID:1856

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
52⤵
- Modifies visibility of file extensions in Explorer
PID:1056

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
52⤵
- Modifies registry key
PID:1616

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
52⤵
PID:2224

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xsMgYcEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
52⤵
PID:1920

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
53⤵
PID:2176

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
50⤵
- Modifies visibility of file extensions in Explorer
PID:780

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
50⤵
PID:2064

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
50⤵
- UAC bypass
PID:2372

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pIUoIYoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
50⤵
PID:2248

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
51⤵
PID:1640

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
48⤵
- Modifies visibility of file extensions in Explorer
PID:1540

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
48⤵
PID:2552

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
48⤵
- UAC bypass
- Modifies registry key
PID:2520

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bIUkksck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
48⤵
PID:2880

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
49⤵
PID:2664

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
46⤵
- Modifies visibility of file extensions in Explorer
PID:816

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
46⤵
PID:2832

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
46⤵
- UAC bypass
- Modifies registry key
PID:888

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wAQUoMoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
46⤵
PID:1948

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
47⤵
PID:532

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
44⤵
PID:1784

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
44⤵
PID:596

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
44⤵
PID:968

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KqgccMkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
44⤵
PID:1336

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
45⤵
PID:1620

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
42⤵
- Modifies visibility of file extensions in Explorer
PID:2212

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
42⤵
PID:1856

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
42⤵
PID:324

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cugMEQIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
42⤵
PID:2460

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
43⤵
PID:2036

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
40⤵
PID:1264

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
40⤵
PID:1456

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
40⤵
PID:1216

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yKUUAcMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
40⤵
PID:2740

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
41⤵
PID:1284

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
38⤵
PID:2844

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
38⤵
PID:1720

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
38⤵
PID:1032

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hAAYIcIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
38⤵
PID:1468

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
39⤵
PID:2364

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
36⤵
PID:2444

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
36⤵
PID:3060

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
36⤵
- UAC bypass
PID:2556

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FyoMcoEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
36⤵
PID:2664

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
37⤵
PID:344

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
34⤵
- Modifies visibility of file extensions in Explorer
PID:1580

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
34⤵
PID:1036

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
34⤵
PID:1948

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NwwMswkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
34⤵
PID:1692

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
35⤵
PID:1552

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
32⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1212

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
32⤵
PID:1684

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
32⤵
- UAC bypass
PID:2896

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dSswoAQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
32⤵
PID:1636

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
33⤵
PID:1756

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
30⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2104

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
30⤵
PID:324

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
30⤵
PID:692

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xMYoAMQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
30⤵
PID:2988

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
31⤵
PID:604

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
28⤵
- Modifies visibility of file extensions in Explorer
PID:936

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
28⤵
PID:1872

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
28⤵
PID:1368

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oMEgowEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
28⤵
PID:2964

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
29⤵
PID:1704

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
26⤵
PID:2480

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
26⤵
PID:2372

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
26⤵
- UAC bypass
PID:2780

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\goMAIQUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
26⤵
PID:1736

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
27⤵
PID:1680

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
24⤵
PID:2452

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
24⤵
PID:3060

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
24⤵
PID:3052

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kOsoAwEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
24⤵
PID:2684

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
25⤵
PID:2368

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
22⤵
PID:3048

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
22⤵
PID:2832

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
22⤵
- UAC bypass
PID:888

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KyYwcYwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
22⤵
PID:896

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
23⤵
PID:1932

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
20⤵
PID:2968

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
20⤵
PID:1212

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
20⤵
PID:828

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JOwMUAsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
20⤵
PID:1152

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
21⤵
PID:556

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
18⤵
PID:2028

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
18⤵
PID:1856

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
18⤵
- Modifies registry key
PID:1848

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RGIoUgIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
18⤵
PID:2460

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
19⤵
PID:2212

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
16⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2288

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
16⤵
PID:1872

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
16⤵
- UAC bypass
PID:1532

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JoQYQsQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
16⤵
PID:1332

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
17⤵
PID:1260

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
14⤵
PID:2408

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
14⤵
PID:2480

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
14⤵
- UAC bypass
- Modifies registry key
PID:2400

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HeYwIgYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
14⤵
PID:2764

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
15⤵
PID:2488

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
12⤵
PID:1656

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
12⤵
PID:2452

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
12⤵
PID:2472

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PiUcQYwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
12⤵
PID:2496

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
13⤵
PID:2492

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
10⤵
PID:112

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
10⤵
PID:968

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
10⤵
PID:888

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yiwYMYgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
10⤵
PID:1932

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
11⤵
PID:1948

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
8⤵
- Modifies visibility of file extensions in Explorer
PID:900

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
8⤵
PID:1152

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
8⤵
- UAC bypass
PID:908

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aeocgYwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
8⤵
PID:412

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
9⤵
PID:1716

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
6⤵
PID:1284

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
6⤵
PID:2028

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
6⤵
- UAC bypass
PID:2024

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CukscEMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
6⤵
PID:2212

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
7⤵
PID:2348

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
4⤵
- Modifies visibility of file extensions in Explorer
PID:1532

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
4⤵
PID:2284

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
4⤵
- Modifies registry key
PID:2128

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eSUQIUEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
4⤵
- Suspicious use of WriteProcessMemory
PID:2092

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
5⤵
PID:1088

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
2⤵
- Modifies registry key
PID:2664

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
2⤵
PID:2408

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
2⤵
- Modifies registry key
PID:2532

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XewcsgsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock.exe""
2⤵
- Suspicious use of WriteProcessMemory
PID:2388

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
3⤵
PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe

Filesize
242KB

MD5
01b6be8c88f2b58911111240f2ce41a9

SHA1
2f18a7a5f2d236adebc44336db5c2612c98e0c99

SHA256
3e207d63e76cddae506be7a945a63aca4624f038cb0f5af65a7547eb5aee5f55

SHA512
afcee797dac21a47d25b5404a17b98fbc0ea330587061e895a9e232ae7612bfe6517dd8a0d45fa108aa6f438ac425026a8c02a6ec1b3bf00675266726e5530e6

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.exe

Filesize
236KB

MD5
ec386a0411ac5bf5178a439207dde079

SHA1
0b6185ef47539fb1f3617391b0cec43361b3f091

SHA256
e22746203f86e079d5e3bf8995e801912f61b1a8688559a1317792e8f131c357

SHA512
e86a9d7551d2af35ddb6515759a291613da99ac7d0ce450314603baca0c182a6109fda4bdf7540e2c13494121a4eeb7371d1d7049cce0ee192a459b4cb2bd705

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe

Filesize
232KB

MD5
5127fe5b196376b2be35a6602461badd

SHA1
85be16a66dd3bed77d484deb56e4bd112bc3274c

SHA256
5d87a0d3be9bae025a58d610228bc73a2ba95cc73e31bbb14c7f551ea2ddfa2d

SHA512
b42c52ed35ba0c93a6912f2b414ad964c137c3779b49abe2cf282fa5f249a01c6289920e03f10c5a93af729f6ac804929f99c9c60bd958819114d1b2fb985f92

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.exe

Filesize
234KB

MD5
3aa28c8f910a94a649cdede9725341d0

SHA1
a3580ad66eb6dfccfd04a6aa3f7f823decd33326

SHA256
3e4e2ae92492131ec47a2582b6bac1b60f36d1bc8e3a4bc90c7e19e1f231e21e

SHA512
feb08ba2ea0421f6d6baf9692d29f7e0114a3c49e651c3d02c200be22c5b76f1912e0e7531fffff257ead3707c4049d4ca58c963371979c5b944c14dfb0f2d54

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.exe

Filesize
231KB

MD5
d6661d1071d866607ed2272b0cf47da9

SHA1
fc5972b47996411aca1813236c875ffd8364b2c9

SHA256
7a46c53b2126a5fd3bf644f5ec3f7aa56ea104b490e16b939598aba0027f9e23

SHA512
17512eaa0f9a34c5b27a2d4eb183feeca524bd6a8ec0cd943f009f2a69d0237b168bfcc40a545a9b38c6ccc3e9ae05646aea7582a58eeed237d35c8d622a6ab0

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.exe

Filesize
226KB

MD5
cc4f44c6f1913aaba9bfecf71bf13def

SHA1
c9c8927d0fa1186b3a4ff9069eb3b6f105c7c358

SHA256
bad1c02cbd569050bdafb7bcb8bf519dc7d9d97bd757048d4593c297c8b75786

SHA512
ed749b4a9b8d199a7c0111443b2c29b13ed0374f0caaf5fcf1f9d2a1eee5577609ed3ca0e6d511ca25a306617cc9e8d0e1c86b07d0e8d023a429e3ee54fd59c0

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe

Filesize
244KB

MD5
b5d4afb0049f59e50dafc634631b6efd

SHA1
122e920f106ba7c6cfb329c231c4a0b45d70d800

SHA256
3b0fa432d20ee4b804a94683d909bb36c0e116e72a7e0c9af0977da39dfe10f5

SHA512
47dbf964ed920bb734cd8e3dfd419a8cf25f4bbce31b91c098247b0f8146f1f2f88bb7da12fcf30876aa05c386feefc3635a2eb8f42ab9e2fc074f2223042698

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe

Filesize
228KB

MD5
a981dd04dbfdf804c34f992f3ad11dcf

SHA1
b1a9d3018b4d8805c47f56b40935f4425e7b6214

SHA256
f4d07cc9d3e3bb95aa2e11930b6a0950126a9041440f2b218e941065faf99acd

SHA512
db5f8a26f1d26a867ee6902d360d52476467665dec63cec1d6289a57fc81b0269ff5b14f6f123e5106e87370a0d5a37244615e5a2c184a54d86ba022e9aa596e

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe

Filesize
247KB

MD5
30f1ff55c5564b526c586c7d03dd08bc

SHA1
d14c938fd12023b83122c669112b8a32159ca7bf

SHA256
b82d56f178a0b6adf7d288a491e8739cd90355dd7b4e02b98950500dc0100418

SHA512
3b1cd801601c74817d244412bacbe70b4bf87ecc5439301d433b80146854a325222a4bbd67e944af0593ff03933cc1883321c7b154199a921103c0c93c146acd

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe

Filesize
237KB

MD5
3a625253b9d0c84ee41272f35aeb8b7e

SHA1
efb126d8768504fb3fce4cadfe49a61441f952d9

SHA256
2a37ce283462ccaa4f6db944b09705d4f5895a71b4b5953ce8ad5385ba30a822

SHA512
ea9e5cff6b1734023583cf59363f4610bd3d8e02349f7dd45e91dd36f132c6a9ef9ebd3dfd1c6612173af25a7a7c48a7ccebb988e76aafb44ad4a6bb5718386e

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.exe

Filesize
239KB

MD5
d0582f5a6a099cc21244cb1cc4590a46

SHA1
b886025cdb0a3ded6f6c90285e8e82970529678d

SHA256
2c80beddbd7b818dbb2fc6969dc07c750d7bf4d19714d627c82233174042febf

SHA512
d7fd4f4cf3878635e4cfb2c06e515435f005ae7c8eecd141727ce70f20d261f99d1357b9dd1a49290f9118352d0890dcfe2d22c16054c7e94092f8d2da4cd64b

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe

Filesize
239KB

MD5
1fc41b1261235f1767e378cd9e64bd62

SHA1
81314e1d4787d3e461f38d1e208924ca28fe2d49

SHA256
dace3b8667776a54ea6bf26f383ceffababa2666fa35592bd70efc0ab1847f20

SHA512
a289dcfeb579aa463af3b2ad15e0f5fd09e8ef818d0d467caa2bffa272835875659a4c740fc77309a5e5a5fd491e64800bbbdeb042ad9cca7cd6c9f0072c8b2d

Download Submit
C:\ProgramData\tOwoYcUU\kYQYwcUA.exe

Filesize
190KB

MD5
4f6f36cacd9c85f17e329a24f7dc73d9

SHA1
a0c1e28883e4c846d77835e1b626cb4db5e35e56

SHA256
60cd4e90058683257de8bed72079e6a0b5e3b7929e8155a4ef72bef84ba21ade

SHA512
d23b7816216799d0249deb6c47e8c0ccaa4108d8bf2c0520d0e2b3681c995d2eaa6561c9da61b6891945752a98d71a66b014e72364d91b62d6f6ad7a388ce763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png.exe

Filesize
190KB

MD5
bdaf3dc509df8a558653626abf4da433

SHA1
1d674b1a57fb5bcd883c6f50cad7693c52a98fd1

SHA256
c77c8f01f5fdefc670720bdcb9fb46129b5f0fc5ef6669a6f96ad431f6ccee7d

SHA512
a199aea0c5356b4c7d5f36978e70df109bb40fd19967d8bbc0d3213736b95d2c6d9875ee827d80b892fb480baea43514779d134934a1433f7f643f77503d5c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-04-28_38e74eec51a199732f6c945675934e66_virlock

Filesize
6KB

MD5
6df7065f01a6050fe6a0fc315cc1198e

SHA1
7b01a12035d29cde184590b08441c61c507a947e

SHA256
67a4ceda66f3abe6e0d18b08351d09c00e29f6a2ae3e55ad5e721218d6e45137

SHA512
6b42f9485501a09460acf5fd75f61ec0f92ed0f29a7cf26c11b9a13dabbb730f5f88f6a3e0a2f1bb20f984f8d0320bdc33e589100efb40c4fdea36f16a98db29

Download Submit
C:\Users\Admin\AppData\Local\Temp\AAYs.exe

Filesize
652KB

MD5
57b1a24ee91bf0a40d47035eddcd77b4

SHA1
c7766d42f43de37c45c9aa13b4114b23e2e01e59

SHA256
c449b6f89712b3e3a789ad72ee7dfdb3e3300733655b73540fc886000ce052a8

SHA512
162a07cb1e2669e9b8bddf202542b31b75337ceefe175f94576c08b3df9738ee482013dff190d891e4365c7a7e9d4122982cf90c975020e1c336fd958565bf1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AAko.exe

Filesize
760KB

MD5
0efd79e72396e0cb3b347d64857e38d7

SHA1
23c369a2c847cc8a78c66d03daa1ba01d4379ee8

SHA256
11a92f1a427e455e46a9f312938ecce2ccf9970b127a2ce8d14b8d682bd73864

SHA512
8429b3ed26b6bf195afaca9f6548c0ece65c525b7836771d297b29682ad0f179e87cbb2ba7954e1145129c0fe0abe00bd79d895f62258a16cd4c5881bb99ec54

Download Submit
C:\Users\Admin\AppData\Local\Temp\AAsg.exe

Filesize
239KB

MD5
acaffac507635bb60342a8a0c6911f9e

SHA1
907a7b1c0e6d4759fcf4324b21dcf71533f5e8b4

SHA256
cf95b95199225607722a7644f96dd8a0a44d8739b812e5713b6b5261fddc7c55

SHA512
148a0bf854d7dff8c8294ec273ce07115a55675f7d677c3976c7265f5026c3df6a58006bc0175e9ed0450833bc681f320ac32c170334482e8df3347bf5603b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\AMYC.exe

Filesize
248KB

MD5
046e631dcc2a6e01b0cc4d6b438605ae

SHA1
ec31d7b0ddfb7288692e764bfa751de7a609ac58

SHA256
1b389ccfa3cca43d212facb6fcd59126568c4cfaeec7dd90f5e7b99380abf7bb

SHA512
35195f6801782643feefeed75f6ffa125b7ead8d4845e240c24eed29535ca1dc9247f26a093e536f398afd8f6f6ff3dc455a1abcb22a392f9317af277f81b54d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AQAg.exe

Filesize
542KB

MD5
e90d7af7c734894a20ce0e159e6c1568

SHA1
a16a28f28b0d647b91379081464d9657a0954782

SHA256
635f1702858a8f143295a362f679a4d779ce837af7685e4a484e7fbb8f157533

SHA512
00ca1c832aeeccf405d7e6ab288b31df1a1ee7718a4f6a770b50f39187c0aa0bd0b06c66cb25038f4a1de9c0e710bba0eeee43be666e80c226264ee67a74ff1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AUoUQoks.bat

Filesize
4B

MD5
13b0a5893dd61fcf166ec131bd4b77a6

SHA1
b25848a733361f247f6ece813a0d1710bd85e1ae

SHA256
86a3236a4ee210ae4f1d05497c83f969e083ac62993904274dd92d4961fe68e1

SHA512
dcf0ea87acc14db9516f6fa02e0c3ad9ee91814034495bd603d398a4f4946ff4da44157460af9ff79a9ec0ba857b919b0dc3c3b720f0ae72e1f9f70148954a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\AewIkYUQ.bat

Filesize
4B

MD5
982b092a5a60fdf46633c5db0675d3f4

SHA1
728977d24eb77432a2831928ffc81399fba211c2

SHA256
c49de216644ce467d273eebfa9048e284ff3493c516b37f3e70a5ee8a70d2b0e

SHA512
9fc660da41a9be258bd51d4212d72d1088e554ea6da0144c2801aa38b6f4a8612f2d5179b352acb71475b044322e0c138edd505de7c5d8ef074343ffdaa7e3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgMs.exe

Filesize
247KB

MD5
eaac010e38425bddbd270726f0404f90

SHA1
0cb0615ba55c263562839ff48ab571804ae41f33

SHA256
b4832d203eb4694bf19150ce652943c59aba1cb24ce6b6d8636fb8408afc2b86

SHA512
a52470a87a7d374dca49e366941a9f4fbdfb25e03d37acafab440bcc2fa1cc1e1193e8d72d19a0bb28151888d09fde19b8dcac8409659846fccaa42940f1c0f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\AkUA.exe

Filesize
4.1MB

MD5
f057e05ce4a26a0716da343324adc2ac

SHA1
505d88d195a1207883fa001bf2849874331e9df0

SHA256
ef46607288141b921ee19b2e0ea61a4863da02684f16708e63a99376c8d0d840

SHA512
9f6db7816c78743fcd7323248acbba80382a1f45f3b3fb6d88a85924d294d0c062c5d39c8d967d23f68be01fd80e036f0b5e39166e6bb3bccdfe1cb7263e7fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\AmUwwAwk.bat

Filesize
4B

MD5
def69716c0777ef1fb4f0c166c63376e

SHA1
e81555e320d963e9310b1ae43afbb28274f0aacd

SHA256
e4805cd901274a307414c7ed27d7cf07185c12c795d2548af460c0202cc93e7a

SHA512
13a5468ccea16bfb25b4be316f70ac78c3efc49a0962a2cf2eadaf7cb748ec3c97dfe52ef783f77e1ba9922edd429cfb61cf689a3f9bdeb9d448224aa3692e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BAUoQQgc.bat

Filesize
4B

MD5
a36bccccacbdb7c689834beacf4c1734

SHA1
0992b8328bd78bedcd45564ada1efd7f6e5a2279

SHA256
144d78ca00815477ec51aa981181426e913344b5a6d1d704d703601b1b2a2dfe

SHA512
36f28bda95496142d5272a878e50bca226c2ba6da222ce900c9836f2095ca81cfff45487d902842a5951705744aa99f1cf844fc7e51fb811d5a258abcdb66fb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\BMQksIoM.bat

Filesize
4B

MD5
b4565b2b81198b6a893b46e8964fa24e

SHA1
bbe152f71e8b88652a6cecac351c0f9b752b8462

SHA256
d3d7f0f7e7098c6d104cf683982cba36ffabb5a83215d97ca4d340000970af2b

SHA512
bb1d53d752f34dff175122bcc28afee14b08827bc0798493ff08a4ce5d17735afc543561b81a2bc9023406091fea5c3a16c426ade8c923f1b4fa76d08dfc3d9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\BOUEIAwc.bat

Filesize
4B

MD5
52359341a2d58eef922489620e2e2760

SHA1
d696c115d5e7a455343703d393868889a92c22a5

SHA256
b655be60d2738e23debc0b029b6632b2c32a58a986076b35b45308370d52482d

SHA512
ddb22fa834017405f0826f40944f8499d7d7491999c4237ad86b34764ff7d716b0f9311bab0cb62f6dcb8516dd1b392acf7cb54b9a0bb8f56bfafcb6b8697042

Download Submit
C:\Users\Admin\AppData\Local\Temp\BUUEQYwQ.bat

Filesize
4B

MD5
c4028f4fd4cf8f4ae2ef7945377b44aa

SHA1
70ffe0677e939bfcd662940e9687943e754ea408

SHA256
95c7b939ffa47f0ee062fa10a9b29d5d5c4aa064cb3f296fbb2f435f60605961

SHA512
7015a620dff47f5d7ccfdc922b3df45a041254abcae1b64996514f8236087d99d87b957e7898c2e9f644ddca8c6d4de8172d32ced44525953693a910fa9b157b

Download Submit
C:\Users\Admin\AppData\Local\Temp\BUUYkQEk.bat

Filesize
4B

MD5
823f5031a14db923abf58741d22396d2

SHA1
0279d26176bb88da05c77de6e6011aa40c2f565a

SHA256
8466ab4a2f6fbc31d79745050ccff526e878000022b2b9ffaed37ff495b8f9fc

SHA512
f231507acf3e56963272f00e876716ce141c0c7b2f9ddb4d9e066176c3bfddf0522601b24d4a31b5d0d7529b0205643714a6333de92ac6530323b1d3169de736

