e03f859ec2b9ae57590beb8d1acb4225b819e445ac638243e566f7a0466788cf

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
Size

268KB
MD5

5b3e104a28b0fe470b49d27e6fd466de
SHA1

21081cd1114148f53787375dbbf23b15bec2fbc8
SHA256

e03f859ec2b9ae57590beb8d1acb4225b819e445ac638243e566f7a0466788cf
SHA512

1765e99245312028831d496e890ca68c8906651a355d6304408ab1e39d812ded00e0ace00b665de7b81eaba89a570c12e88bb7e9bd3def234b209cbe4f10403e
SSDEEP

3072:AolMtIr0rbOKsZM3XjcuvzrEtLWeCbMO72UVAFaZ15M9BZUHdZK1yBbEpCI3BaUx:Ao+uwDFBwWeCZ7H7ZY9cy1Ib/vQnF

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Processes:

reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

UAC bypass 3 TTPs 64 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Renames multiple (57) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

jSEwwgIM.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Control Panel\International\Geo\Nation	jSEwwgIM.exe

Executes dropped EXE 2 IoCs

Processes:

jSEwwgIM.exelkwwwIwk.exe

pid process

2096 jSEwwgIM.exe
1888 lkwwwIwk.exe

Loads dropped DLL 20 IoCs

Processes:

2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exejSEwwgIM.exe

pid	process
1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exejSEwwgIM.exelkwwwIwk.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\lkwwwIwk.exe = "C:\\ProgramData\\WWwAYcEo\\lkwwwIwk.exe"	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\jSEwwgIM.exe = "C:\\Users\\Admin\\SmIsIYoU\\jSEwwgIM.exe"	jSEwwgIM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\lkwwwIwk.exe = "C:\\ProgramData\\WWwAYcEo\\lkwwwIwk.exe"	lkwwwIwk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\QmYkMAUk.exe = "C:\\Users\\Admin\\wwkAEgoU\\QmYkMAUk.exe"	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\suYIIMok.exe = "C:\\ProgramData\\dKsEgkks\\suYIIMok.exe"	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\jSEwwgIM.exe = "C:\\Users\\Admin\\SmIsIYoU\\jSEwwgIM.exe"	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe

Drops file in Windows directory 1 IoCs

Processes:

jSEwwgIM.exe

description ioc process

File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico jSEwwgIM.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2972 1216 WerFault.exe QmYkMAUk.exe
1092 848 WerFault.exe suYIIMok.exe

description	ioc	process
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico	jSEwwgIM.exe

pid	pid_target	process	target process
2972	1216	WerFault.exe	QmYkMAUk.exe
1092	848	WerFault.exe	suYIIMok.exe

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

Processes:

pid	process
796	reg.exe
1644	reg.exe
2856	reg.exe
2692	reg.exe
1592	reg.exe
2760	reg.exe
2980	reg.exe
2428	reg.exe
1152	reg.exe
3000	reg.exe
1908	reg.exe
920	reg.exe
2520	reg.exe
2420	reg.exe
2268	reg.exe
1580	reg.exe
856	reg.exe
3000	reg.exe
1272	reg.exe
1104	reg.exe
2712	reg.exe
1116	reg.exe
2016	reg.exe
3000	reg.exe
2532	reg.exe
1948	reg.exe
2676	reg.exe
2560	reg.exe
1456	reg.exe
2988	reg.exe
2672	reg.exe
1716	reg.exe
1892	reg.exe
1204	reg.exe
1284	reg.exe
2788	reg.exe
3056	reg.exe
2976	reg.exe
3000	reg.exe
2904	reg.exe
948	reg.exe
2116	reg.exe
1836	reg.exe
1876	reg.exe
2924	reg.exe
2712	reg.exe
988	reg.exe
2936	reg.exe
2420	reg.exe
1988	reg.exe
2812	reg.exe
2736	reg.exe
2880	reg.exe
3020	reg.exe
3056	reg.exe
2296	reg.exe
2372	reg.exe
2708	reg.exe
412	reg.exe
2320	reg.exe
1676	reg.exe
2268	reg.exe
2060	reg.exe
800	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe

pid	process
1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1200	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1200	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2216	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2216	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1476	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1476	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
764	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
764	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2940	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2940	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2616	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2616	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2588	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2588	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1480	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1480	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
452	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
452	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2932	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2932	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
992	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
992	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2796	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2796	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
320	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
320	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2572	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2572	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2176	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2176	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2064	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2064	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1880	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1880	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2464	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2464	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2736	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2736	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2320	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2320	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2724	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2724	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2420	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2420	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2272	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2272	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1880	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
1880	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2372	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2372	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2936	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2936	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2400	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2400	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2856	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2856	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2088	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2088	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2712	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
2712	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

jSEwwgIM.exe

pid process

2096 jSEwwgIM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

jSEwwgIM.exe

pid	process
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe
2096	jSEwwgIM.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.execmd.execmd.exe2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.execmd.execmd.exe

description	pid	process	target process
PID 1160 wrote to memory of 2096	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	jSEwwgIM.exe
PID 1160 wrote to memory of 2096	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	jSEwwgIM.exe
PID 1160 wrote to memory of 2096	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	jSEwwgIM.exe
PID 1160 wrote to memory of 2096	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	jSEwwgIM.exe
PID 1160 wrote to memory of 1888	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	lkwwwIwk.exe
PID 1160 wrote to memory of 1888	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	lkwwwIwk.exe
PID 1160 wrote to memory of 1888	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	lkwwwIwk.exe
PID 1160 wrote to memory of 1888	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	lkwwwIwk.exe
PID 1160 wrote to memory of 2588	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 1160 wrote to memory of 2588	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 1160 wrote to memory of 2588	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 1160 wrote to memory of 2588	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 2588 wrote to memory of 2704	2588	cmd.exe	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
PID 2588 wrote to memory of 2704	2588	cmd.exe	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
PID 2588 wrote to memory of 2704	2588	cmd.exe	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
PID 2588 wrote to memory of 2704	2588	cmd.exe	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
PID 1160 wrote to memory of 2728	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 1160 wrote to memory of 2728	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 1160 wrote to memory of 2728	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 1160 wrote to memory of 2728	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 1160 wrote to memory of 2692	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 1160 wrote