Download Submit
C:\Users\Admin\AppData\Local\Temp\CCYwoYYE.bat

Filesize
4B

MD5
cc7bc4e4300c37a0513926004be71f30

SHA1
3689913421b32d8284fe7cc221b095d01f22c9bd

SHA256
f05b240437479d75a4591bf792225eee9415e33e64ed8fd78728c5ec106856d2

SHA512
86f30dfb0236925fdc6e871e19f7e7d589a39bf76cda3da3856dd5e42c9a4ec23b52f539baac5c51ccfd764d254c9545466ad775e6bb60c0c1bae0b6b643e9fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CEke.exe

Filesize
239KB

MD5
04e4f68b71687ffc4f4aca59bff74eab

SHA1
bdc2edf5c18845f419a64974043b181c05a16481

SHA256
6e638f8a131d8b38041af7c4223007ad194145b01d77dcf4b5460b5647300f74

SHA512
cdf7234829c55459d96e68eea372fd7c3bf981871b83b779225cc885c92a5b93909cd8a95d9a789cfad480cd7cac5d13a621c770bc626c4db983ab59d0c8686d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CIAw.exe

Filesize
477KB

MD5
c2b19e63acb3977904194cfe6a59de7d

SHA1
47ec481f278c121df1928fd5d6a9858a09e4fa12

SHA256
970105df4b7783b0a23013cb6ce9ca2e1866c92727efde7887ae8ee8b77ecbde

SHA512
61134da0f7dc5c2c633b777532dd02792fee10d93452dcda426abb3508f16dfc7d346823f3ee059976498f0e42976d0094e643104b8c531775698efde6c9bd42

Download Submit
C:\Users\Admin\AppData\Local\Temp\CUcy.exe

Filesize
233KB

MD5
296fb0b5d49b13e9169aa9e7c40e6b6d

SHA1
a0cf28e46f994fcf648c6e678ecbc182cf880f0c

SHA256
6f1757b37f042b5f211242230cc878ce6f1c0df6ac9b9ad865a6805d3788a6dd

SHA512
3d8f80a00783ff8286b06ea8d03a71a6017aadb42f2b6f38da6c1fff927a065a6b4c85e9f76775b5cce1139bee44d1c261c761cccb662b3031898c7cf6186fde

Download Submit
C:\Users\Admin\AppData\Local\Temp\CekQMUoc.bat

Filesize
4B

MD5
650e39c49769e72509495c1e51bfcb80

SHA1
7045abc45f5e7f7d60a21873be5d815b4bd4b6cc

SHA256
e0d56a8e4572b49350224740382dcf167bd76b83aad88fef29dcc96d28ef7d6e

SHA512
38b48419c647bc090145afc44a2714c3510eb70a8cbad04ce1e74cbb6ac021dfb87c9930dd69293a068cb8bda5363fb324e390d127d33c7549264a00e95491ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ckgc.exe

Filesize
233KB

MD5
72af1df0a93622351a08ac02b638e2ef

SHA1
fe51f3983dee93cd424da1bda226689029ada846

SHA256
e56641006a36ec7663aecb566b0443ae1e84a4970b358170992441776d7881bb

SHA512
f45b2a52a6e57a0aa6efa826a5dcafb791798074535a94c52a63641f9872057b0e63378a3c9f69587b84de164644bc22ab31216c297eaffd274fbb85857ecc45

Download Submit
C:\Users\Admin\AppData\Local\Temp\CqEcsMwQ.bat

Filesize
4B

MD5
1c63640beddcca0e06331c99c6334d4a

SHA1
164abb0342c08e8b41717209c6c1a85c95ff8b41

SHA256
0e0c1f73a73ba3bd0f2dfe792741611f6f19fa73de12bf004124e5ca8d2a5ac6

SHA512
3218c77225f8b771060a231a2c996c4cdcdf3e42bcb30f07caf3bc3135efbb851c98788e6afcf9e7d1911bb6b272985c40ebc4c515bdd9b0088fdfd4104dbbd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\CsIIQYco.bat

Filesize
4B

MD5
e611d33ba95eb0e4e993ad6c44f21b12

SHA1
d4b26fc42bd34881ff2fe08631d6f4f045275aac

SHA256
e9b8a3452c1a227df65f8b0ed06655f61357e8b0709c17f8ba8e26d54390dd52

SHA512
aa93d9bfd27b6d5d22ff37407fec640edb6b5e4f0c8e55e3574371ffcb2f6969b7f59bcfcf366300dc75cac5045b91c52ffca8c61d42f5e2197673714b3b41a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CwIW.exe

Filesize
327KB

MD5
3b161c77d15c58afc7e9cbb7387b0c36

SHA1
9857524c0bf346a8db57616666104f27fc7d4bc5

SHA256
14b0917a1970c38809aed7c70e83b94bcc7b9e76748638ceb866359ce1c58561

SHA512
8e2d9181c00940d2435b5e9280d16b0a7408a83f6872d61a26e35238aa6272ab5ccaff6a041cf316e278ed207e091246fd9d2bdc1ba96e9912e9c0ff47b37c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyowcgYg.bat

Filesize
4B

MD5
a61830b155199ceb48d8254c5d9eb90f

SHA1
19aa40f25ca1f4c61a65d407bb4c627ba1386bdc

SHA256
468720b92deb05cf8fffc9886c5521e7f6cd5e4c5cb4693dc1dc17bdb3580b7e

SHA512
054f3c703b43bd75d8ea960a3ea16792eb0278c8a2e159326a6c55be4c960c24645308c1f744291ba3a27ce6173fbc75fb5138e2c349bb94855c61b1c8b30091

Download Submit
C:\Users\Admin\AppData\Local\Temp\EEMk.exe

Filesize
185KB

MD5
5cd718bde57890980ae06b37f5f3eb99

SHA1
115cb57934b3155c1ba0262bee0b9d17bef80b87

SHA256
6fb344e8656b2d30aa857b5e1f4b86fe52985eb18a770a4b9b3b6efcc07def88

SHA512
f54fd0e33ad13e658d20d4c1df8ad2642ce510148c9f3539c3686688bd6e6652a925e561a39160426c3dd1931cfbff19e2d019e66930f90b3847b22f1910a12b

Download Submit
C:\Users\Admin\AppData\Local\Temp\EYYa.exe

Filesize
211KB

MD5
2c5fdcc0afaf9bef2a41de9b44232866

SHA1
4e004617dcefa05a75898a2866e75f60ce32da3d

SHA256
cff7d8eba4fe2d04d7783fcc75790a92b537a998335dce34a41bca48ab620b99

SHA512
a944a6ea6271518e9e80394aaec5beb2266d7e22673111fd24b4d7538243d4a80ad71a0c1ae61a92a6da4aaa3394baa716aafb7cc0dbd2adc04072eb39335976

Download Submit
C:\Users\Admin\AppData\Local\Temp\EeUYwogc.bat

Filesize
4B

MD5
df1e5fd343c8fdfeae71a8d0a39f87d0

SHA1
c10d37a1adde38708f651b1b356752114d61e71c

SHA256
0c5057f418fafa935e5a95fbcb593c16c3a114ea2c70d8e7f3c9d1a39945244d

SHA512
5e1bc98c17042d2dc36766cb5576482170f90f6516e40635747d3393464aec472912316071b6ef2ca3b08e4bdd54665971a0683a37a7fa0f95b19590ffed4fbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\EssQ.exe

Filesize
490KB

MD5
789e1853e5ccb475c6fe0f73b13eb59e

SHA1
ff471db49a882e225d344ccaa86e8a9696448c85

SHA256
d1fc9b045e787dbb5f6bec3bd794a3e873c6848e293bee55426cea3a5ef5a5e4

SHA512
d03d8107ac071159fd319d81c7c142aaf0706023e644211ea40a241eddea76926309f8524b950a603670722424913da9b872b6aa1f2de72ae4b6447c715b297f

Download Submit
C:\Users\Admin\AppData\Local\Temp\EuYwEUEE.bat

Filesize
4B

MD5
e4af737e5ea4676ad849f2c70e462496

SHA1
279df95962c4fbf1cb80c2bcbdb236ebf8a394f5

SHA256
19fa42fd5cf013ed2e747485071ef931008866f763969777aa2d095052d2dcb1

SHA512
85abc5e8cdbdfa294caeabb2cd644c4a6bedbf845f52fa6aa5af6839a1d7d3b0687fc5d68003781fb15176cfcf74d163854ce2be800ee2967d65be1e50a35590

Download Submit
C:\Users\Admin\AppData\Local\Temp\EukcIQUs.bat

Filesize
4B

MD5
ec8536b692209bc8dc1d6d3c68489741

SHA1
680c069590549a498c93f56f92462e2bd7a97891

SHA256
6b68182ccde87d5dde381d42996aad7f2eb9119804da46a298b0c91de58d82d2

SHA512
6543ceb3e884a2704c1849b72d3dd8a4f8e6b659ce9043fd8853df4f7497e7dd25d95dd5bb478e41fda1eb911d037045448d46594bb0129c6e737a1862cea057

Download Submit
C:\Users\Admin\AppData\Local\Temp\FAQscQEs.bat

Filesize
4B

MD5
483a5da192f46e3cfe8391d3ef234fc4

SHA1
ab9dcd4a0295bd5e2c0f799fd9becca5752365e8

SHA256
9856b7433f842da2093b956811286d51860e05ae3904dc40b36dc709ea298884

SHA512
db3018d5d446b8116b0e67282b6acb16d86686194c6b4615334132af68eb79ab90622be13631ac1e12ffb9b7e525612e3e858a90148cc498cf13d08649c3f8ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\GAQQ.exe

Filesize
244KB

MD5
32809c54a780062eb904c6d8eaf4d1bc

SHA1
c83fdee66de9f7ab6392b6206a6d78277c6780da

SHA256
bbd017da5e9da0b7f9c70454cf1bc0dbd8f7ebb6e4c6a7e8004cba4071123efc

SHA512
1eb74e43074251c39e7289465fc51c9f2b620f7121654f6e8345bcdc51a163a9567ff55b04326414284227c992693c9e8de4b460821b62918408548ee7141934

Download Submit
C:\Users\Admin\AppData\Local\Temp\GCIwgEUI.bat

Filesize
4B

MD5
7bbd92b7f4d3e20906e079da41ece86c

SHA1
3f9a81f3b6acebea82fba5f7a891cfd1531c3914

SHA256
9b164ef9768598961d2b5d42f4fc4b70d95687a71ab50567116e1f7833cccb52

SHA512
2584f805c24b9a17e56254aaf885d8c6a0d57c53aa9607e2397dfab2c4caf78e03c129d8f751664560be7e1e7472d00e10ef26909f459569bacb8cb7ca07cf29

Download Submit
C:\Users\Admin\AppData\Local\Temp\GIIi.exe

Filesize
375KB

MD5
1f9900a8283631db6b70b2a7ba91339d

SHA1
9020cd0d112fe7a32011b85398cd1d9ccfad00c3

SHA256
bb1a7ca957fcd9c058db0fa768d7d4e39916f6e31b8cedd06387dea54d84f7ef

SHA512
de9e7acf5194a5f40e3891cbec02aa59158f687d792067b272049016229f1bb3ab1a83b109836fd8de7ef3a921f98e01b1e941b1597058fb73ccdbd405b59a1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GIco.exe

Filesize
823KB

MD5
04d1ecdc939cc4ccd9dc33ac9383ffac

SHA1
c5ed28ae7bb444361b23064ce29848ff277ed4ce

SHA256
ac09606aa059ff61846aabcfc308859776e35efc11d73080928f6a123eff8f16

SHA512
3fcb5bfbbd9b5c9c0c3cf2adffe6e6b2f92a62f9179f85c80d92e47afdd8df487cc243e4a59600f0e5fc00722c0ccfb4920c461adb09fe6b8ec5b10ad3067878

Download Submit
C:\Users\Admin\AppData\Local\Temp\GIcwQEQk.bat

Filesize
4B

MD5
c104f2bddfb10a0c9e38e90eb606e4aa

SHA1
1f9d69d3b7024af1b899e4b1f0016b7f7b2c4ea2

SHA256
9e103481cfe929bb4f6d9e5d6555caa74da5906bc46cd54eea88bd48ff7e2160

SHA512
c3ba107a2d9a03deaa9bf71285d4a9c4d680e28b0603c59ca7583fe21bf7ec4b61da27a01f0e1d2f4c0dda337ed4207a7c9892fed91b4c05d893f3bb1fe9fc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\GIsI.exe

Filesize
248KB

MD5
2526920de0d5c4c3d6e147f2de48784e

SHA1
59886c8a2f219976dbe49c3bcda69c27d222420c

SHA256
f7c99caa8edbc23a5bf5793d806d56d2dea1d6887a4a0aa635730250890035d5

SHA512
5d270059154427c0f59272d90413dfa69328cbf924ddf21c2ef76eadd28d043b2341df42028e90d038fb7368dd0ffdc80b8256b527ab8b250194378a99779cb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\GMUK.exe

Filesize
250KB

MD5
f049b47ce7255f2a091f79397d2202dd

SHA1
2b770fced8810258f333032747814e41d8b5c05f

SHA256
762d47b65d09f644b81889872fc32bd063a356aad9095197fc848a3c5b79b1ee

SHA512
5b44f71e5235c7d08951714a3e1a04b454c7c975c0dacfc35ec769a8b40afbc595b9e389942cf53aaec71ede1cca0c0612996de5ae3bd0b5fc4b5f4432c9eeab

Download Submit
C:\Users\Admin\AppData\Local\Temp\GMYm.exe

Filesize
250KB

MD5
33357bc96dd8508947a51213f800581d

SHA1
9ee9a936be983f99738a901009822f6ee4dd38b9

SHA256
667db4eecda56d748add3bd49381737cb3a2b29d6af99fc2ab9f82e032997cf5

SHA512
d002868f87ced91baa8c2065b796a5d6ff0cfecfd674c1f5ed1cddcc55be90ad4ce7644e216e40c1131d4e63314d068bb3b61c0af3a02856fec16312e02086ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUkS.ico

Filesize
4KB

MD5
f461866875e8a7fc5c0e5bcdb48c67f6

SHA1
c6831938e249f1edaa968321f00141e6d791ca56

SHA256
0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7

SHA512
d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GYMc.exe

Filesize
240KB

MD5
fc0e8f737ac3defb213a6d8003c75231

SHA1
c7951b090d796e0af4e5fac63ffe6f47c40eabbf

SHA256
2ef314fa1c70f31f8559626f8cac8f5d855b88bb84b4fc3dec45a3cb1678e9f2

SHA512
854ab280178e04f7a54e59e74a6f103239dcbea008a4829f33e55fdae098bf5a7cfa73047134c333ee0d9199cc9b5bd0477128d7d39fb3ac1ebda1c0dadd27f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\GkYw.exe

Filesize
245KB

MD5
facce7d424a95832a6c6639c2ed29666

SHA1
bcdb259ff64cf9db192b6f7dd5b5bb256b04dead

SHA256
4e5903328ed8ac2f77cc9309adf6ebef32206457531b7043eb3c8e57721841f8

SHA512
3b0465170ab157dfdd6bf2d807bf74939d1c4f9532712b06d80018c6a1744e20127039df68c0b7f1fa77dc80754c0cecac74c790e38d8319c746d3dd1943d7d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\GscW.exe

Filesize
611KB

MD5
c3d179982107273284ea265eebcdbf3a

SHA1
de787f4db05021b070ea2832455ed19cde91c96b

SHA256
69096020fd419b936ef5884ef9b3f9a804eff87f97499b2cdbbadfaf502b780b

SHA512
f84cfbdb0c9e54b00b0b29fb5098560cc623cecd747d2d2b7928980366554a60c2549b685497d7e9ce24b837d429f0bb22e010a6ce53e5272cb79f9fc5549b85

Download Submit
C:\Users\Admin\AppData\Local\Temp\HAIQAMws.bat

Filesize
4B

MD5
87b60fada6ea55eb17c8a9cca20bdbe5

SHA1
f94ac60d16593c6de706cf579f149b06a3d18440

SHA256
e14d8a0c3ff13f57ffcd3bc526ee2ecb0998168a5a0bb8d9b08269dfd85395b6

SHA512
d7976beefc76171a7399ebf078bf8b465fa579b3504b190e674d17167ed5f7466404b44f6df83345677df091ef2d6062213b833ee546a6732463f97e5c86f2c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IEYY.exe

Filesize
232KB

MD5
aa9868f2b22f232325e8a976eb3eee7f

SHA1
08b6e74cf7404edb4b8a816aab54e0cfe9dde6f1

SHA256
23a4313ba4dff5fd3b10e5ba02648e4e9d6948ec3ccf5c1f7ff18011ca7951d4

SHA512
96ce0edf2d68dc4d26f7fafe5202daa0db7cf59ba8253434a7044afabaf6d502bbda4642c853d17d231b2296bb287c54863837ba72e1ec394849635785602286

Download Submit
C:\Users\Admin\AppData\Local\Temp\IEcc.exe

Filesize
239KB

MD5
c029741425069b5a17e196b245775192

SHA1
131064ae2cb2962dd0b198e90ffcc9cc5296490d

SHA256
04c594f073df5922152c009c8c391cf45d1bc2efbe62318dd510c336971eaf7a

SHA512
fb74dabd4121d29f3a103f64c0ca51a0a39391e5a5d16e4e570ba6b9032a79c7b8b3ce95d8a36f3b2fcce8c6e78565e51ccc6748e9449d1e89da89fe2cc9badf

Download Submit
C:\Users\Admin\AppData\Local\Temp\IKkAooUI.bat

Filesize
4B

MD5
d6505666c27c02c57b3d7005b01ced6b

SHA1
2dc39d9ecd1cc31230c2035eb955a73444feb520

SHA256
490f93d2c9b3bc574ff14d2d6653954b0e2c75312bd427b244cf4df844368e58

SHA512
cc87938e80744ac12d1a58a814dc07cc88793bc30a0704bbee6ec2112e64839aaa53ca9550d406deed62a8130ea033d409b7f801bed313e7ba592b94fe45a72b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IUUm.exe

Filesize
204KB

MD5
3503fa567465e7a9edc798e39d271b2f

SHA1
ea5baa6487e26335092d172982dc46ba88b75580

SHA256
680577c1440e85e33f7b82caa61a291cfdcd5392e9b6277851c9204ad6088b1d

SHA512
283362bca875dd198e0020913de92d87e87e3a0cbea0c07346e444d58d0338460eecbaba1fd73b38aa0efc5bc2eabbc99646047db911b8a11533d7190f20f259

Download Submit
C:\Users\Admin\AppData\Local\Temp\IeckcYws.bat

Filesize
4B

MD5
a90fdbdde711e08cffb7562ec37b4708

SHA1
a9b1c6b7550ac07eee03e82fdef627c9d6e46247

SHA256
2998bdf84e2a133c2f605a2d6fe405e262395397b7663a6ff7bb013158569b6a

SHA512
64bc9213c0c3dc1ecdd313ca99b219d66694709f3e2e84c11f63feed393249f8b2f2b09505bdfdabedde23a18c21cf54a8300f5ce862a8018e23fa15f83c6bb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IoQMoMsw.bat

Filesize
4B

MD5
1470c262da6abf63a7d5db67db5b71c9

SHA1
3399a5a59c3283a394c95b9b3775714fc89bcf9a

SHA256
3ea728e77d783b8266c8dec2f94a96ad06fd9ea79fc072cd262bb64b5299885e

SHA512
34f7fac9e100df8efb381c96818cb993b6b6a28da22a77df9091e189ebc7b3cdbd9976958f3e932d8407cc50c4142f6ad1af883d34c1a9030193d0021910f1e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IokO.exe

Filesize
241KB

MD5
acba1c4a59347cf5aeebab225ca2af85

SHA1
ffc342ed5eb178b4fc6ab4da51b3a80955ec0c50

SHA256
5cfa858516ee1a5d4534c31e2b381dcb4b966202c6fa186f74e4bc58e8abd6bd

SHA512
a83c165bc9583f26d15b5ab31100e003827558c63660113dfe510586ce5643185b1f526b47d0b4461538103beb7c4b6880e03b82becbff139df6b56280c580c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Iwom.exe

Filesize
186KB

MD5
22185d2ce5488e00b5078de90b60ad54

SHA1
8e3a5f74404e0863371a716fc1612bc2cf1678ae

SHA256
76ba20904bc0912b3a26202ce78f4bd92d8690dae5c892c5aeb5f88f7e1646bb

SHA512
d22182882b669b3b81b6c806b6fe5610aa52656037eff3051ea2e6c29eac86d7aaaf0842d9cd28c39a236c3b068437f14b7f6ea2d9fb07406ffbcc8de3109e45

Download Submit
C:\Users\Admin\AppData\Local\Temp\JCAsEYwk.bat

Filesize
4B

MD5
b00a09eb1dc58b1403427f07044a9b4d

SHA1
76db6711b8ae87cc2917e7da3b50163b92df1f40

SHA256
e5300f7cb1651870600fb632c40ead6a2393cfaae44b20bf82e29eb99f791c38

SHA512
26550f526f91609d5b86240e1e8b2ac78993e4e460bfc10840ece25fe34b288c150996999c54f470a8b05a58f8a9b326853aaf1ff38f1335d1ef08407f6a3fd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\JGMAwwog.bat

Filesize
4B

MD5
30ed3ab2d4de831f9e508bfcdf7d8468

SHA1
6ff5fdfd63777e153e1e670d08e86056fbac0143

SHA256
f0c0a1cfd8230850b2c95c979c4a1d1a6842be0974562b76734fe0b1abfe48d8

SHA512
a7824094edbe529c063f317067c8af2659cd95287ba85d23d848a130b6c2ddb59d083fdb55e1910f3c13f3d363505ee19cf82ff61666e39103239ba57ed095fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\JOAgAwUQ.bat

Filesize
4B

MD5
92ddfed011511a3ee8da905e93de07d3

SHA1
8a7f285219d3cd590d8901b3ee5b0b14e367d5af

SHA256
e7ee1b256f001d506a9d3e411b089ba8492a03c57fd1208854e6ce351a7f7059

SHA512
41b604946b6caffcbd640ef45f2e1d512ae52c2fadc0a3552573dc9a221f0a6f9329e2c9398e6d28c99bb620f645a91d476ab044f946d66a9236981726cab9a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\JQUcEQAw.bat

Filesize
4B

MD5
414ff921da0d4772be585af928faa406

SHA1
55f64a6e1f1f1815a900184ad49b5e67dbe3cef7

SHA256
5ba8c2d42970622f23a5a01220544098038ead3ee0bb5f145452d9c88c1922c0

SHA512
91c33096892fd5baf5e0dd2feb223270e2585a5287f498ebafb14b0135ceaac3cd8b696c393e97931689ba8d829e08613bc43c3dc260f1d3f5b751c32bd1b078

Download Submit
C:\Users\Admin\AppData\Local\Temp\JYkgkggg.bat

Filesize
4B

MD5
db9e3aff3cb214cdcba4d7ca346c6ea8

SHA1
442c5e8d8ca15017ba5e8e09fd29f6698c6e2d4f

SHA256
ebc981db53f82723f91c531baa074057fa7b5893a57bd41b470db84f5bf69491

SHA512
1992c4c65cfa0fca6f6d4ef53aa718f3e1329b0a58891aa249b5fd80371d60aaa08c14931e7e36ecbfdf81286985d20ffef93014da8fd044a7214df8afde3ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\JwsYUEwE.bat

Filesize
4B

MD5
8abd98af05ab057616a36cf79a7a9648

SHA1
5d739ea74da09eed2551e8c2f3a2548be1ca9a02

SHA256
76b6707df0c518d6cbdd7e14dd335c97578fc292b6243b2716335c618eab8f97

SHA512
494e9fc0523ef3d270e3f3b1b2a8615ad76861c1cc7e95640505d6bd9575e22e10dd8a1620db1baff7e8164f44dc4bf6d9850253f02fe06a5a27402c00d7a768

Download Submit
C:\Users\Admin\AppData\Local\Temp\KAwcMAsU.bat

Filesize
4B

MD5
971ebb6252bb4d74f288687008fc1bfa

SHA1
888954fbd41403e351c91ea9fc64a33a0e4eae7a

SHA256
0cd2014a3795f7c959432e7f7834a0c15059446908b943e4ac9204c1d1190a29

SHA512
47ce3951ef857433fdee65b0e5ab07c4a0b763fc9cda5d7f9c41f764974bba137d26814f90bac3ecccb59a05405a3f2cdf32ed4a57a8ddf0b3d7c030266bdd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\KEgE.exe

Filesize
242KB

MD5
2a1b865cbb66588cd8bbc009f3edd6d6

SHA1
07b21ed47f43a0dd0e66d1a3fa34b194a58cd859

SHA256
6deb3ca6ded563850e3d3beeb13f624a76de218973038445b7b24668d31197e6

SHA512
457a9e8f65c7c5873a3dc157f7ade456e89c385145083aca02cf3c94df996d0c8104b150f6456892271083fff921e811a2099208a6960ddaf30e62630c39f427

Download Submit
C:\Users\Admin\AppData\Local\Temp\KIIS.ico

Filesize
4KB

MD5
964614b7c6bd8dec1ecb413acf6395f2

SHA1
0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f

SHA256
af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405

SHA512
b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\KQMUUEAE.bat

Filesize
4B

MD5
341dfd12349f95bd2d9881ac642486df

SHA1
d539597904a9a87bf9dc848387e6226963a7c828

SHA256
a8a05256ebae16bd553ce457da39ed592ced48a2a4e2972c8a695b0a4ecfa128

SHA512
b2bea7342bcb77a26afef7f5918d26486bb41d014ef2754bb4939469f7ebc406214583a84cf6ebf6ecf4efc1349899e6e8f1fd9127b5a111f75980225e113fc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\KccgoIos.bat

Filesize
4B

MD5
e33616ebb80c47db30d5c3e4d6548a94

SHA1
defcc814bad6e2596894452c74d476511093eda7

SHA256
7416c881671d114de85cd38cab680475bd98647b0580f92c4029f2b5215edfed

SHA512
f16a11c27545047683a6009a136c559ba24907f36d949de6880993e6647ed2f220c754e2bb84a9be7e29e0e1a4b30ec04fd9c9224ce46553406082587d08d5c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\KgYa.exe

Filesize
321KB

MD5
592561b66bf9e015aa29ac3963c0f253

SHA1
c291c202d049a4ba0c8fe2a346938573442418cf

SHA256
529a9486ad78034f71dec90faa70b7bc33c0bbc92f6c290f2609745ca44ca466

SHA512
6560ad8115fce2d781f3b6417a4fdb679ac8ec843e14c8fc4b7bb716fc05823342888c05a00b69139252bcadc0eccfb55578a98d5875a2b4e11510c0bbaa167f

Download Submit
C:\Users\Admin\AppData\Local\Temp\KkEU.exe

Filesize
244KB

MD5
ac43495ca61e6cbcbf36fae488a06c35

SHA1
fbbeb06dff7327fffb751ee063916c112cbd2ddc

SHA256
a0c6d623762daede81a928fd37b128778ad2e8473730b80d69cf4b504323e33a

SHA512
b888aa804d99c282972abca1d17e07cc98065ef76f52dfa0b01cb3a5e17f20795697b0098222337b03c275bb097cf0ec2ddc0750e694e6d5f2895ae05e9f0ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\KoIIkkIQ.bat

Filesize
4B

MD5
ae39a25dfe3a732b7e2a1da69d9e5c43

SHA1
5437436c7f058174ec3c7d4345daf6467c4c15c8

SHA256
e71445f0fd6425b6a4b35b30036c3ec001c11d637967257a4759111f2926a52c

SHA512
90924cecd6e88ad2fbc91ca30e4773cd5b0caa2eed4faec765bd22bd29d36748b50bc7168477651c5818eccfb336b7492902380f317bce652fe516f38c1a88bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\KyYoMAMQ.bat

Filesize
4B

MD5
aae16f4421b94effdf6b457599b72dc1

SHA1
0a52ffc65b051ec6cd1ea857360692f2022c919b

SHA256
286e79e425d766e4aa5c5c441b88b427320b6b8fe25ebbad79c7d581cc6c92b2

SHA512
54c80e947c5207d3f950ed29ac6d59d598b79fc96dc91f4548d049416f061439ffc3626eecfb2014c7b26d1384633d503ec709dcab5058901d69c787eebe566a

Download Submit
C:\Users\Admin\AppData\Local\Temp\LUYYUoIg.bat

Filesize
4B

MD5
394d7fed96c62e206e67f29e0227f1d9

SHA1
f5572e17bc3a3cb0d07856d9e236fb835c577d6c

SHA256
cbce7f4a0cbc03cff9d85d4c05af5a7da0823550d522db88804ff6de6078e44c

SHA512
b55d8ddc1981057426095568a34fd859c6d8dd4986b7c8fbf9b6a4cbc04839c98ecf63cb7811da28a587d4788717bba18c046c84c65fc40262dff48e5b0e9a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\LYUIMsQk.bat

Filesize
4B

MD5
060b009067736dd52dacbcea661a9957

SHA1
876acaa3c0d2cceee8bf3441520d8b5bc6d0906c

SHA256
96f82d353da5e33f800ec2a6479572e4e76cac9ec1bf1167b1ca8186d60bf7ea

SHA512
bc3adb49f82d0db499f0254a68992a2b106e270fc50e3c1c9360126dba5482f7a09797957f6f9e34665a024d5ff591996886e2c80da7b09012a48ca1bed3ca8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\LYgYUIUk.bat

Filesize
4B

MD5
070d31923c36e6df718a458006544564

SHA1
7233c8088452e2e6574370c609bdb73ee40968a3

SHA256
3203011bc834ff88492c1f9ec60d5c7a13aed580f32f8c450a2a4a29d508e137

SHA512
c4161bf92b23c25c737be969a76c483ccf48092235c60c7ae335bbc4c253ac1ea075f841a5ad67c82ddde13c7956c314a9b6ec8e8b26588496e6cff85ae999d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\LmEAUMwQ.bat

Filesize
4B

MD5
adbf2c34b65855d2132c29bcfe13f4c8

SHA1
25a596dc7af3fdbe1df2fc5336a78dea9e770288

SHA256
610e99ab17e8607d53a8de025f5b84cd91fdb6b79dd451f7575d16e5042eb67f

SHA512
4f2d2179ad43d57b80865f3f884d55dbe7c581a087bd0155ddfa084f998d8a52c0142aceb7b997f4ba8b67734122f8c53e36fb5763818db4b0af7a92adc731c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\MMMa.exe

Filesize
192KB

MD5
27cb09befa6bff896af3916b1883e926

SHA1
b3d22fab5ef1c7b84085d35a4d11378c9a424df8

SHA256
e5b4e7b940579a6cb39c981736611146c77345c5fb62ad716c8571937cd20bfc

SHA512
59a2c69f56ccfc015d073de677f3387522b91547ca2330803d70d3b0220a5c6ea53f3afc791bec9c1f6227bb21ac7ce116ed165551cbdf9123cbea8b0fc75184

Download Submit
C:\Users\Admin\AppData\Local\Temp\MUku.exe

Filesize
251KB

MD5
062499a60152fe1c599f359f5c7a7fc3

SHA1
77ab7e46abd3e2b2040143650073b12f86e13292

SHA256
68b4920c6561ec3ffd423b618e811c2d9153183835113c2230442e0596e631b7

SHA512
50b610843c2b4b7e449cbaa4b3e9f3635107c54cdf5ef6144b58da261dbb66c6149613d3d467dee9d74c5454d9173685eb7e2de8dec164e25936f4702010a39f

Download Submit
C:\Users\Admin\AppData\Local\Temp\McYE.exe

Filesize
235KB

MD5
b6d0b0b71f7e5398c9d0c267fcd34b4c

SHA1
4bd8b6966e832d36a66583c6e95d55c8ee710064

SHA256
f016e83fc5be5585a74587ae86d7a3c2e80033a2e891f3fdfe3704614d61fe4e

SHA512
b25367d0a737c34c83681a7663ed81966ba71152fe5d51f9ee2995dfedce680c11381621da7d134a79e3f6065ac27ce3c38a8be93d14eef98b4205b300b3b3e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\MckW.exe

Filesize
633KB

MD5
b627b86721e39a5364b7c64de80cb947

SHA1
b20b524ffff321c3eca751da2b01cbddc8211b5b

SHA256
b98021b696f9145ba06a06d5146ff0572d4ca4dc48e019dbd47c8c26ee278909

SHA512
5aa3734cb2d242a458144274b3ea6dd5c97ff3cec00b6a06f978ef4d4827d6a1d4c354afca8dc7d3471f6c0aa36fe419355b3d3813516af2c2f91627b4130d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\MiAAIQwY.bat

Filesize
4B

MD5
3fa3aa79d0bc024c741910a685a0855a

SHA1
53753542ac2f4b07935a9846fdcdc94f77424261

SHA256
227aeb7067495ecb3c4d731a206b00ba8ee7569976d0aaa0d4d41a20c8a571b9

SHA512
1c63322794c79b99820deb2851681fc4396bcab6876aebc080caba41b00f342f7109fa6f6f0b5207c9cab1c2b5fa147e1b7b41a650e5a48fa9c5de5b8dd4148c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mogq.exe

Filesize
250KB

MD5
887c4172a8e23b80d7a9a158242dcb88

SHA1
1b72200f188be3324c5d40a8be458e42270d1da2

SHA256
174121cf5d175f4b5e857795a5b11388a15bd7926dc6f08408acf64496aec48d

SHA512
e0d0d5ff40806dad005797187049ddbe2386268107af8d1005f072b22d11363dec5aa665f62efc32c75e80131d231a0ac857b04472e089f89fcdbe3b616ff0aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\MsUK.exe

Filesize
240KB

MD5
41a11dbabe1d86d18e6501c8df1f39dc

SHA1
4eed88c68c5dd9f4c2bcc5eed5432ff0ceb240b5

SHA256
84e81b9843315d2aa7fa028696092972f020ac22957a194ad4d474b3fa20d44a

SHA512
807945988e192d5faa5823f9f29b7eaeace4ba7090cdf9d9f2646316d31771fe4878a91d5b259ff7f57291576aa5f705f9620b5635e6d3bbdaf85240fe02b5aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mwco.exe

Filesize
249KB

MD5
ffdd6ab908f13bddf6235b7171c4e969

SHA1
f33a20d70d0e653278b035c6408530d7bb57c68d

SHA256
e05a321078de051fc2819d6303b4948c80d0441977c95cace99c9432ca32ad12

SHA512
5d0270b1385bbe330d690dd4c3565a9c11e0413dafb0f44dc18f7c85ddeba29242a391a51019034513b03244cf0c1c521bb7afbc01dd22a7516981b09e324664

Download Submit
C:\Users\Admin\AppData\Local\Temp\NUsAgYIA.bat

Filesize
4B

MD5
39c66ab617c62c65c8c7ba962dafcdc0

SHA1
1746347e7cd48ebd4c2c240cfc4d16a2b55aa468

SHA256
0c97437fb6ef39e760ca2b01b1965d4c13b685235cbf5d937860e8eba03f5ea1

SHA512
0b4d87fe3704b20e486e189457c8ae1fdf7da81d0aec34d759af279d01150ea7c20ddd2421137a9ea2c26a41a911791b50550332cd3d7c59e7d6ad779e737d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NWsYAoIo.bat

Filesize
4B

MD5
4022cfcdc075e732dd182e9f98e9af84

SHA1
28ac94df7908df07576b895a3370d0fc8be2ce9f

SHA256
e2304f1a620db7d305d2a83d1461034b4ffeb093a91a33b5ad0ef3c142bd2e86

SHA512
7e0bfadf00dc9bfbd268c5d83b1d877e22b08f7062453c915b41fcc064e2af0730c796d005e6f1819b33be3bf37e28c3e00994f3623566166602ca23ed135a02

Download Submit
C:\Users\Admin\AppData\Local\Temp\NcQAAkwc.bat

Filesize
4B

MD5
3496a538ffce3975fe3e81835cba41a8

SHA1
6c2e82a2258373d095f71dfca4ff21230a641dc8

SHA256
a052d966431aa1c50f4c401ffe6d00f924b6edc9eaa60c8d08d65470e39a3792

SHA512
a42c575cb9edf59b5b532e5bdbf3cd35d7a2426460268eb53a5817a25cadc5988f6aab70842cd5fbdbb97297da199f33c56f7fdd164aea352ee668c490f0a340

Download Submit
C:\Users\Admin\AppData\Local\Temp\OSwkosYI.bat

Filesize
4B

MD5
7491c4e9bd26c49f237bbaee1159b4a3

SHA1
18370d4151c2afbd43d8fc378d7dd9e82f78948a

SHA256
6cd7580e895ad412982cd0a7edc4c199cdb144daefabd92d40bef241198441b6

SHA512
4cfc92622959d8f531bbfab350b8f790ed72034f1999d8d570a6327f0c9d2f53b5493f95c91bf5537634b8bcf7bc1046d01467499b4b1fe1388d3d905a366323

Download Submit
C:\Users\Admin\AppData\Local\Temp\OUoc.exe

Filesize
219KB

MD5
4483679acca7578c2555ca9830531018

SHA1
f8bac5269454891a954f6a50b720e4daaa6aa2a0

SHA256
f51ce393e7cd406803809413d1a1124ed34cf9964d668e923a1bdd5f82ed7224

SHA512
9f3b55a645eab04d36e867885d14c678c49dba766048a59cb2aefa998e60ec55e1c10371e4fb137ffaf04330b0782829efa9c776302fd1d86f5f18d02e1f75e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\OWYQIwAo.bat

Filesize
4B

MD5
a3c13a503b1fa66931043bda53ba4766

SHA1
4146c31b1009a261fe2fbb9291a9463893bd21a6

SHA256
efa584a843136eff411c797c18361f6481252c225cd498209eccef55d931b93f

SHA512
543846450ec7062e1c3ed399e80329d39964539192988eece1bdb917c10239a65ba941b6d0c762868ae95a64254eb171638fc42c45fb93a438cc345dab685b3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\OYcockkA.bat

Filesize
4B

MD5
c86e3259caf58b77cdcb84e29218818e

SHA1
1af2fa353cd671e6096b25f51b219492c7d64421

SHA256
f9de5cf2930b188d0191bae44941189ceffa20c9a9d02e10057e6a3399f2b15d

SHA512
0320f8b75f74800409c43d39fcc7ee6170c8cf83016712fe15f067de56213ec6b97c799f3d0c523a8dbfcb6c5ed504c9d2036b3c3e5abd67436df5279d8bb50a

Download Submit
C:\Users\Admin\AppData\Local\Temp\OYgS.exe

Filesize
231KB

MD5
1100591499e7d283ffb9b437d59d0ef3

SHA1
2c2828b3fb22fbc05d688758293741a90a975765

SHA256
fa116c05deda7fd34c05c18ec988d98d367eaa9eee54124aead9aab668f097ac

SHA512
2f496c36ca3b1a35bf4e48f48027074562055d2aaafad890a4bbfe8842eeca1c7922599ca99fdb096901026727cbb8b661b70ba1728d82ad3c2308a769d171bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\OkkoAQIU.bat

Filesize
4B

MD5
05f360e19f7057a9859d949c7a5333cc

SHA1
5d51712d54e759f92e301a6e8773ea4f48d59b15

SHA256
01aa7b103ab0378d259cf08ffa53f51f0feb28cb7e0ae23ad0fd79d1d8ebbeed

SHA512
c263e48f9a92dd114c503ba39ea08486fa584de2afa80ac93fa2a0efe96e58910384e9066346a6d8c41cf1a55b22c206cbd4a3a8ab62a06d87cb80f90f8efef0

Download Submit
C:\Users\Admin\AppData\Local\Temp\OscscsAM.bat

Filesize
4B

MD5
9244b22d8f01b293752f1b668569b79e

SHA1
9574a86a1b0653f7c341ecacc5cffeb4b53e95b0

SHA256
8bf8e07d3735efe764544b9646607f0fcf73354ce50711dd371761fcb414dfa5

SHA512
f9bacce3af9292c383fdb67529308d9e76dd54643c6dc789495402f61d732a723322e1c3aed33b7c2a7e7c3ba037d336594b8774bc5855615ba3b79d27d17bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\PCoMoIIQ.bat

Filesize
4B

MD5
e21f36874bbf92770f703a743e622c84

SHA1
4654ec6421a133b0774a2145c8d8b6c25b84deef

SHA256
4b06f097a29cc666f5be4bdcd8064ef40cebe2246e6d59ce01693bd0571d0212

SHA512
5159a80c3b155dd522332d36d64c51c5a05c6fe8bce519320366446173fd9f2cceeee215e481417bb85e47cfd8a81f4a0e6295a72b305006852d7e769cfc04cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\PMgYQwQQ.bat

Filesize
4B

MD5
034108896c910ead9ce3e9da7a436c96

SHA1
75d8e1ba62bba533878decefed169b289577a0cb

SHA256
dad69aa338f23f8b91e38781299f29aec81a3dc59222d4ba21f5c7bb674169aa

SHA512
ae34045ed6557056f8efe6e2b5d5612500b425575e6710b321a37ed96fbbaa4bf595725c2b72b6dcd2a24fa799c12e22ef5a5e84a96d39e1397217d27c4f7610

Download Submit
C:\Users\Admin\AppData\Local\Temp\PagYIwkM.bat

Filesize
4B

MD5
221b131ba0bc6399a0dccd1a797b5a1a

SHA1
59d3dc8cd20017f1b6cae826daa2af3ccf2e1a3f

SHA256
8f8ba708f0419079a833e22632d8e86ad98ca8e2ab5d34f6cc95121fbe027447

SHA512
7e359c2e8575441d97c567f0507bfcc49e2244a82dafa1a9e08c6d274a3aa741c0af48093969b0e34c9285fc4ada0b4342a3f7cef2926a88c9a5fc2c80888cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\PcggwsMA.bat

Filesize
4B

MD5
40320417ff7277051cf68a3d7dd0029b

SHA1
f589bb07b033c05144a40f513f28c21c31f7d335

SHA256
cef098527b6ecdd5fe553f2c124326791a6b7c1b5f3199be7a880db0b140a8ea

SHA512
816a77b090cab0a4b1d41688ba7de2fc8bd8f75e732b2e1a3fd4757aedc0abe321e317ff43a2387dc1c17efd9e45eb72126dd7c62ad5cce21e4b864b2f51aa70

Download Submit
C:\Users\Admin\AppData\Local\Temp\QIYA.exe

Filesize
235KB

MD5
acdf9982abf9a9f8f369261736b1b02f

SHA1
4f52c986be524778b00729624b345df8235ebbbf

SHA256
263812765a42dd9233ef94d54ce0601df533e3f3994fa993d211b23545654468

SHA512
0cdf3b391e4f158d532a904b4827b237eb1ebd6fee16f5a80ca5dbb623cf2b348628a506d2ec3b3452fe36dd9082edf78dfb4f9fd9b413081e7bc82f286ce3b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\QIcAIsoA.bat

Filesize
4B

MD5
123400958420f16efb4c06a04750662c

SHA1
65a8149e09fdf3310667fc17901360b28f5bafd0

SHA256
0004f82db8e332b1b5453da94d5dc75dc6575aee4f6aad68bf7a9cedf61fe3a2

SHA512
38e357fad127cd856447aa13b597a336124560cf90a5078c78e026ad2aff37cb7e7c8db12530461f2adc41c1e901e564da548c4477f8786535b695a2ba9e5b55

Download Submit
C:\Users\Admin\AppData\Local\Temp\QMke.ico

Filesize
4KB

MD5
6edd371bd7a23ec01c6a00d53f8723d1

SHA1
7b649ce267a19686d2d07a6c3ee2ca852a549ee6

SHA256
0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7

SHA512
65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Qkgi.exe

Filesize
188KB

MD5
c042068b5a8478553f7e2023005d1f3b

SHA1
e581e5722b0d171503bdd66fdeb60cb112dba5a9

SHA256
5ddf951c53af4d518ae80177394c3609460a35469e6464b2fa1eb0cba2355110

SHA512
31dd77d35b9f13ce4b44e8f3c0bcb9fd722c7780ccc5b0636df52471c728602d53a5a1bf48e1cdcf9a49830645941e2736e3f9fee7776741e1fddce9f371e924

Download Submit
C:\Users\Admin\AppData\Local\Temp\QsgA.exe

Filesize
243KB

MD5
6fdb3ab38ac2139ec0132c0543201ff5

SHA1
4e9cc22ccf0e4713da50783bdf737125379ad2d6

SHA256
724be9813f5da6dad448117b602b50057d5fe810fa08d5aa2d7407cce66d86a7

SHA512
b85270c36fe064b7cf66e6672f6f24e438939d45c995f50faf1938a29fc9b6e86d809cf6c8993c97692b042683e265066b03700181a52cc7715489dfb61b0dc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\QusEccYk.bat

Filesize
4B

MD5
3a20bdda57d9161dac022e37d578a8e4

SHA1
c711d89c68c3cb81a51d4cd27f23809710cb3a43

SHA256
f99dc84312180d3608873280aca4e17adf32c3e0fc6ad07dc7f3282ae88b76d1

SHA512
ab8fc608f467b3a4cdf34c3e026b55fa0bf9a87ecee503703b05c445f77accd1b102195d1a39bbaf34cbfcca019817cbfae7a411878f5024c23f998721a33c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\QwEYIQsY.bat

Filesize
4B

MD5
5d297bcd1df122b9c515ad552ab87c8c

SHA1
f58dc98e30e71a2822fb9bd4afb67ee2393595dd

SHA256
0dd6ba8f13acd55bb7e36ff8babc665f28204f8e34bc04f7b168b918fbb9b44f

SHA512
52eaa46c3975e416218a1d7463b5bef120757cbc893cd4531a2a5cc40773be6ce5d02203b52e128bf4518b606fb3320ccc0de8c40b6a2316031dd7a51b4276b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\QyEggIAA.bat

Filesize
4B

MD5
be94be75ca9a9cbfd16b4e51e3e8eb11

SHA1
3343420f56a91a4e1630b70ce6e611eddf2a16a4

SHA256
4ba9136613e0e7ec19eef2f9062ad28ff5952e440b2154b8414748ec22d32024

SHA512
2f49711dc105e88def75ef3b078c59d12b589e4cac5160d43ab0d744164c27b4a5292333f80f3490d1908ca6577e1498be886ee5b41581f4a3eeb1b12535a439

Download Submit
C:\Users\Admin\AppData\Local\Temp\RAYgskok.bat

Filesize
4B

MD5
0104455be3b61d7a9c995315f6fab6b6

SHA1
bf57c56d6e185635a3d73611ba7e891d0df25a91

SHA256
12c62ec840762d7a608a3dd164c65e101cb08266f7df71405bc5754810d5c4e0

SHA512
c924f5cfa7b2bb0d3a6499224c5aa3a5f11d7f253f9d46e27b3b3d0fe36bb10b88f75d6a0a69bdf325b88ccfb2e711b1537d86bdd7289f0835696622f0b14970

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCQwkoUc.bat

Filesize
4B

MD5
21fdff0bd9a1a9dd611e7de4367974c0

SHA1
e513ee427a45223d03369aa3b9882a5258339c2f

SHA256
e4820ba122b72074b747adfe1b62cb7d9fef6aab31f203627b37e4ac614b32c8

SHA512
6cfbde2102edb3182e14b090efac89eb31cc2fb244fca670ae67242fb8ecd0a381aa7d2ccbccdcd1371279ac5d3464ba3d65280ecad35168f0375c65d61bceda

Download Submit
C:\Users\Admin\AppData\Local\Temp\RYsEowQM.bat

Filesize
4B

MD5
a78adc8cc9471f090edf2971620c1b81

SHA1
28e55aad5d1300252fa1b8ab27248531a76ce7f4

SHA256
98476ddea94fdafac92aaa7c9abbdede039e5f86bb820c9a9ef7a8352fbee937

SHA512
58967cf8c8c9d9a0c64f5f5c58711be45546cd9cf4f60f847acd54196a0a62836a1c7eaca87560a05fc1158759710db4692d3565778effbbf8a6070493f2bfbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\SIIW.exe

Filesize
231KB

MD5
5f9afe342ac868dbe29e6afbc552370b

SHA1
58aeeb0c4159c7db73657a620d5997065269957d

SHA256
09cf7268c878bd07d45e8857f2471f1abc57720ab2d9de4e9f94008bf2707815

SHA512
05212a567d7aa36b53e26f6c64f627ce8d53ddfdcd73e627e7f1015fbe31b5e7108c969e2eff7d464000565faf0aff2a327f0802b4b1e0eabdfdc2db79056fa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\SMQYcAks.bat

Filesize
4B

MD5
fd597c316a206791d3f164de66c0b87a

SHA1
54dc8727a9221d71c6b268f307e23df196de5b0f

SHA256
58907d13695e23b9e8ce851864b83d40e463dcb99826d9087d9f461b9289c21f

SHA512
06a2c85d5ddac7a20cbc41a35a867529802d395987e525ad0a5e63f5d39d6ec25e95bc9f5c731e03dc55bdd8a8ab28bb7fe87e3e20b885e153087370c1d436c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\SQsU.exe

Filesize
227KB

MD5
031e21c13ee23b3ef4060d1944f04992

SHA1
0a34fa721a7c6a74c8418da7f10deaa577b1ed78

SHA256
e69a8ebb5eead12c58376b9206c181fa0b80d1cc45dcdd84e89c31803f79708d

SHA512
94427d46a5250aabe3dd76b50e49c768f8134e76bd1088340f929532744127b5ff634a7292fa504e2e80d63a8ed86f364d823084a71deff38d4cda8e15cc3853

Download Submit
C:\Users\Admin\AppData\Local\Temp\SUAoQUUI.bat

Filesize
4B

MD5
9e546336f9d9875ffcb17d1e9b3d72f2

SHA1
df9fd05628890425cf2cc6b0b2b000f5cefa5b64

SHA256
79095f476fcd166822a53d38e5c5617f64ca831ffd42e81a4096168520708da6

SHA512
a6653b0bdb270f4b0b752986b4a78faeb10b041ea92cacc3ab9e51d54e70fa903af1e85553d11bc1a9f43e5c76a5bc1d7f6437ef550568d4fcbb4af4f92663e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SUIq.exe

Filesize
885KB

MD5
55dcd91ffe0a7f12c43efd5a8f92abf4

SHA1
7b5b452273e91e2a702b27727541c52c5a813372

SHA256
a4ce0c78ebd35126faf5e838b09ed2bbf61786f83fb8ac06579958b9de6c11ba

SHA512
4b5b38bdb2d1e8487ee3376b2e41422247fbec7e0a19f976a5c762bdc9a4ecaead7401499f921f85c419e2fe557cb5f411fed7aee2a702cd41eb90c2bc0b55de

Download Submit
C:\Users\Admin\AppData\Local\Temp\SYEO.exe

Filesize
1.1MB

MD5
dc0145edc803ff3b869f32f38e78c680

SHA1
43bd6079e37d274e230f89243838a1dd4337284f

SHA256
fedb859d0ccda48ebedfcf772972ec10c9ec10eaa2be4b9e812de996850515f4

SHA512
f9525ea55875937d3d1739cbcb209c931d610ff12362c0d16628c2cbed511fd8859e120437419743b985856277406828f0a95947f9cbb78dc94abc471d0b5c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\SegcsEgE.bat

Filesize
4B

MD5
aaea2f1bbfcc0a0a57657a75d761d119

SHA1
c1c8e9b5a396b38391aa73dade2cb1c2c7028bdd

SHA256
5af46feb956f9209c9c4a3bc6ef00e8fdfb7db2b205b5284154cc9ba6e9f6172

SHA512
5a45bdad5cd816f3a4d7377a52061b90ac265feeaa84ee9a687464dbbcdeb3b9e85c429604b796c7e05e12a637ea3a315f454dc35409e1fcf7eff9bb88655de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SgQg.exe

Filesize
653KB

MD5
5169f5101db5afdb2c9f3a19b0c43d2c

SHA1
3408cc9cc21b099e24231463c56ef0891010ece1

SHA256
ef9274dbd65fe657ea15b880a83b4ed4ae8c560afc518f5a8b60f615924bcc38

SHA512
ec12c5f3e2b2e3359033d0af72d0471a809c486daabace13e9f07490a109031ca736b13b8d693788079b72adc9588fc7f0b27e4a2eefbb077617ace0b17d8bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\TsgEQokA.bat

Filesize
4B

MD5
d5caa8022ea239329017e6454ab74f89

SHA1
df3f3f236d2074931e7f5841d11b6e2fe1e54644

SHA256
e5cb8c54dca1ee31fde6aea06cc856285c0995a17ddbda4616c702a50420e3a4

SHA512
8185e6ce47968aeead1aae5432fc63db1d57b50d4241f3b1f30ca2e0689e87e8420bf57579e38aa7d3f208fff160ce752aa9b464c78f7d978b87746f657e5b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\UQAg.exe

Filesize
231KB

MD5
e648ad1871ca94441aacb6e441c52580

SHA1
af7d85dd9c8a351fe3bd04b4a3863ba1c349c72a

SHA256
5fa10fcc4c600d4e62f800b46215ab3ba7a9726406c1da827b499c5f305561bf

SHA512
02f9913935bfc77d5df43b3d0e19e3767a69e71a63e658f7d8b105dce14976f343a4b5b2f73ead46d11ee54b2860e827773ff1d099430f9c50e3d3090e9147a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUAK.exe

Filesize
229KB

MD5
cf59fbac720b5180ee860cc004f16570

SHA1
e4d27f4414ff17691e76b55aa6229ad5b5c53fe8

SHA256
fbfd7730a6b57a846b1416658e0661e232741e9072fedf6b3d51aa72cfd3690e

SHA512
d4d41c2c1feb8c070151806df3516f679a430283d2aabba475fd4bfc3bd6e3802e0c30021de3d438d3ee1e488eec6868ddb51ebb0bac432388f0fe1b9603f5d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\UocG.exe

Filesize
225KB

MD5
f816b22d8905e751379e95ede38ff4ee

SHA1
37773d960f3cccc02e26ec738b4159082b9807ee

SHA256
0ccc003bfd213fefa2f9c5e1885db4eb276223ebeae1731ec0d3538e5dbb3ff6

SHA512
9e7afcb89d0b6ce77b82715607faf206f732c356c3f2f7d0fd036cb1b3542e3fbd1223c3c293e8d5689a12dc76c611f0e437e999744bb345b1cedac4d1afac2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UwMw.exe

Filesize
201KB

MD5
dea55b107ba651d4473e381e5d629229

SHA1
b9ff3af0178f00ed0c1df74e1f3513741a9d0c47

SHA256
f96f2835ecf148b59d2c14d1717243ef7d66f31767dbf0cb3ea4a16e18dab3aa

SHA512
8ca40a995a1ba940da336dad81e3f8e5f86b644bbe12c8c3ab4ec45deced11281ae99d3d4c3b2d86490873a851df5de3bcf3d8e8936ff179e4c366a71858b178

Download Submit
C:\Users\Admin\AppData\Local\Temp\VCoUwUUY.bat

Filesize
4B

MD5
a7752a04c6fa33a19150b832e0e2dea8

SHA1
d6ea753a8d0c0c3059a86dedaa6cf3bd64c0bf50

SHA256
5114f7a467984dc5b3566307e51f86fbc8d24e987ae8f0e6340c84692f570ad1

SHA512
39d9634afec59d1b8bb1e623222312ab85d967104d43924e3c029d4890af5e3cf957e72d850f7835ad9a7444fb75a067a5ef8eb126e6f065f66ee9522752e58c

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGwgQggE.bat

Filesize
4B

MD5
421802f001222b85f7a288fef28c04f7

SHA1
dfc1af90ab58a10cfbdce92721ef02e0072f9fab

SHA256
5431ee7e1e9b389e559f5f8587f6880059e649ab37225c9f8cdb200e642cce09

SHA512
ad5244e87de1068a70a956fadd2b5546324c3657865a1ac02c8e97a94ac9f35c5d4dc39f1135ab5a878a0befd5fb5f51c35feefeed3c4fe7ea114c55a5648632

Download Submit
C:\Users\Admin\AppData\Local\Temp\VKoccQUs.bat

Filesize
4B

MD5
adb294101d89e1b294e05d1ad1443d53

SHA1
d4b913dc1b7e165469aa09736aa9665df694231b

SHA256
66f22fc29b4399b6e0c4a4c1d91db949ef8a3061dd4169711864b253b75a83a9

SHA512
c6fbe1870fc661f77600ffe56f2f599c05a8272db7c9b4c68729e1e88b66c7f5df791e903bdf7b3d7c0a161158af8527b4bfbed19c1c87e62cf336aa6ce5bda5

Download Submit
C:\Users\Admin\AppData\Local\Temp\VQQoQsQA.bat

Filesize
4B

MD5
76858609fcc982e3e2805532d4c96e1f

SHA1
88f3a30f465f4ae5a3e913abc2c79758c94ac284

SHA256
98c4f7804b1e6d6b7b836eba222865f9c2f64416145e128f7296485356145bf9

SHA512
9cda732a22934be7c7ac1d043dd357e93f7f377d5c26710d52e68b10c9353ee5c97347bde240a2f712fcb8361cdc706510b8bf80d4d976276f07f300c2a40df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\VUosogQw.bat

Filesize
4B

MD5
b4659fa5c14b53e98c52ac79211ed0f1

SHA1
a51a2bc7d0e49ab60e5b5dfc4692d644e3b45c19

SHA256
dcc9a25d3d4f9ba85f7919b7f622644d6a526725f98fa7722bc9109a4967152b

SHA512
75a942044a0b8aa6474373aad56efba352f017d28c5be4a532bda639b019ffac5b8ea1c1b3715e101ddca18304f9f2ccc19756c30299c47fbb589d6365503755

Download Submit
C:\Users\Admin\AppData\Local\Temp\VYcgIIEM.bat

Filesize
4B

MD5
763f7b8222cb8275d220a1d6cde27d69

SHA1
907e953de680fc37dd869ddd4faa1cc2d508db6a

SHA256
28022b2cb61fb6911ed6db824b2412378ee2b1e1429513e9e6945be47773022c

SHA512
261ca16ce46f372045b288ec07360f32488bc8bab68c09aa77281706af0da59529664e6fd7b6a605f920e91fd98612bceb2bc174f652d30d4490d7af5d306cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\VYkgkYMo.bat

Filesize
4B

MD5
1c5c05224a3e2f30a27bbf3d000e1d04

SHA1
1dfaf645388d7d80aab28cf4e57624461f7b14b5

SHA256
ee4d6fcbc06c7427395bb83c5561dd84cf0a3c8d16fc4a3895892189ebf67a5a

SHA512
16ec8189f9ae9a4865ec82db31fdd08e42f97f6d371c6a1df2f7d978014c0f8635789c393954d27dc38b7eafd3356a3a982961c4ee2c8b1206b04f15645816da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Vycscwgg.bat

Filesize
4B

MD5
0a321a06020e2b32ce4c2b273ba934eb

SHA1
8034aaf1ba04c9e217fb71c8e7126946a83abb28

SHA256
9018860ffa5ec6fa8e560f7aefb72b491a696a143c6034b5279ba82d77b84a6a

SHA512
9714560d34923147b2f249397cc6c8adad4f05204103bb77e53b440987298d37985a42b785537dc94bb8b3297880addc8f55a75ef1fea13a76369209aafa9d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\WAYgIEAc.bat

Filesize
4B

MD5
2703f38afb6d700837c4e95880a48de9

SHA1
69b858cec4c28b01dc5c240a5f33e7aa638249bc

SHA256
ceed8c4c890ba1bb76b247bd1f0d02c662821eba489ae7159d7cd885e9b63b7f

SHA512
c8152fd6ca3c6a57fa7ccc5ef8810fcf244f53a6218a7d4c010473f2046e0a1485b58e8610a36f3626c17eb0ecc37c24066e37395ba5490d60535a1ffa8444f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\WEgU.exe

Filesize
192KB

MD5
ea56889c13fff43456d3bb2a27dd7a73

SHA1
c84f3f397f717206a475f9d3926de750439833ad

SHA256
d536d2d8249ce738aba9bdc151a373e0e5d72b768c8dd067bb1f5f4d40dff4c6

SHA512
8cab474f7a612e518bb6c15e90af2366acf84060e59c774791a1cba50eb035b00d78c5e022e3244d3a2b472205e6625d0a0ad4f190eecde3a6c8cf5e7fd40ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\WGAkswQU.bat

Filesize
4B

MD5
8763b3d1220f5ce34952191a5b5a5683

SHA1
babaa299d468f583576930e8971c48efa060bd14

SHA256
62c3fc7a53d36a2ba0e75ff8abbf386cf7529104c525c861f7094a16e0bd06e1

SHA512
395a66dc7bd4f1e8b1e73206786fa16a3ee640ae7c72be11871db2903a4f5bda868e6988369905d918a1ca8fece58ddd333a4ad37ac23c67a91bf890761a82fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WYQssoEw.bat

Filesize
4B

MD5
f84feed961df116b9616556859303ffe

SHA1
a691cb5c3c8fafdff61b993f7f304ad6cf127d88

SHA256
7aa51fd479fbafa5e5d65bafb46bcccdae3163b8c53394d254d0d016dbf57557

SHA512
6a0aecee4e62fc1eb0bf88edf9a7ccaff17a7238436e3dfa8ca1db4197b0e3ea011cf5fe0afef49c2d74b135b984575a3978461086f98e0e4828aec17867f1de

Download Submit
C:\Users\Admin\AppData\Local\Temp\WYgQ.ico

Filesize
4KB

MD5
47a169535b738bd50344df196735e258

SHA1
23b4c8041b83f0374554191d543fdce6890f4723

SHA256
ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf

SHA512
ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\WcgEIEcA.bat

Filesize
4B

MD5
872116c6beb2c4ed7f863c99a05870b3

SHA1
0df9f17c81a711d26ba5009e3864a640813082fa

SHA256
d9be7346b8319b3885956fce633598c7cecb6a132286217da98cad77c4462f62

SHA512
fad83e8195433f1e8b68e0b0a000f4b9ed0a5703e09f00f54a8a7628088554bf105a07c0453f72eea826df7d331713958ea6c419ee92c7400afa7fdbbddcbc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\WkIA.exe

Filesize
227KB

MD5
02fccf35e40a606fd6ad1eb953f47ec8

SHA1
c9eb09012bf5fa2fe0bf5e01fc4d9fb9548aad83

SHA256
0637a245c808f9b9028f9fbb3ac69844d4c42148a426e8ec21564637ac55b422

SHA512
a3c718ed94b9ca59f7540674c3d9190706bd4c72aa9e041d335525870c684611cd0a6568cdf9b6db73f5d71d7a9b22230075982ba256ab3138429f8650f4d6c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\WsAM.exe

Filesize
1.2MB

MD5
2bd5cc97be47b707ecb24c3e917a17f5

SHA1
cfb64592141b7be74aeda0876c8de7c51f9e699a

SHA256
31082a4f4816c6d876eee60a2b3dde06a26f893b344ff30608b1fc69c1f033cf

SHA512
bbb0c2f4bf9a75761fb5f6bcd73929f89656eaf122f3120c50f674465d901e2d6cfa9578f15f4c17501211edf1cbda214db607a2141a94d8516a612b77885b96

Download Submit
C:\Users\Admin\AppData\Local\Temp\WwYo.exe

Filesize
252KB

MD5
9dd4da461e7871465080a306f825141d

SHA1
f359b55f16da17d95ffc3a590a5cecec5f3845b1

SHA256
ca83455bcb0bcc6fac817dafc56cd69f9b759bab7590a8d8ef03089577342895

SHA512
19662d3cb8d7224c6080fa46be568022586f90d60ee24a0b4a62bb38bd019ec4c14f6af9c655855e2ead322d90b54dcbb28dde547ee75bb0f53050414715471c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XGEcsskc.bat

Filesize
4B

MD5
3d913753b64ee598bd67396143e67ddb

SHA1
cad69c1125d6080e71de6ad263b7568944e099d0

SHA256
0d09d9ebd1e6a3d29808bac33f0393177f831b1b6ec47dbc0deb44aa246edc1b

SHA512
6f7d44a5cb8f929b6fc4a966c4cab43e761677d3232b26077a5307b2e5cc040c26455f75dbedc48b8e6b1cd3bcfbaed899c64cf4d1304998cd6f5424fa105fd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\XUsUgsow.bat

Filesize
4B

MD5
a5f5b15ca7a0efd01a56c7b3e3c4a99e

SHA1
f238d533d1ae4130aa7f6e700fc35505ca8b9487

SHA256
59542ab9afc06222787c1d1f51ce411f15bc93e613c17a14aff54d827b27678f

SHA512
87bb633625be0bc46a1d97dcc99fa80f06ec515a58b9516999964de4b5c965b2e56f19fcd8136a15575be67ad287bf6fdec9332d4f69b710ebe7f21b9f3f1fd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\XYoEIIUc.bat

Filesize
4B

MD5
c8343f3586cc8702a452ac872ec12e6b

SHA1
a3b07d1a383c9520018b60420aa0047fcc7a0ba5

SHA256
52b3861810d1d128be14ceecd8af2eb02191e260725ea8742d98fa6ca484addb

SHA512
fc8ed2a16b2370700582fb25e502bc46ae1e4f525cdd85134ce9cfeb0b597914b278e81c8e3b671e348663d662fdd5a3fb3e6627e852ab1ba1cb96d8f88208f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\XewcsgsA.bat

Filesize
112B

MD5
bae1095f340720d965898063fede1273

SHA1
455d8a81818a7e82b1490c949b32fa7ff98d5210

SHA256
ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a

SHA512
4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

Download Submit
C:\Users\Admin\AppData\Local\Temp\XmMkcosM.bat

Filesize
4B

MD5
26c80bac8e33e548364bea44b357b178

SHA1
202c1e104e998d9936e14edcbf960279a9b2ede6

SHA256
c7a2574790aea66b4b8c404dcc556ed59297355142376760d7b118193aa036cc

SHA512
94892af805c43201cb816f4c6de9dc975531c8b1b3977f1bc077af2906f9ab09246c80ef373f40cb8ea599aa58b6af4f75088ef523251cf3cd45edbd490f3bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\YGcEsksE.bat

Filesize
4B

MD5
7e1861fa6216abb479ae364402fb5088

SHA1
19c5122813f810ecc830e672b597e78fb9c59d8c

SHA256
71c717e453f5c8720c0d3281d0c1b783e41411df25bbffb815dc3f1500f3806b

SHA512
4584804e992938e984094e4222064746c2ad1e7aa14b67724477087cf17262cc74289bbc015af8412e2f9aab8487b5956e322abee027958e4337490e5a669404

Download Submit
C:\Users\Admin\AppData\Local\Temp\YIwI.exe

Filesize
8.2MB

MD5
a8e95f039ff992f2a548350c3a6fda4c

SHA1
7b5493bb4dbcafc0fad05422341247b14ff657b8

SHA256
a648dd1f5efdb89c878ab221cca6c5b352c373c8990a8c678d23f0268f24e7cf

SHA512
7256280532526895a83ff22f2c1f548269bd07799493b27b7a1e2c04d55abda9eb44708e2ddc7a19a462f0ee1f2807571ed353126ab311e8b87f61c28fefc83d

Download Submit
C:\Users\Admin\AppData\Local\Temp\YQEgYMsA.bat

Filesize
4B

MD5
657d68897cafad0b86bef1c3527293b8

SHA1
fe0f0dfabfefeefd9a97a0e5469898125afccb23

SHA256
5a1eb66db75f11514ce29012463b8b3385fa6bfbbfc047d4f0dc899b638f914f

SHA512
a27b85708e8f0173ed4aaf3433e623e144f88a8b55687095dd23c53b6f5f3a99f5ec6b7004ae0f5e145408888282da0e7bc176aaf0d2cfaa8da4ee1ce16431ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\YgMUIwgE.bat

Filesize
4B

MD5
f75bcc1ccd884694955fa1f3b03cc8c5

SHA1
9646201a1150f9de9a7e9f7f7c0b42db53242349

SHA256
6acb0b3e98b4bb9a7226cf5a88b20240a1cc1443722111f5a5581d8d74fa6472

SHA512
85fe6faf2513ef2aa2f7ae11c7b26fbd40dff26088f235f6d65353490a892abd3d558a0ef80cbb9a0c92babb829abd79bd78f588c8878e7cb3d63647d23a343e

Download Submit
C:\Users\Admin\AppData\Local\Temp\YocccUEs.bat

Filesize
4B

MD5
605f570f87ccee33e68da157f4a4eb3c

SHA1
d92d95c5308bed3fdfd7dffdad93cfd3590c6c7d

SHA256
b0ad321110aae7015ffe0ed89b37d3849d034b57c7c1a2c6def8285235c131ab

SHA512
0d3876e5d88c89a34b7d39a539315f88118e884131a52025eb1f48649ba00f67f0cf113b54d67c7f3c136be9acae27ba2108731c6335545df44211ad6a38847f

Download Submit
C:\Users\Admin\AppData\Local\Temp\YogY.exe

Filesize
197KB

MD5
b3c227864e2a35387d10cc27d18a9b8d

SHA1
cebaa318804fbdf7ea0d00291d2ba31d8e9351bc

SHA256
6a61f0e4018ba6e61a258252c45e66d80068752cddcda046163b52680e3ce9f2

SHA512
98e83bbc26e98199409acc14ce5026bb731540306e93c88c495cb15941ec90514732ed40c01888fb9231cc6bf5c849282682b9e87e07223e0752b736caa7b205

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZascgAUs.bat

Filesize
4B

MD5
e9ac5e5ea4d0460e02b445fbe221081f

SHA1
2059c476c61a1addbeba06351145eebfbe55c2b1

SHA256
e1f5f7ff5ef79442d16752aa0174df4d84ad9576b937d444dedf65c8b9061c1f

SHA512
73d3e905e9bda2261a40c72f05655f433814a38ed98d0792c2ee50c39ca177d0c90c839b794812cddf4d6a82ab33fc5b25cadb2fd9b96493b570ca8200136304

Download Submit
C:\Users\Admin\AppData\Local\Temp\aGMocEMU.bat

Filesize
4B

MD5
078d9d1ffe465b35708d08c8404a8e3a

SHA1
0ff7774dc6798f8c6a35052277adfaff1285d014

SHA256
5b918924961e61a5ce05f1da47dcfde4f2e8547fe12a898fa5941356a4dd0175

SHA512
ac9ea106bab94f3b03230a7064a2c6c18a29baab75b66a506960a01da138022a1ea833d775b25c2c010dc2c0998cbb8746f1b9ee3f5fdfba7850938e03257f8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\aIgu.exe

Filesize
247KB

MD5
d380b259d44ae380853297c06fdd7b5f

SHA1
aaa6137618254c7647e0797f9b89d18302ee6a99

SHA256
ec329ea705fe85c45ba94cc12d2213f182ee32299be7feb83653a10e8a6f734c

SHA512
4102f368116b54ccb8d0588029c1f69f35065c39e38c859bab8a1e968812fd35b5d91e52a8187949eb488b720e7d251fe4c41d700d6bb56eb98b3e538c380177

Download Submit
C:\Users\Admin\AppData\Local\Temp\aQwIEQMU.bat

Filesize
4B

MD5
9d6721a02b5c37b01161543f2ec887cc

SHA1
db8f4ad6d15d1d877eb763ab7e74ae8b8ac74b9b

SHA256
74b781d05275d4330ca6c489017753adff5c81e292341183fd182ca612d45628

SHA512
4257f61cf2f4167fe9993d3c09d6c7ca19769e604b5e6d70a77d1cdc5395d62fb8ee886e58c194016eed0f8b82af74bbdc047d78cb9914599c4a8eecbde1adc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\aUMs.exe

Filesize
817KB

MD5
8884ab77de8a10b8e0700ac220030fdd

SHA1
4bfeb62e3c314b7bb382d8fda407f4bdd539b283

SHA256
72b1e9b8355500d6a751174a692af9cd06b1a5606cf4638f235197ded9ddfbe7

SHA512
07bd391e4bc207048af6b1f52666a5c882141e7d776388db05a14362779e33573da4dc20da5e712530e059e12c1baf59bab36a9b0d7fc595910e8ab5be688a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\aUUy.exe

Filesize
244KB

MD5
5656ecf48fad9d6e6484ecaac9e32eff

SHA1
1c1922e8a8a374b2235b8d720125a3d0f01d8d08

SHA256
f2688aada4be0507bb5d58c7f121f3ce426d5fcd46a5dbb26db5267912b3ff52

SHA512
b8f895f38b836db33f76b17e5eaf7e8cbbefdc787df3856c43b02ece9df1a71ef8ac231c4af19c12f3fdbd7d64f466b72b5dd7c0e4abfa3dda4c5a356a09e504

Download Submit
C:\Users\Admin\AppData\Local\Temp\aUsA.exe

Filesize
602KB

MD5
e71229d35ed47a711d3f94b60035803c

SHA1
1ec517fb8ef6ebc2d3aecbe8fca868faf3a13241

SHA256
4af9363592139f32f8323b3f4e085843ee7bb7ab123c69a6d16da56e78913a8d

SHA512
1c6041030cb1d451f671a7f83a53f35765dd966a878011b06de0810d83a89072be30e9ab8583041eee1c447036801ad2e6cf27951a86f23d3369f46ef204afc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\aUsMYEUo.bat

Filesize
4B

MD5
86bb20e2ec23f96decd55c254a6cdb5f

SHA1
35265e73941b8e6472ce5e1154c780fe7bbf13f8

SHA256
899b9369998f6c595ebd05b938243f8898550f97984eb6fcdec09fce7358cd18

SHA512
0b2c099d5c549e6cb9cebf86995a4c4b63f083fe2ec9f56eea0a1190d23fe448f9705b82da779aca8d6436d9ce7b3d7e150c4e47b94f1a9e86d744bb095c83e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\akkO.exe

Filesize
216KB

MD5
85fcb24e88eae7d5c67c7834a17b54d2

SHA1
b4b1861a001810fb329b69296e708a0e2fc696e0

SHA256
cb96f569a6db119f8c372552fabe579f130c45fa811faaf91677564b159e27e2

SHA512
78e5f9455931f22351831cb31012811423aabf194825d88e6f216f474f44d7e1dd842b270218801b047f79a626ac6334a2c380c6c1724d53e016318bf4ae2aeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\akwW.exe

Filesize
251KB

MD5
d34edc66837407ee510d61605dc85fa2

SHA1
34c0b4ec925d21472dde05569cef149a3c2417c2

SHA256
3bf8e9f612032cd5bd8b25f1d975b46941be445c98c939abb3213560fdf80e20

SHA512
7e3d47a7cdbee113264c4ddbf02e594cec4baa9ae74fa93aec10ceb7bfb56df33f0304b3f4d97741577b8c6a90b1f0380b4779e219eab334c3ecfea77b9f4471

Download Submit
C:\Users\Admin\AppData\Local\Temp\awgm.exe

Filesize
205KB

MD5
44d9a53487b23a4d6ac611c785134b12

SHA1
41eb3550c593867340da520746d0729e44f1617a

SHA256
805a5c58e63e81fc66a62ac8abe98ba0bb282d11b9c0bde2752d092eb19fda74

SHA512
0c1e472004611793b8a5b7b85281eeb864dc8f37bcc1a2fa0006eb7463f78460462106b6ddb74786a18ade55837c331d0044aa9546c2aeadf838bb17785b1334

Download Submit
C:\Users\Admin\AppData\Local\Temp\awoq.exe

Filesize
782KB

MD5
fa54dcf3374171e6b891b500cddf0b21

SHA1
4d2d34c911ccfa7168970bf1a5496ade33f079de

SHA256
c19910a62fa07b9e591ad02c082037284d665c4cc2dea65a3df11d28d265ada0

SHA512
731cf32acdd8a4b174c3224a9a929f9e9bac1577745a1f34ff5da73fd4c14d6c604ace1bc23a87e0e3ac3899963653c543a6a3e1308586a6516a0fa085a4b196

Download Submit
C:\Users\Admin\AppData\Local\Temp\cAYUIEgQ.bat

Filesize
4B

MD5
c947f7707688aa68d80e3844d6f827b2

SHA1
7e2cb44f68c80ede0412f717a587cc8e92dff885

SHA256
6ba93d51b4741af09747682cb204d3650d6abc84dd6375e67dc10cdc13bfe778

SHA512
8cdf16aca8be73f2c6dbdaf6bdcc6d744d66e7a868785d496e00a4de6dbfb464b78dcba463b4314f06e1661afb4e75a7e5a88f47363b1c121f44b84dc314054a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cEgkMEsY.bat

Filesize
4B

MD5
9833a4dfd576086b5a1294468d807792

SHA1
8b86f4dca5c36a684c3710bd7d339550d8be23fe

SHA256
7b2468b4bed38bef4bcb741760fb61b5ad69db93444b80eaab1813d08c3cb528

SHA512
7bb533681bbba75c00211f303c9dd6a30f1f126cac6c46d9f09ed9cb039fd5d13f648b358533586157414a669231b47ee9aa6b38bd5f24c3a3c5d40e4019b220

Download Submit
C:\Users\Admin\AppData\Local\Temp\cEku.exe

Filesize
236KB

MD5
c145320ad8b00b4b7bdeff1b8f5c5f30

SHA1
bd80addc15e46e115c311646a5412442e8e2d701

SHA256
6745c350846e8d99057b75efb58cc0dbc7a730e79b6d6acdc2cd2eaa74efff31

SHA512
dce8576a845ecba8c73910e72308c71716587cf634b52beac3a6cc1c023ec9e9a1170850445ca68ebb48f4cf52ea7a6b7732054874e88810ed4d4f20b8101069

Download Submit
C:\Users\Admin\AppData\Local\Temp\cMYY.exe

Filesize
193KB

MD5
1fd0c8399b2af68c8fc7b5bb9b90a630

SHA1
36236d8d1ef71aa60e565d5ed3b8fb3d2e53c028

SHA256
4c7bbe2d156529d47243aa555219c292f572a4d2aff004459a49b49f79d545b1

SHA512
3d98a1c783690f20c9958d13551d5a39db560adafd5ea7d5ee2d2e8feb007c92d835d93406bfafe85bfbd326fb2322645df78f808a108e4ba50eff47fe237a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cQAq.exe

Filesize
188KB

MD5
6bc1d3d7b11f7efcbc7c541b91893eed

SHA1
b33ea097875dd0899ae9ca7d96398c1849822af7

SHA256
d9c65725d0d14520d4a003bb88ddf9219302c03d6becec7c4fe474c2761d1f78

SHA512
176ecf4d2013ffb6858414335a278685f98f863dc52cffa538bd07bce4a330fa2d28788db833a2d9932b1347b81bc32d8a4e811caefcba496fbae27b48991134

Download Submit
C:\Users\Admin\AppData\Local\Temp\ccYm.exe

Filesize
207KB

MD5
4a783f28ef0b50857f7dbe2fd2512bde

SHA1
1ad9d8862454e5500b8d2b82c2bdbb09546f8e44

SHA256
e9e523af374d2e09a16d4392e2e60757f71a8e04aa6d476bd691fee73930789b

SHA512
b24a6e68097957888320a65822031013e09e29001e97c075144cdaf693d29b3563c103f45459b03413e0f2ac2df074f575a9bc21c9c0c391668a6fb7d2b3dd15

Download Submit
C:\Users\Admin\AppData\Local\Temp\cgYc.exe

Filesize
198KB

MD5
079a7247f7cb01a2ad9caca380da9409

SHA1
36193289bce279059d03c14f84a6c1302a041ae8

SHA256
82be37e6d9cb455c138d7fafd2d7b6e1a8987f7cb14ff0fdfd95c9ee8e92eade

SHA512
1e7d0364e0486c2f5735a7efdf682a21268ce605ad066656ff4ce81de867089b15f55c79d0dfd91ef1d6f3958b0733857cd8bc874e96d943f15772a0d0859536

Download Submit
C:\Users\Admin\AppData\Local\Temp\csYq.ico

Filesize
4KB

MD5
ac4b56cc5c5e71c3bb226181418fd891

SHA1
e62149df7a7d31a7777cae68822e4d0eaba2199d

SHA256
701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3

SHA512
a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

Download Submit
C:\Users\Admin\AppData\Local\Temp\cwUk.exe

Filesize
229KB

MD5
9e46c0303aecbaf5b659c309ae691f7f

SHA1
f2ab3b421497768395c4bab2105e976502861f64

SHA256
c8d3ea7b79fd8d45ad739ef5a93e9a18fdd50fbb47a4226cf7d0062538ee827d

SHA512
1feb2a911fb419769687ed145fff56878dfc9addf19d81c585e8fac6684d0eb66c88e1c4846af2e390964171dc7b24a5aa08eb62b7132c7f9013ee3dd022fb0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\dgUAEEcw.bat

Filesize
4B

MD5
c0295e407636b41ccd12f2e022a40019

SHA1
666666d5b9a75b30be348091f73346360e89bc87

SHA256
08db5d9a79f54dbc1f84cb09dc8c8101c4b89775392166acd4eca63a898c8499

SHA512
2598d4fd13e3f629997b552d1087ce529f6341f99a2e0239bb96f9c6b7ea812fc714eec2d21af224f6d219a9194d05ae209b886c7c66ec9d5daf16ee03f4932d

Download Submit
C:\Users\Admin\AppData\Local\Temp\dgwEcoAU.bat

Filesize
4B

MD5
d0a83bfc7c02d223761ca5bbfe703f10

SHA1
7c57aa4f2d0f93aeb872ed70c4a31a6473b58cd9

SHA256
cb225108bed58d3d15af222426a8a9eb7e23de144e59afe25436f7f9a05e1472

SHA512
c27bd8bca295dcd839af2c95823b95e2b6ba49cffeb7326154ddcb7fbd95ce073df28d1d7ad6f7f752b205a0b6c91f0fda5ab63443492966c30999445cf86cab

Download Submit
C:\Users\Admin\AppData\Local\Temp\dmwUsoAU.bat

Filesize
4B

MD5
17149ac8f28f7fb7b8deabc600200b43

SHA1
31278f78374b413966024c9da9286c41158f2e70

SHA256
eea46e56fc4af75819d5b6a763dffeb33c65d1dad09a9a0739c9195ee5d2f6cb

SHA512
fa3fb205033d378fa9a95dc2a8dd7d644fe9e11d5b2e66bd43838f839131588bb99c2446eae175fd766d8b54aec240405483b2dca5398f418276539ede3eb7bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\dqUoUAAg.bat

Filesize
4B

MD5
2dbbc35540ebdea1b1ba5d5604fbcecb

SHA1
d4f36bc23b72eae80f372019db31012de6158d04

SHA256
73e9d2fcec97989cd78c5fa2b61ee8dc671097af7514918a46f442c96efaf9a0

SHA512
5140ec3c8aaf5a19ad4172fcacac8b44f517c7b4461cba5448aa3ef6e1af175492bd63a87b1a0ecfbc8f020c092f7b7601813e6534e65941d164d512d4b04ea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\eEkgAIgQ.bat

Filesize
4B

MD5
2d96416769ac172536113ae30f7204cb

SHA1
b1f94bbfdf6670dc84faf06ca25653805c5f068b

SHA256
260561256e19f6267bc890e9bc9fcc02f1327eedf58e0e3e275725729ff33a50

SHA512
58b4deeb487e48519894cd2e86d05c22321be9e73c6b7668ede46f144e603739503a55d73e5027326ba02fc45f34d1c35ea5fdc8915a0d84c901f20092c9e62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\eIQu.exe

Filesize
222KB

MD5
093efbba38519db1025358a8d9638766

SHA1
75edab2fb2c52cef8cd16f1f02bbdb8f0c77e411

SHA256
e3f5e2ad3270c48191f00e2c77dd0ea9446bd4698752889decc44c04cae2b363

SHA512
4dbc446e7e8724f3834165ef3341e4076d3645243ca9091acd8c3e4ecd1b5c17ce3995d096e6c48d58659b2edc8d069f56ac2de71964150dee47ce7de5493b9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\eIUs.exe

Filesize
904KB

MD5
109728247eb83c10a84bd84f7c409e1d

SHA1
956f52149c22ea6b9fc08f16289b7670bd2781b3

SHA256
3a8601d139275e797a83b649fa9c2a5e059507b494af60bfa2601b408ba4c91e

SHA512
4dc2714624fc1a2394bcd2def0bfafaac9675aa624ae73b0deab6aabe0e6996a691d57d3f96680315d756b5bb35873c66ffdff6bb581d6ae8dd1b026fa83e501

Download Submit
C:\Users\Admin\AppData\Local\Temp\eYowogQA.bat

Filesize
4B

MD5
8be0e83ceda3627c9766b676a57bfce4

SHA1
63e24bc7aa25b9c0bb7a47856dd56d367660e818

SHA256
97655c41fa7203ef77a82bced73261fc585e3116d9853c4ca458be486716ddb3

SHA512
3cafb505090de1a92d7569274d0480e90c6441eff1dd5e9824ac84f1b2e52ae1453ed13f9e94d2586980cd089816ec5235020a5e9abee37766c74a87cc10cfd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ekoS.exe

Filesize
231KB

MD5
d8fc49a6e1e1a5c662ed7226f800a2ee

SHA1
69595d810b14f526cddcb31c32b574759001a9f7

SHA256
e658d8203fec41ec67cf8791ad78271e42680149d72832510c5037a89ac56af6

SHA512
bc2829b2820da118f1031088e8ca438f96860f9ae406a05adde779fe1f9678b8524325727ef8786358dc6456dfcafa1a5ef1bbc4c2ba1203598f40b9818ba041

Download Submit
C:\Users\Admin\AppData\Local\Temp\eoEY.exe

Filesize
230KB

MD5
62b8533856d6cf6e5131fd18cc545233

SHA1
daf8847808ab54286d2b8ccd079a84a4dda86720

SHA256
1fe6f2397a287f3602741a34888165097a284342e1ba65b5bdf6bc9541d63bf3

SHA512
8d3facf08ad62e352913ecc4fe66f765c70f20923b8d3da534c783507258cd8a6fc790da1f8956aabea9eba5ec09d321bbbbedb40b9c96f731ab36db2df55fc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\eoogEQUU.bat

Filesize
4B

MD5
84a19743b31d61348985cf361bafac5c

SHA1
04253d8e5f343b8a47279d272225162db7fe399a

SHA256
e64ebf0a33a991c31a4777a8480114d819695354eea7d1fb12e5d9eb7b5c5ef3

SHA512
2953291e97677384718439954e9dda9e300c2e1fb914779c469b1365127bbb764a4c8a9f9b87718c53bbd77fed34d19a8230457e835b9a756d29959ea30a4db1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ewsq.exe

Filesize
203KB

MD5
9bf530411a8471e7f299d9e5f186e03c

SHA1
34f975577da0e514461d4b5c61508d2ca4395c49

SHA256
31feaea95c7bb4a81a6e02876aad7e2908ef7a740c8643adc212cb3631328d37

SHA512
f40450c37eebfaef2bc7bd00067b7458623d388db76f9106f77a3e7fbeb8a6ea4a28428bfa27f51924d79b4fdb9a2fe6a242dad723acdbad209ebb14bc127733

Download Submit
C:\Users\Admin\AppData\Local\Temp\eyYcoUIQ.bat

Filesize
4B

MD5
c86bf6440aeb613889f4573e4afca990

SHA1
576297578b9d7caf48a98770348e7c64f843c45a

SHA256
bfe497204355567976954a7df4ad45efbded97d56daa9cf9bae805990d496ada

SHA512
66d3c453c9b7584158e20ca9e4389d7c07f0f5e6fcd48b1f1f5af3b91f6b68a7b2c2549fa282d1aa9b0aea0e3ce67d3bee99d6ecc3851bebb84042831b12e46a

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.vbs

Filesize
19B

MD5
4afb5c4527091738faf9cd4addf9d34e

SHA1
170ba9d866894c1b109b62649b1893eb90350459

SHA256
59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc

SHA512
16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\fysgIsYs.bat

Filesize
4B

MD5
d1b3d61e506189b9f03a1ac76b5a5474

SHA1
265832142cbeb62da6dfb4fa85cf054bb735f01c

SHA256
d4dee380cce0a212028173f24a171e25c9be6273bf2d5a131e69fc3d9555f18c

SHA512
e2f365e8fd135c0b3dda6f1b25926617c79a70155b203d18a8b7e2ef287bb404fddfc6b4dfcc50c05f7d1dce51c1266b34517c608bfb9427316a679d931266cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\gCsEYMoM.bat

Filesize
4B

MD5
24d58673a2c15163f8030057c7e7381a

SHA1
863dbba847960c4e0937da3a5f2f87fd61fcefdd

SHA256
5bd61e8fced73b4f62741a2ef2c6d50717b29b4028358b003e400f2933891aac

SHA512
a3077527f04d8517f3daa70d131c7bd9e6e6dd6c35a5443b25905e247be3b6e257db4046c6099beadfbbc668fd39135a7e7eb50949a8cb7244c0b1c2bf31ec72

Download Submit
C:\Users\Admin\AppData\Local\Temp\gEUY.exe

Filesize
251KB

MD5
d7e8275b3637e9323a3a2952baefdaa9

SHA1
5532510b247c6ae93dd2889df792d9405b245a7f

SHA256
602826aa418fa6e509dbb91df115e3f75f6667791c55ce0a262001cdc5e98a47

SHA512
e3492ec637683ae9f6e5113388b002196cf5de6bb43a849c10130cc535e8cce10c2af4e8469ef0c70dace0ab16f8c7346754089df4a8fd829101d21ec9b2ecc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\gQgC.exe

Filesize
487KB

MD5
e9daf4933210a49c3b4cd9d133a95036

SHA1
bf7bce2f722168986c217d29c359319219896601

SHA256
a348c11c78c7e5ec4e1b4c02ed50b9a779077da5ad8c8dcf002b8e4a51f93668

SHA512
4c68acecc7da11a1f751ac8d268ede13660b3b049fb683d69f2271b989f323697a3ecb51b5a32c8fb040f1c5dad9cf13cfc37c2e77e8b1334bcf67435309542a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ggAEwwsw.bat

Filesize
4B

MD5
1bf085c42244a2f0e507f60e25f03028

SHA1
952b0aae58366b37e766e5014d9f3ec0f5aad262

SHA256
1536e2248b57a7886f58b16fef75c7876163b0213658dc23db27cf11f9aafad5

SHA512
5c9b398b1265a3df00b7f9fbcd43ef1245df7d2da8893237b92d9e29b1dd695134ea778ad7aa7d654d1a7957fa80103687323eff9bde80ac7fad30ada59d0266

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsAo.exe

Filesize
238KB

MD5
dfa9f73fb3ed196a102d2704e3df8aa5

SHA1
6f67ce4504e15e5112dbb26f7151a10eb5445e7c

SHA256
dcf58ad8900991831be8c03e9ab2d97164bf5d6ec71fc9290d01372eef4022e0

SHA512
3aa6df916ff2ab0ed4a7ec03b40857747306a5026b5be34a644dcbed5af9f7a1f25b5252260b47450dac80e0794c5b50e098dd1f48f47d4f0ffd21638a7ec44d

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsMs.exe

Filesize
206KB

MD5
4671070c6fc2c52ca25f875ddefc693d

SHA1
aa4c15ef5c291de7098fa0ce7bf3417e1af8efd0

SHA256
0987332d770ed18d71f2e70fd1a9303af6f9cceed69f2bb506a7e97618f6be33

SHA512
2a2492ee01d0932465ae1f935a1b547fa4460a14c389b96946ab23e4e94a53cf799d046633862bca09afe388674fe62d1fb1680f190b4590c2df70c18fd8b365

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsUy.exe

Filesize
241KB

MD5
e12c233e1833e72903c2947627d06ef1

SHA1
1d43d9a83e7dac366e05d363e52640cad5d5c272

SHA256
436c394319c7c10a376b996eacee9cdfcccaaa2da106fdb4ed4ef2e52383d094

SHA512
148a55e93e78d0777695f9d51b93c3ee60db20bae68a8aa99fdf9a6007b68b0f73e7eba1c5002c723e7cff40d506d428c062ca45fc7e611fbb678e06aa6e8f85

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsws.exe

Filesize
246KB

MD5
671a391de3ddb13d4ad6418c1398903f

SHA1
160b231c1913b3be19974f330536379bb115a651

SHA256
409f0a9761dd7482c7a21621c8b32b2ea747dc854066f53f3ae265fbdb66855a

SHA512
a7cd65503d406479768cd84cdf6a33fe143584390352d3a0485825d8f8acb97953c51ffba2e3dd23a8133ebf9d4ed54bfdfd9199c19c45627f7480fde001b054

Download Submit
C:\Users\Admin\AppData\Local\Temp\hOUMUQsk.bat

Filesize
4B

MD5
55ca8aa698d38415b4f575159cc25d73

SHA1
7652aeb419f7b1de8723cb10972bfd5d4f8422b3

SHA256
2e86c4dc51fb5eb9726a1dd7532c6cc6606f9a1b9e9be2af3db117ed47fb6653

SHA512
ce92e6db0f78de3619cdb941a8e1c29f16f78abd7aa899114ccacdefe207e5b59187fc84665b158e495a08bd8c03c4681d97dc25edb7e409670f016d6212d48e

Download Submit
C:\Users\Admin\AppData\Local\Temp\hksswswQ.bat

Filesize
4B

MD5
99d0c02c7db740a13fb1167931b542e6

SHA1
c185fc9f2e18176c4d302728b83294c410818419

SHA256
4d4cceac2d22f3d19d803dc7b8ddc3e493e22737057c03c5d582b9f2bf3b4fa0

SHA512
7f8b9e5a20b1df59d6deec66fa64095e2e21d866ce1aa70bf63bb76ab3ccd18a9d717742295d43fd297e2e3754c2c17c4639ec8b1611c35797bd647bbf1a1f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\hoMAMMcg.bat

Filesize
4B

MD5
a9a3f172fcd943f6f7db15260e3c76d0

SHA1
c9d2b82f20a2756167b8607ff3aa7b4b3f7d9c8e

SHA256
da8dc5e728367d096098c2b6be17a6b971de165c036866c40bf6ac534d4c948c

SHA512
85782efabeb9232031e7cb1e51cae5eee26c73fba995bf7bfc5843e0e01c77615c17459a683720fdaf74814cf053cb490703b62e25b885586814b9bd0877fccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\hyMUoYkg.bat

Filesize
4B

MD5
6181f48e1a059c3a576add3575dabe72

SHA1
ac3eaa5c66faf5549b8d549e3ee1cfc164d73dec

SHA256
c8f471a57de7b0a4a62e869813299cdc0cd30a843f0759b6fdad9f9876decf69

SHA512
947a15a3a678e7ba338b9287b5dae9c990c7b84126034896dd42cbdb986cea680a74963196142e316d1266aac4aa01954b2a324e1acd78b0fc0522553e6b1349

Download Submit
C:\Users\Admin\AppData\Local\Temp\iEoA.exe

Filesize
500KB

MD5
d8f7e11acdc9c89754aa273fa85707b4

SHA1
45d5ccc5105c4131685bb340aa840187e03622d0

SHA256
0b0f8457bbaefd09411b598b6748809ee6b17f28b4d3866dfcbe6cc9b35f3229

SHA512
923034bfcaf6520ad3e86fc4a421bf585373598231c991a74633b4bdc8d16b054a979461c1ebfedad98f311deb4656375a4187e62d992bc24a110923c38418b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\iQAG.exe

Filesize
200KB

MD5
1225c8984a21a3ffb1b853a33e6bd002

SHA1
8f57c7544f25adcffac1ae268f6bb35b5ed0a789

SHA256
a163fddff9fe50fdb2e30008d7573e06775bb8223307e7b23ae5f0b4638ceeb0

SHA512
6ed93b4abd641d61712cca3ce378227f7f6a11b903e55f9e392ca7b04a8b8629846ab8fa8736296c73aaf98219bd25d50880b3b19ba8de3cf79ca70b74acf96c

Download Submit
C:\Users\Admin\AppData\Local\Temp\icQE.exe

Filesize
233KB

MD5
30d82bda1ea6d4885513867962cc50f8

SHA1
04e6a2f8a417fdafbd222e29a8b3e135edb594a2

SHA256
cd26240e3a287f3905b713991bfad8a850e0f1c2c72c7d769c3e20b4254ba2e7

SHA512
d37734ff0750dcb0c3c82847650d8bcdd31bbadd001d9c5816a140ce86a693c7229ad7ff3489605408c497a02854ad3b131cd931dcdf3bfb0a0ca34cfbb189a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ickO.exe

Filesize
243KB

MD5
f22dab2df4f48d93f17215510bef91b4

SHA1
833fd51cc2b66f93d604ce59cdd0a1324f46f707

SHA256
4dc95987d2e870571c065e345636ae3fa4f27a59cade3d6a49324cf54830d40c

SHA512
526ce610a090b1eb35ece16b37293882143b635598ccf06fc78a81282df4d070b8301bc62db75265069a5a3d2bfedc221f6da2e55b7293e07bb35c3f9db5deeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\iiYAEkkY.bat

Filesize
4B

MD5
ab6fccd822bd465d8b75aa96f5e4689c

SHA1
6fecf5ac17bd1540db8bf9eb227af15d8d721897

SHA256
6271f6b00125036bf3071a6ed83e6932228489d40b68ea333d14bda0680e6c0c

SHA512
bed9241c07831aacf0102a5f3392d6f4122b37dfcbfbb976834c64e7bb52cf71f2f717623d430f0cb9d99087ed32ce6739798b2ccda898ab5b02d6d45da23aa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ikcI.exe

Filesize
327KB

MD5
8f9d63cd63903aca31e9a3e0e1c8f386

SHA1
8739b74116089a258a6de5259dcbac89484ffc4b

SHA256
5d571e822b35b0a55c3b8dba6f2414df20d8a5627663346f66f49623924af4cc

SHA512
fcfd9c7d2196734ce1a6f39e666d860da53dd658f2f9c8c94bc19227c9aa3ccea2999f41896715ef1b6f6def3ba44ca8267697904f5e4b11eb9b18072d957b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\iocQ.exe

Filesize
677KB

MD5
c9e0468127043bbfcd51458ed95eef4b

SHA1
fe0856702ddcf826ad1896fa26ed305c40946009

SHA256
156c0fffdb60dae9c093cd8015edc8764f39b43a1d5f001ad78134077791c28a

SHA512
b167d69f3be97f25b6f0ce569b6f9e731ed6e04b969c68374f6ea755539be420e76e12110c8ad5483c5f00eb1710c6de98430cce479afc79b88d6c19e90a1469

Download Submit
C:\Users\Admin\AppData\Local\Temp\kAgI.exe

Filesize
936KB

MD5
446690cdd3a60ecf747a4d70bc53e082

SHA1
fa2c26978b7dc83243a8967fb7daf020a561e086

SHA256
8b260bcc26fe7b4837b2d7f5fc2849738b830bd3aa849a9fba24229f8ccb039d

SHA512
c09b03f9582330560e62fa2eac7a5bd27c4b61f9c7ea0426bcb0a4b466616a0b736ee250ef8a94c480cc6b8d51c05adaf3735fb116f850f93b6f2c8c04f17ca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\kCAocEkQ.bat

Filesize
4B

MD5
9459e6795a9f4c7ff2b85996b0b3871f

SHA1
b8559db31807ab9bc7f3806c4d31efcd98d8f151

SHA256
29832e96ba2240d171334843c0d12e01cc42b81fdd16461ecf8f952112a3d669

SHA512
136dbb9b548b19618452c122a469f8a93b2402f597784ecf3ff0bc84c08561cf99337efc4a3dcf513e2e59ac7abfad31348fbe593d88f0d5869062f9664f70b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\kMgu.exe

Filesize
202KB

MD5
dfcf22c2d550721c196e8eb9d53131a6

SHA1
9ec0ae71d753a8166567f6ca955f44e4269d090c

SHA256
876686246e648fcb37a64336c1627dd5e36d304ffe3ba5da2c43d96f76287bfd

SHA512
cfc459f8ad340fd4b4504bce1e584280b51552144e0af6ff1c5406071e6ad7e99a5c7523c1bbf81151f78541c34174cefc09d413873bdaca441feb8783273efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\kMkC.exe

Filesize
230KB

MD5
216a507e78a9b9f0e6980cf6b76613e5

SHA1
f0644afa365f663b15cee1a7c18b1fb65bdbd7b4

SHA256
3e56327e416b80d3985702381ccf0088589dc03f99dd7bf7ba9b6a685e19c4bf

SHA512
79365e075febd6d3994ecabf8a19348d8d7c859eeb07b15b90ce10bf4da9321a394a831cf0e79d786e7767d5c42c0f737fcd89703a54ad2b59626ba3dbe8a1d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\kYko.exe

Filesize
242KB

MD5
a4253728fa7608f0d67109b06b87adc3

SHA1
34ec8d6f21a795cc95addeacf64cecfc0b1f06de

SHA256
f5b2ec589a7015c1c3a6716a7aea062fbcea82b5eeef5361b0a87d74bb68338e

SHA512
82fbf0ed2ffc1039d23166e077cf4eab67aeb71d7c79c973f1ca1ec840fb40cb5ab94cc726456e17bf936ec0b3df9f01eb70a21b49bff5d4f7f9c59c15d9f1a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\kYwQ.exe

Filesize
250KB

MD5
23b4c3d313173698a7627111de92b47b

SHA1
a5ba0fc6ccddc8812c35b2e680e1a8ca3ed45e85

SHA256
ce9ed261e4c4321279a50c43db9627304e424b036f5bcac2bfd3a899fa9bc56e

SHA512
66d1510eadda56051bcd1f8c16d04ab5192c638827cf1bfeb830a7009f158996e42feee243f607f0407059f6eeca74c9e733bf5499b219dcdbaf3117bc3b1ff6

Download Submit
C:\Users\Admin\AppData\Local\Temp\kkkoMIUU.bat

Filesize
4B

MD5
939869462e500e230c2a868ee952b22c

SHA1
cb733806b52696d09fd03061fefc5030d0695692

SHA256
fac1d2d5a13c432f065831b11ac1ed9803143097615a02ea38eed5b8f61e3815

SHA512
49ac5a5d4ece09d1b79276148ce615b3c03b7a2764483d426c98672a2fbadf37a213f9c185993299fa5bf209c86ba4247423046faa112bf352dbd3ac4bc74071

Download Submit
C:\Users\Admin\AppData\Local\Temp\lesMYUcU.bat

Filesize
4B

MD5
253e11a6dabc1532fd1895a8ff2e582d

SHA1
d7b1ad04627fe13f2567df0097444b9cc17e8798

SHA256
1d02111317ef2558280a6e1736d70ed0a3775fe4f8a62bbedbac73b6256b0e55

SHA512
aa26bc026ec15b4f0a91a32dfffa5384f21b86d948415816b6380ae46eac88b1501a05523617727721bde7e5ef5b43a9214b30f3044a5fe40de2dfa74235310d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lqQUYMkQ.bat

Filesize
4B

MD5
7e45b4acd2e4c500a5ba4732986f6c29

SHA1
17426a3ce51d22660cdfe1ac90b4ffbdbbd24aa9

SHA256
137c71a4b5c499ac578f89282a2789abfc059b1a0fac929a40c3cfc8685e8e6e

SHA512
7d958c03b50bf86f50f7c6376bc83beb44f0a194bdd22ee1a5d1c7203b0eece431ed54f0c43c87c6d3e1293b54348b3cb4bce8866b46648e5ad5c89f342b1a2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mEIEUAoY.bat

Filesize
4B

MD5
bec9bec963f24254493ab9d0ce16c73f

SHA1
e63f452bd31fc0b9bf19129bb36ae8e1f4126ae2

SHA256
b012e95a83d97484967dcfdfacf098af71df4b5cf0dccd62a4367492bc956a83

SHA512
44335afd015dd36d65fcbd1d82299e8e4bea65ff8f5f930a8170de34ee0c39edcfb99e0e70cee93aa1d4a9dda27774b3e46652228774be99b86a3854eb103fa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\mEkIwcoY.bat

Filesize
4B

MD5
77e0ace1d03de0e1361c37fcbca3f577

SHA1
c1dce3e9d1052319f16e430cb5be3709a1e31606

SHA256
753d180f68a72eab2286fd943b7360e3946860fad91b297fdf964001ec5f3fdd

SHA512
abed256ff5f197ca4cbbc468d69e05fce9292f080e4f07bdc42ffee8791ac4eadf46e59503168f459d8f228bb039a7d0976f376f66028fcc4dd02e6719a070b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\mIAO.exe

Filesize
797KB

MD5
49a5479570243e3c75fa750b8577b909

SHA1
9a4aeabd43219fdbb76ab7ecf46891af23af104e

SHA256
dc75a0e61b7a7e5b4656b3f58dfa5ba8e3958911eccf4386dbcb63e8d8ce6f7b

SHA512
bb86e673217bb66b2dc38a4000125c83bd6cec8b62d74004d99d66684242dec474f02b52ea6971c134f26066dd1d5e17adbc5e740c0a72ef16a0b752daa5752c

Download Submit
C:\Users\Admin\AppData\Local\Temp\msoc.exe

Filesize
233KB

MD5
f1e90887fee3b4834ac2a5bf3960cf24

SHA1
c7f617e2dc80d32014914806a0ec4763689a2816

SHA256
5464136b9c01469a41810399567ad2204883f334e080ceef10ed08263eae5439

SHA512
e1aba2e67948f9ce41e98988e3882811050ca48971b2ca61fd9206e38989c71e01ea8c82105cea809fe956fac95b66268ca2719e4b86880a79035159fd77635b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mwokAAcM.bat

Filesize
4B

MD5
8bbbd333ba09ac7f628e4d514797575f

SHA1
ca51346a6ed46dd56dee9e09985f73c0935c7911

SHA256
2465b42b24ba41d55df22d83810c05eac99e9da03c7eb5d127dc26f4926bdeef

SHA512
3d9a2c8ac0c21c58f9d609578b49c28386468d8d6abf5070288c962ce6bfae2f7a12ea8a60c0e3f5334e096aa30ebd7022cda70f51c5e788cca98ee0dd447388

Download Submit
C:\Users\Admin\AppData\Local\Temp\nKAwIUAY.bat

Filesize
4B

MD5
0c9f7633ec79961dda0ce1028691f6e5

SHA1
b32aa4dd4ff999618b476b3b50756f8635f86e85

SHA256
9c95a2f608d3edbdfdd44d8f630c441ec43f25da3a1cd41be8635a77e7f77ec0

SHA512
6d7666aed4c1ce4455910800cf69c4ac1c55355904e51c003b5d93d960fc18db03339824f886c5eb598cfaa0b077bfea992ea5c904ba5b9928671448ae20df68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nYYwEkUs.bat

Filesize
4B

MD5
7fc8d2b8822cdd3b1182e62ddb41b53b

SHA1
afefb9de06e30256fc5471c9dd104dabefd888bf

SHA256
31eeb86bff18eddd4785bd09796f0f41df29fed02f33ba070fe2110eea2f9e94

SHA512
abc8676ad9d03b4b67a3710e2cdf252746d1778ce215035575f43d14d63350c34693924abf14c310aaefc138c1d130c53ba14bea4778ff74b879deece76e65f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\noUQcQsg.bat

Filesize
4B

MD5
82dbdce09c9e16e55024151af5fd09bf

SHA1
526ee24d3dd75254d0688356a1c18383816d80e5

SHA256
0cb4749dbe8889af68fbad6f5b33c57187421ffaead5eb6ab9002fdd79302713

SHA512
3fc8fd982d24bca661265ebf9058ca10dfbfa7f690b618f664f25870afdbbdbabfd038ef17f16cf28d19a2b4dfaca94fbe677e8c04dfd0940cf5fdc3ecc7da87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nuocooQg.bat

Filesize
4B

MD5
f376c5889edd26416878f68202d5440e

SHA1
ae3613e4cdba769c47cbcee405782bf42ab30e37

SHA256
02746b3d3823619c015613a62d1ebfcb6203f003307e9eda4913a5266fd86199

SHA512
ef55e05530ac9f12afaaabb698057afb2236fe7eb7168c2b16054a607acff2ef848b6aae28cc9f755a0c8f32486c302feba249e0fe5262640265c87fbef59a85

Download Submit
C:\Users\Admin\AppData\Local\Temp\oSYkoMAs.bat

Filesize
4B

MD5
c71d6c08d0aa7bcbe759660e4de4beaf

SHA1
85f2f0af16200b3cd67f8f21455fc33ab876724f

SHA256
b59fed3b25c5041c6291d1993eff961b07d1990d60efb00b17ca70db7a88b626

SHA512
427dec3b0c0831407864f51a997941f8bbd17782fd23ed4929684eb50883d660157540b380805ac879bdab8d9358c1444437337e4e9fc12150f4f506d10efcff

Download Submit
C:\Users\Admin\AppData\Local\Temp\oUUw.exe

Filesize
215KB

MD5
e1ca62c8ae9385ec5607eefe6b60105f

SHA1
1a22a946bd31f885d406ad0142c428deafca06a1

SHA256
9d8089fe37b766b863b8e071bc25c5fb5dd81f73b31656e2f46a6734b3ec9e26

SHA512
001c3a3d00d6635fc8f9042f071305575e4c776f01da35261ef7e2160b978a853809bc4bef6198f0ce62a25a71eb37a20a8f71cbb84368b9a015da833ce82f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\okUG.exe

Filesize
242KB

MD5
c6d7d8825ec48b5abeb0d11060194445

SHA1
e62e24d7aa18bc2aaf20ee8ca251e17afc4c80e6

SHA256
c405f2d276864acc77f306a0c49affb5e44ffc08a6d19286c5961c14dac9577d

SHA512
31c44afb483bb331ed3b7571aa20dbc5c19ce9e1987ace70d3201b6777bb261dfbbf98a56b41b927fb4f5ffb49ff6b12767f26e9aec1c7c3941008b880e48756

Download Submit
C:\Users\Admin\AppData\Local\Temp\ooUK.exe

Filesize
207KB

MD5
1760e80205f10baf51b520cee29505f4

SHA1
c22677587dd330ad2bf9bd8f4a9774328f2913a3

SHA256
08966ee525bd04c7b8aecdaa7c2b0a3348436f29d65353353c012aa40ce8e62a

SHA512
51c7256f47020e7b511571bec50cda6cce5625428a099204bb3e9715de455a75f9f3bcdf517591b1fd903115a1d02580b885cda8aabb4b1608a2856cfc622368

Download Submit
C:\Users\Admin\AppData\Local\Temp\osgw.exe

Filesize
309KB

MD5
ecdfbd80cf258a6305777f17112c5942

SHA1
d6300f8289f602da003b4dcd0598fa0a5bfeca00

SHA256
4cb869a677164cf076513ba1fa23f2c297ee9ade4b3176af420af98bbeb7f616

SHA512
2a53eb9c9f1a75f092c777ace6440ca9e3c98539e0f3cf52504511c6414e2ba3dde5231dc1bf77f22bcd63c6fb994d3a8f293c986f4276e79cb55e172a03ccfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\pAccUEMU.bat

Filesize
4B

MD5
1cb1d0f4e946b7e308ed2e2178ffde14

SHA1
4564f9e584745db479185058d35b807fe65ddc9d

SHA256
5587651a58e88c2b165ce58f47b1f592062e79408a292977821e65390898346f

SHA512
6b8950e380c6113165a51597b7179d95c2edcd9714d588e00790acf6ce0805557bfdb780f3032253130ff0a4473f1615a97c832ac627f573d6299a66e568f34c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pCgcUcUo.bat

Filesize
4B

MD5
2667e9a34ad1fdae99a2016b136223cb

SHA1
284a0a75ff9e299ff5f4664aefaf300d65f5abbf

SHA256
e5c3e4abcb1518e08e334edf432f5bb7417bc4430707d56d29fd5dacadba2557

SHA512
e3675663e52b178a4ba6ca397ea779263339f644296e0418fc7dc3488416b1109c4396b8f748b9fde0ec32c18936397bdf9c3f6716a4ab05e5e8d42099174492

Download Submit
C:\Users\Admin\AppData\Local\Temp\qAAQsMco.bat

Filesize
4B

MD5
fae38b90ea2441849c4521183bf9e635

SHA1
e0555da7f98eacbe28af3d7725d1233ef9a1be0c

SHA256
51592f8a633074a72feb0d6285e6b22389a634aaec11ba9a551d8de909607819

SHA512
b449c370a426a357dab94a7fa8a729bd3f9351514a898f0382f8a724eba476fb980a6d57d8e1b46a4a69be9ea6c593da5ec1ab4dc5c61465d6468c6ad757c8c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\qEEw.exe

Filesize
188KB

MD5
bb3aee806a2a96ebbeef9957f9427a97

SHA1
21683ee8bcddc82723d56183efddc65c6e96f0cc

SHA256
7fc5430b3da9afb2223dad01ab11067b4f73d1a766c0141e30a3c5f75526ac5e

SHA512
b9818e333732c5e929e605f9f1b1cef4c4213a0c3b258eb8093c8611894bb52fd5e37f477549250be82df5912ef8b1805bfc949ca5d1fc530b27a95d591a9168

Download Submit
C:\Users\Admin\AppData\Local\Temp\qEUi.exe

Filesize
236KB

MD5
826be344e78c919585ba5f76e56b42a7

SHA1
540f1d3b242c9a130879343a6ac2229ade42d644

SHA256
03057d3dd7cd36366fb925c81828f247ed420686bf1fa2f293f2534891fbb197

SHA512
e6039e181fade5e4267c5acbd97d1561de44db7945ec5139484a43698872a2cb7d478f6888818ef69938c54f70d6a09cb985557f546df817b73385745e8fe9ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\qEYS.exe

Filesize
245KB

MD5
f4ee53efd2dff8270e926728bebe8722

SHA1
4ec961d16bb8611b92cf75c4795f11ace36e817a

SHA256
db15ab335fe0aa2b7c7e904782d361af9eb1f1491552dca0269cf5e2f54271cb

SHA512
ad23ba6957da2c68e3aa64665c00e91eef041f1e231556a69311da2d9910b18852dc3d423ac9e2f62473ababaa2a17c6f434a91ea549d12389567b9ef3db1444

Download Submit
C:\Users\Admin\AppData\Local\Temp\qIIs.exe

Filesize
190KB

MD5
1b7b6d53afe5ab148bbe758bf9293f2d

SHA1
3727813c70785b29ae518e4b35c11d9eca6c4c9a

SHA256
dde8f09d6670348306831ae6c337bc68bc608ed912bcc6fa4be708268938bc0f

SHA512
14cb2be095248493a7fa3de3ab729fbb2108118f395fadddae3537c1f48ae3f897ce39ab4e0fea9f05347271855df7722754d60505a2d273c958568528556b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\qcgs.exe

Filesize
233KB

MD5
c65524326c33d1d69bb5948064b4bcdb

SHA1
27bee3f2d1186766966ae6649d572e908034aad4

SHA256
123a12b7f2d400b08b5c53c711cec88cc9647e8fa0aad0c448aec347a3fc399b

SHA512
11bcf38ad587ed8891fe5ce9efc88960ac034ea5c39c3c7721423e7a3aef125d2306144533045108653bac79e903acb9594bd63bf4bdfe36a81fbbee9e008db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\qcka.exe

Filesize
1.0MB

MD5
49d893d639fd32a19329fa17458877a4

SHA1
fe8ac45a2fb8f4c4409919a86010cc7a257f4a52

SHA256
feba8d7a2e4233522bc07859215e293879dc93f9295ab0b0099a02737a0668cf

SHA512
2f225e75c17d70597c3650909121c88b3a096b570eaf3cce7ba8b95a2abc928d43fcc23db63e2564e308259583a9fe2a7461127d6ef809c60841412d0d964e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\qgIU.exe

Filesize
238KB

MD5
eb45ee8b48e54ae58bd6b54d5a90bd7c

SHA1
1d0e00039f724d90e8d79b8eb56702d32193891b

SHA256
6a6019288a821b676411b2e676df87e3707401575f59ef3843d93e4e365ce202

SHA512
a90201f8f4dfdab22883df484dec687d8a2d355c79a2e1550799e8b611f0337a3b22fd37e2f04e79861f42dbeee6c083fdcee2bad3280a013df14a0eb872353f

Download Submit
C:\Users\Admin\AppData\Local\Temp\qgcq.exe

Filesize
229KB

MD5
c275c233b186fe399f15d47c0668c0d9

SHA1
6be065bd72f74712e502539f40c1b728b600da39

SHA256
e1de46ff35f0c1488cd69a159efcec2f0c886120b46b8c7e72ab2e97be85d782

SHA512
bdecdf27256c3a0a6db5f5aabd77d9e3dcd4698e392c899f3311a35dd64c4a40ff6564fcb6b5a0a1c26da808ebfc1ba022a61f0924a0c160b7cecbcfb2a9d638

Download Submit
C:\Users\Admin\AppData\Local\Temp\qmYwkgsg.bat

Filesize
4B

MD5
ffb91a8ac26eeb6158b09aa41507554e

SHA1
971d671ee4e63673324f1f63d0aca3ca1d840982

SHA256
5ab46709032140c194524ce161715cdf8c4fae1d91bb370be8313db8ae4dfeb2

SHA512
8fb3e3f76539ccec2353ce4ff82bff1a06df605beafd2bfe4b0dcf90f57802d41d2fe2543bd89019534a07feab151ee4e1c67bf0b5e77f0d88c53eb0217de181

Download Submit
C:\Users\Admin\AppData\Local\Temp\qugQYEQI.bat

Filesize
4B

MD5
90f34a8af96dac0a8ed2fa24f38115f0

SHA1
55c0bd3066e76ad160d00826ea083a760638390f

SHA256
530d1a7ecaa7471fd77c0aef44929375faeeafde13a7730508130c5d24009412

SHA512
15430bb157c14f2d303d73c792cd103a9137a33fe75311d0302ddf50364f3f2c45f72f5edbe76ff6877faa7542b7c6b428c811d4362979b82915b150aec64bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\rioIMYwE.bat

Filesize
4B

MD5
3e9666fa90e17ae80702b6f13218da20

SHA1
9ee8cbc92b85c8f3362a08a03b05e0fe4109729f

SHA256
74292ec26f3db053f26c9aa3f447818df2dd01962b47d20170cd0b38b2dfbd5c

SHA512
065580861f67dcea5c2cb1b5c5d63cf73b9ef609e831f2482a6c1e9cafc687d1b4c9bc64596dcb28ba39668e2eae646b51716102ef8fe3ca8d002f20314c4e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\rsoYocAU.bat

Filesize
4B

MD5
58e66a6108b9f4528942ccb5d67f7754

SHA1
b1f4e80537857e35d95a3fe2c3691cdfe352bfe1

SHA256
b97bb4258698b5cabc953daa30457b614a75aa8c7c6c05297171f5602815b0af

SHA512
814f5553bf41cd14020cf6461ae014fc623d0a00fb22c99ef4dff0b750581ca4f3f449ef2dcc55212878b348007c3d0ec35827daf2412d6fa571afd5215d5823

Download Submit
C:\Users\Admin\AppData\Local\Temp\sAwq.exe

Filesize
942KB

MD5
99f27b33f8836cb3e391dd6d232da9b7

SHA1
77492c78eb9b343197648e1dbee3cd7cff25d1cb

SHA256
caaf4ccbc6f9b4b9d4fffed4a8cf90e3998b44253b9bc368d468dc7c58eac6f5

SHA512
a8f52d49a6200371f4368818e7cad03f20ab54c494d36d45c923861992dd9e55498e253cafe316edd2f64d16e1d234fc1f6968ab28cf9b1498a2f29bfacc2734

Download Submit
C:\Users\Admin\AppData\Local\Temp\sIIE.exe

Filesize
646KB

MD5
be76c8c984ee473b79b204c64bd7b727

SHA1
90a48c3cf897f26f3ac8af9153c796f245734b48

SHA256
2d73a029d37e27ac47fa568c86f9b4b91b0438df5c40c42c779eaf8f369a51fc

SHA512
d16957f5f25e9abc68048c73d1f334e7bbf7d4d6e3688613027dd883845ec9680ce6ad546560fc1667af53cd8a5799564aeb6012660452c3e8f3990906d60b7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\sIYg.exe

Filesize
643KB

MD5
a68d585a3bc86742d9f957fff814deee

SHA1
91f26792fde7403673c02fc91b86fe58effe38d8

SHA256
b325b33931d78704b0a5f16a16c9766a802263724589a73fdd5a5dbbc1012f72

SHA512
27bb0d32b7a06b6d0d1bfe726b3ff24be5f6f53d146c5f2a738837b6aba6da8265ec01d810b198a2aa40cbe6f64890cb615eb802abbda1f6e28a6e88128466dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\sMsq.exe

Filesize
507KB

MD5
f05d1ae419c8ad3bad9fabdf483202f3

SHA1
ac75f5c3b6fda5c44722d723f5eac601b8d4a65a

SHA256
7d48f8e7757dcab343b799d67af857c846eedeeac5659cf459eb8e939a4c8b3c

SHA512
01e6e023a34865bd7d58948ff493338a3188815b6f5ee2c290a82a80db4488ab823aad36e6f45ff4bda057ee7f64d04ee1479652b61b48cf6c93de623a4c5663

Download Submit
C:\Users\Admin\AppData\Local\Temp\sSsAcIwg.bat

Filesize
4B

MD5
2e8d99a351edef064849f08bf616efa3

SHA1
c39dce3f04a81bb3dc33a688cf96f11d88419f01

SHA256
acbb5e3f3ff73fdcbf92dec05bb899a285983ddabe47a606414d8224b6ec44f6

SHA512
e3e5a84d20f13926ccb3cd06e1f321fb559a2d605b70f1bb0f6799c2c8d20de8e936610d29f249db4b31ebc2be8ae2b402ca40f3c45a74a33afed33e1363ffad

Download Submit
C:\Users\Admin\AppData\Local\Temp\scIccokM.bat

Filesize
4B

MD5
f564e24f9b838dc960f0d3e5b580bcee

SHA1
dc31453fb740e9c817b8cdabd9484ca169fccffb

SHA256
2b0aa456502a53f3ff8b91fab777a3b36f0a1207090c79f21c1b0274571fb7eb

SHA512
85e0245b79bba3f1d7b4f5d845540308d8ccdb3513747e4c23895fbe51ec1e8a4851091d4ff4695e8f25614d316e28099321e0cecfdefef62541695ff7679055

Download Submit
C:\Users\Admin\AppData\Local\Temp\sgEu.exe

Filesize
950KB

MD5
655fcaa7a1a95b7f9d8dd1a8e3622583

SHA1
f0e0697eb411d5fa5ff054050e5c7fbc1fd67444

SHA256
081b6ed457933912b3ba0085feba82d9a404b81e7c55580a630dc95c50732b7d

SHA512
7be81f45a4d9174342bdf7b4311e39033da9b784780ffc1c5bbc2986ba651ad82d60f00d160399e3bdd033a6b7bb4ae999ab767005af8a40e3f5e672b215e7f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\swAE.exe

Filesize
181KB

MD5
8e4b3beffab431e8efb3483efd6d1741

SHA1
83d9aa810856b9ba3f9dc7d14a99f7c197082606

SHA256
1ecdb200661430ab8e8824777f521fd08b1bd0a18db0515b756934d50c13f607

SHA512
2f287d64c390b775c2b05ab1c2829e807c8c4fc251e3a2a709f0175927e8ead3c59ac0f57993bdf99482219a375493cd1d5e1ffa8e0427f1f1c99ba656ddd4b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\uMgC.exe

Filesize
215KB

MD5
b21e9d0924d2ec0c50903a02f4d114e1

SHA1
4c93f431505add6fb849c3b6f88ea2f41b684394

SHA256
948cdd36885e78b06290d65a9ddbb2a4000498a629e42932a30ce8cc2314e748

SHA512
a7198c5b2ef29085c41abd960768282a8fe855f550e00f3cc41b1fee9bf4187bf7fc2069c305da7293dc05ad410d53d9b6989c81169bbe8e7e4d5ea15406baef

Download Submit
C:\Users\Admin\AppData\Local\Temp\uMsg.exe

Filesize
4.8MB

MD5
b4b4a1c6806c2b54e13853bbfe5e7827

SHA1
644e05803343eda96d75668251804f5e5c0189ce

SHA256
e7f3060a8ecb1afc5728b81122ff560b8a4718d515e95a3f4566a816cc3d95e7

SHA512
ebff1cd53da366eb8250aba6517d37ec9d1b8ad9f4c9d46b94fe658da4c781d935732497bb526b6dae82c4b9748e9841303be641c2b23164d0857e601606da88

Download Submit
C:\Users\Admin\AppData\Local\Temp\uUca.exe

Filesize
235KB

MD5
0ebd58c02296c6aac7679a164e3473d8

SHA1
d3976b353f38c55cc56815633727ef4f44b95e6f

SHA256
f2fb6d547c7bc7159ba4d069756e25cc1da31fed28061465394bc3c993e064fd

SHA512
738fbf42cb5dbf1cc2d4aff1ebc444aec17466177f9e2c6c62c1e4103ea049a41d1d03a3efba485afc1efd272f5a5d0cbd81bb046d0ce9787f6de8ed18598f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\uksy.exe

Filesize
525KB

MD5
3bd44b3a479651c9d756d3a9a94f8181

SHA1
73440e7fbaf4ba1c4cde1cd7a92fa3af8954d8f1

SHA256
20841e4aac6d25722c297a692b962233595da308cfce73f6a0f85cf3e807311f

SHA512
d5044001c90d2969b4a1187c917fd30168dfe95f18f7db77dcd1c4afbabb1d5dacfef68f845779374c626aa8643b39ffbcc5954f1f24b8b3c2a7990cf6048303

Download Submit
C:\Users\Admin\AppData\Local\Temp\vMwQccgA.bat

Filesize
4B

MD5
effe2dceb1c1ea2d7df3141c51fe3bb8

SHA1
198ab65248e78137a8096add4477c5d6b281f0e3

SHA256
1ec918349265494153a27d450b8cf343c6fd2bcf1b2a846a77fb4442b2f5d4da

SHA512
6c9fe17a6e88929a47d66a902d7625d0c8042f840f72e9f68b2f95d12b3f561ec40feb20d37a6b6560f4fe48055d4f184bfd94441015ff14ed06cc299f71bc1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vOYUMAcQ.bat

Filesize
4B

MD5
ae18669d367e7466ee485da4deaf8d38

SHA1
a54bcdbf16b8564db6f5881b2a0b22f15bc0c45f

SHA256
75d5ce689f3436a55a012d703c36d305fd969a6e015bde4b0e639a6e6b2d5cbb

SHA512
6ca10b80648f86ab8c7cbcb828c48342e974e3c5aa67c2526d8808dc45f2d3739ac180dc973d67d5ade6d31a691a7297372ca9cd2ed5024f42e9b78e7c2755a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\vuUsAsYU.bat

Filesize
4B

MD5
70c16b7a7b4dff1fe662697f2e0d4da6

SHA1
828d928932b46b2eccf6a2fac617020eedb4bbb3

SHA256
4350aa32787b06310f16c21956d0f5f50b38db2f5f99abd8932501d601911593

SHA512
b6552e204b2d38b1752920fd4c0ec92075910ff70aac93caccf357ef631c897711cd53058564901e6626032c10a2e2fa22eb0cedaa95ff6a12d27e8f2e405887

Download Submit
C:\Users\Admin\AppData\Local\Temp\vwgUQAYQ.bat

Filesize
4B

MD5
a7cfef75f4bb301cb6a612f14b3ee04c

SHA1
fc651d215c2200a8bb20ab1b19aa27f842c85116

SHA256
f1b102998334900dbece092c65e8082de80342ecb4df584194484dd83a48c9e5

SHA512
f3f5d4760577fdd9264f58741df8e118a7e079cdc208b1df7ba033a5fdc6953c6dd7d5cef5c78f665c19dd79f17aa522566e0ecbbedb542637b7f6e6e0d22113

Download Submit
C:\Users\Admin\AppData\Local\Temp\wGsEcwIs.bat

Filesize
4B

MD5
4a57e35a024a2795e8046d5d7b181c88

SHA1
6290c2d6920b8f8e41cc86d088d5652134fe1823

SHA256
aa332397ffa427194f236faf5848f8ef243f757eb6695e78e8c91890f5ed896c

SHA512
594a493bdc3f6222210738c65018eebbe418d4392a534bdcec004a6a4d455fb4a36cc039b22ef80e0c57e4b2010d834e363094ce97fa8cb6ee318233cf855f36

Download Submit
C:\Users\Admin\AppData\Local\Temp\wQkAkQIE.bat

Filesize
4B

MD5
f4bf975ccb6e840a2c2def6a7e714133

SHA1
b7891f2705fc4840c7da81821416b7ea56919e4b

SHA256
3d440b79152fbbf3b3999eca2c4b494c8f064cb7b51221a2e049a7f137a33335

SHA512
200b50ce0515ada3bac15b690f354bd1c80400fdb0121bb5fbc0db5fa2e317f9e3f0e8e7f22062b06633581bbd4167b8d1c4fb001e1a45bf678ede6f097131ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\wSggkgoI.bat

Filesize
4B

MD5
5b3df133ce47a35ff65ca823c407c8b7

SHA1
be910e60ddcac3b10dc49fb427a66afbe53693fa

SHA256
8885bd36f2fb547b7e56b40f6dcdf67edb67a9047b9762546d5a3b756cef42d3

SHA512
8b0fb2e4a01e3a96f99f720b26a13949135ff3f22a2d3fac37bdd3ef1a9af0f4b8f31aa67c07ed37c6ec8d2316c76749a65068c8c89feba81d4dd1f08bd4fb59

Download Submit
C:\Users\Admin\AppData\Local\Temp\wYEC.exe

Filesize
231KB

MD5
b97a0c833f832c9fbf19ca44b929d04d

SHA1
620e1c2a84315a9449c663d33c416e12d593b670

SHA256
43f5beea042257a4cca8709cbf260bac9adcac2b27f34cf2c74dd14cddca3cb1

SHA512
4cabf4b9b1e21ec074d9e7375add0edf96e8e7f091d0167350897d77287e9bd111c78b0436012010b5a5010b90c13aad632deb4fadd9c17cda868101369e6af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\wYsq.exe

Filesize
230KB

MD5
cb55a5a5d2e45810d3dd7fa852126e18

SHA1
43be90a78a95fe539541ae8b68dfe5e5c57ee98e

SHA256
1b5c94a49ea67432578f9ed7c116276f96565d5cc32f8714f54f5b2ea1a376bc

SHA512
56cd57d23aff4e5ad4a10e20fc7db55cfffa2812a95c60ef7e890869586a4d1fb48dfccd2252aad840c93e60274a857194e47d2004cee11cdf189e9b89470903

Download Submit
C:\Users\Admin\AppData\Local\Temp\weUkwsoA.bat

Filesize
4B

MD5
4a65ee7cd9743a466baeafa4ecc98049

SHA1
539779a6f7ac1840fdaa3be1068c07f929c0ab90

SHA256
a53d4b77f9d023d4b76f0ea61992f857272d6220b2804053e9f464ad5075e251

SHA512
1826bc6959cfe87e3f32b940787b420eb0bbc09f531affb4e464e70cece0d2856db6e10ce904dd7477ff8ed3540b1efb5ad09c3861e11c3301ef160753aba4a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\wqEIwMgA.bat

Filesize
4B

MD5
95ed8ef57458d832bf1522d36907003c

SHA1
c9022e6c186114bc5219bfc198fe11017d8c7c00

SHA256
a0e6c59e9fa3a244a6935e488a891c28d44650b774c1ee464ec4ccf94c4f08db

SHA512
0e87802258a4e05d1eea1e062c7dd1808854d3d096143aeb525705cac7b498bca53f29954ab15f5b990c64296ddbbfc7a759965cb28b32639a176da97d23e115

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsMu.exe

Filesize
211KB

MD5
8f8025048daa8da492535f77c5cb21dc

SHA1
899854816d0135cc457f9d10d332af7f527410ce

SHA256
846bcb6e6d9375c9f07e72ff9dbeecbc636be5f4b604d31817148fd3b44abc9b

SHA512
347ce337f4b0a398e788cad02a2831a68f18d0f0d0343b15650b87e799113d05fe5db2477215d9299232c51e9ad054a48fa598263c9e0c160ce447332c86d13a

Download Submit
C:\Users\Admin\AppData\Local\Temp\wuoIIAEY.bat

Filesize
4B

MD5
b36ab83d11e044166c378476053f6e93

SHA1
4385fe53de0e3a36d9e23b780a1a6fc8d5eb61fc

SHA256
f0b7be6832e42046a500ecb318c9ec90b8e752b4a937bf04cdf57452d17fc897

SHA512
14dea934de2de7adf18dfd49a51dd19887274d1ac9c9e5ff6b474c0ecedd9cd03c122396c8a21955a5ca538a026d303d6727ebc7c4a91820073f5afc1c7cf748

Download Submit
C:\Users\Admin\AppData\Local\Temp\wwoMsoQY.bat

Filesize
4B

MD5
e50d852ac4fb68b0aa0aa9fdfad52730

SHA1
932f94ccabee325a6fadb41216ccee9b754c3bdb

SHA256
f2fb5f3b32d9cd3a1048330ba6a7d858acac76500b7cf12fe9dd8703e653d567

SHA512
e3c15781b4c112ce12c028c76b24c24f52c9d7a2b1a81913ed549d816271c4b85cd151266b4fbc212e953deaf608c7bd5e54dba0885374ea9133c1706ded74fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\xAEUcEAI.bat

Filesize
4B

MD5
3cccd4a9e28c298fa902e08bcb497ac9

SHA1
b32e07645ac11a806c8c9777e6381e14d665d1a8

SHA256
9f6c9d7d36131b3bd1de04b0c186425b587483ca73737a8e0e0f851101f1b46b

SHA512
632d4bba8bee4483041e93749f26c19ac2bf33a84e0da5da75e4a80c61f63eb14d74ef0405bf40850d38a260a97100fffe10206cf46a1462c05ad3e9f98c8636

Download Submit
C:\Users\Admin\AppData\Local\Temp\xKAQAMkk.bat

Filesize
4B

MD5
ee9bb6a2d2b2be667bfd864050864deb

SHA1
b695d878bd3231aac13047474ce56bdf445f9ab4

SHA256
ccf83aaf0848b97718804e4a584d8b2eebe5cc92e35ff466c5cf91acfc2554e4

SHA512
c830615257e7057ed46f9383e44e9d6cc9cc707552ce16f8fd9357baf17570423502f9029d184700236cdf3b9da2cccf1d0e96d8b7ee4c8f5e6becb4e062c2cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\yIwYYQgg.bat

Filesize
4B

MD5
29782960213717635f976832c6f821c6

SHA1
76dfebcfd0805e755e6a6062b861f1d7617dc760

SHA256
1dcd511e190f3b49891e340edaf141f01fa710380fe91107b2cef75822031768

SHA512
9da45db30aa686a11819d222693587a17bf1e981fecc1767741d0d1e25969700546759b6959be6f10511611980ace283ca7cdb8762ceaeb7b96259b653479931

Download Submit
C:\Users\Admin\AppData\Local\Temp\ycsq.exe

Filesize
199KB

MD5
6086336559086874b3ee70269ca51307

SHA1
0c23ee91915cca8929c1a11ad4dd2845b86ef51a

SHA256
e51bd0cd216c98c5e67cfb5d97ef2fba7cb2b289ce0f0005fbfc1eacbc552897

SHA512
9e49fd42f6c5e30e2ca5f658f0c4d00a39e4751da40aaf19996d6ef1239b1fe429eaa9010cb38f0412e873e2e42582f87757beae1ee5f59a78d276e339de638f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ygMO.exe

Filesize
197KB

MD5
fbe1367844b518728ce968c3baf9b6f7

SHA1
1853d70a830a235c343d024e410f6e29199a10d8

SHA256
5b1dae2a8b7c45814740520b46a2c269425feefc7754d64ce9746ef8ad369afe

SHA512
8a871ffd65f70788fde8c9834a48f94d902177af630560198540dcf47554f6b826ff4a6f0b4801aef87f20eb24aff882228e598cd44d9ca3ca443093148129e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\yocG.exe

Filesize
245KB

MD5
09588bad4c98062573576721b2d37ffd

SHA1
58409304822b1cb58e55b46486c2a63cc39d3d4b

SHA256
0f374e3f3d778ce6bf1fe6417523239139b813123e7327a202afdaf67527190e

SHA512
3901027edd4ca709bbea1668488edc7c16715baf0cc069062a56eba50f931282f51c3f1b89cac63f7f41d1e6c262ad3684f4836783ba4d04cd4f7f281223e860

Download Submit
C:\Users\Admin\AppData\Local\Temp\yscI.exe

Filesize
232KB

MD5
f234dfd1b79349ca5d1605349346c896

SHA1
52d460d683d96f2060cf22e9796c16928019854d

SHA256
5e76f7dba7507fe272aecbef34ee59bb4c0e55de2f43d3f09f44f9cd7c9a906c

SHA512
063f14eb57204b68a7ed3af9dafc4bb618c5f5640c2ee0f9a1064702cda1fd2788ce815b160cf66cf47442a5500d38aabf345b4a674ea19feca29d5244317fdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\zMIEUYcE.bat

Filesize
4B

MD5
a0a81aed50752532084574dc0944a6e4

SHA1
33f9731c78df3bba87003a249fb6ca37f43fa979

SHA256
d8d919120a7c2866324fa59702c674fb00b747b77ff70f765364724a8726c9e2

SHA512
8a8d7e9eb2d6e109fce2eb83cf51883f9b03b1737aac84a44eaebd48fe47270d9337eb12d8e7a23adabc59f7178552e134f0791a84aa2fa1e90bd25c873c7c86

Download Submit
C:\Users\Admin\AppData\Local\Temp\zQYEEQEc.bat

Filesize
4B

MD5
af4755826cf5e352165d2b11d2978676

SHA1
12926ab67f7f3a4c8b059aade2e0fef759bb972e

SHA256
1aa13516931cf3aac35891809434c714a5cee20309a9856ab951c0fca9417dea

SHA512
5aba3dd24a679bd3bd74744ac9ba247d5c65c928dd046daad4956e06635a4c209a32fba5098aeae16e06dd6e988ae798f60a5ab2cecb0a399ddce404a5eb815c

Download Submit
C:\Users\Admin\AppData\Local\Temp\zcooUgAc.bat

Filesize
4B

MD5
68bfecad0bad9a0ce9ccc7fc1f02b981

SHA1
88c55ddd0d7920c47b24bb824b607d6a50da8f73

SHA256
4bfe86e8300bdad6ab20b3800dcda9e6f8568b1112ef6794736dd9f61d0be467

SHA512
5c1947fa4e4239f959b8eef96562a32f497e854429f2ef93004458aa528f08443703adb1ae8e29e8f43b158d4c615580dbfbf8a04a619c3a74717894eab96544

Download Submit
C:\Users\Admin\Downloads\RestartReceive.png.exe

Filesize
545KB

MD5
c62f7ac62f7f253e03a1d52e1f29f423

SHA1
cea55fe897d7ea4c2c74cd393e298d3e4a9c9ed5

SHA256
46c2227b4d7e852eaa818c68e42f9aee170f3c3d17427da8f5b34363357d2ac7

SHA512
102a3e7cf2529696e63fa43a847e3c0a41836cfe27ec91d4b9106aa48984b0ac20a05b737301b9a571e970640f5e9d7b5e04dd84a0435da954732784e5acd247

Download Submit
C:\Users\Admin\Pictures\My Wallpaper.jpg.exe

Filesize
211KB

MD5
7f6f904877f63b3c4619d41e47784dfd

SHA1
b5337e0f9f5c7c719c94f989975007a4e626addd

SHA256
1e5d918ee0082f14b87009a7fd1c3f39e7715357fcc57a1037adc6462164af0c

SHA512
f8851a834d063066687914a6fc98ba3a416558630e57a08623db8589f99fb00ccffba4deb8f5afb806b2f380f0294350d5f991bf503fd01ec347fd5114ef3e92

Download Submit
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.exe

Filesize
1.0MB

MD5
da7c6ad284569b0691a0e97928eef6b9

SHA1
50781d4a4bcbdf398cab8e2f492c5d6d28a98cfc

SHA256
1e843de287de03df6238c30378f1a073c9a98ef8733277f860d14016b56fd29d

SHA512
3b846931ccd3dd4f5bead2cb222f1cf2276d9339eb9cfa1c9bedf8c1b6337e67f4abb3cae2ef1f1121ac450da620f4c5f6852457c6a7441e0de6976cf3108682

Download Submit
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.exe

Filesize
741KB

MD5
ea931349439bff4cc9590a4413862bdd

SHA1
77c0a7b3a3efddaf4624bb27e972077e72723576

SHA256
22bbab207edd58c266057bde78b616957ccc86e0190ae3a181399e81ae70084e

SHA512
3b2330c5374769de7c50d8e04e868fd5d66687e89e5dbccd8137b8ddbaa855cc8318daf6e913e75c79b342ae97bd6eb82fb2699f58fa00f3429457cab934a466

Download Submit
\Users\Admin\SMIMYoEo\BUkMEUcI.exe

Filesize
202KB

MD5
6fa959d6c695eb0c9d43bf56d77f37a3

SHA1
b42c6a13d63ee4b5d06d5a41a834face7a674788

SHA256
84aee1e7fcc683d574cc9b523f8613bf52f88f8d56baa2e63a33dce997d6351b

SHA512
35a4fdd5eac75abdd7890ca53f3ed1c1090063b33db72ed30984b67e957609be437364c9279150245fce984313351941f2537b27f21ddfbe15825fc643e1d0cd

Download Submit
memory/284-245-0x0000000000190000-0x00000000001C3000-memory.dmp

Filesize
204KB

Download
memory/284-246-0x0000000000190000-0x00000000001C3000-memory.dmp

Filesize
204KB

Download
memory/292-164-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/292-130-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/412-558-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/412-530-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/488-105-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download
memory/488-106-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download
memory/532-107-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/532-139-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/800-306-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/800-273-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/872-507-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/872-508-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1016-571-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1016-416-0x00000000001B0000-0x00000000001E3000-memory.dmp

Filesize
204KB

Download
memory/1016-415-0x00000000001B0000-0x00000000001E3000-memory.dmp

Filesize
204KB

Download
memory/1016-599-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1028-669-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1028-247-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1028-282-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1160-650-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1224-417-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1224-449-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1252-83-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1252-116-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1288-345-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1288-378-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1368-610-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1368-638-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1372-509-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1372-539-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1384-486-0x0000000000230000-0x0000000000263000-memory.dmp

Filesize
204KB

Download
memory/1468-609-0x00000000002E0000-0x0000000000313000-memory.dmp

Filesize
204KB

Download
memory/1556-232-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1556-200-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1568-496-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1568-462-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1720-34-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1720-69-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1736-590-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1736-619-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1904-152-0x0000000000260000-0x0000000000293000-memory.dmp

Filesize
204KB

Download
memory/1988-271-0x0000000000270000-0x00000000002A3000-memory.dmp

Filesize
204KB

Download
memory/1988-272-0x0000000000270000-0x00000000002A3000-memory.dmp

Filesize
204KB

Download
memory/1996-353-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1996-320-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2056-60-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2056-92-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2068-223-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2068-256-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2088-570-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download
memory/2112-178-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2112-209-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2156-129-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download
memory/2172-549-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2172-580-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2200-659-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2200-629-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2220-222-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download
memory/2264-440-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2264-471-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2268-82-0x0000000000560000-0x0000000000593000-memory.dmp

Filesize
204KB

Download
memory/2292-518-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2292-487-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2348-368-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2348-402-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2364-177-0x0000000000360000-0x0000000000393000-memory.dmp

Filesize
204KB

Download
memory/2376-296-0x0000000000160000-0x0000000000193000-memory.dmp

Filesize
204KB

Download
memory/2376-295-0x0000000000160000-0x0000000000193000-memory.dmp

Filesize
204KB

Download
memory/2456-319-0x0000000000650000-0x0000000000683000-memory.dmp

Filesize
204KB

Download
memory/2528-32-0x0000000000560000-0x0000000000593000-memory.dmp

Filesize
204KB

Download
memory/2528-33-0x0000000000560000-0x0000000000593000-memory.dmp

Filesize
204KB

Download
memory/2552-22-0x0000000000460000-0x0000000000491000-memory.dmp

Filesize
196KB

Download
memory/2552-43-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2552-12-0x0000000000460000-0x0000000000494000-memory.dmp

Filesize
208KB

Download
memory/2552-9-0x0000000000460000-0x0000000000494000-memory.dmp

Filesize
208KB

Download
memory/2552-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2564-329-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2564-297-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2592-23-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2616-367-0x0000000000130000-0x0000000000163000-memory.dmp

Filesize
204KB

Download
memory/2792-342-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2792-343-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2820-59-0x0000000000590000-0x00000000005C3000-memory.dmp

Filesize
204KB

Download
memory/2820-58-0x0000000000590000-0x00000000005C3000-memory.dmp

Filesize
204KB

Download
memory/2824-528-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2824-529-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2836-153-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2836-187-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2876-439-0x0000000000160000-0x0000000000193000-memory.dmp

Filesize
204KB

Download
memory/2928-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2956-393-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2956-426-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3056-391-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download
memory/3056-392-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download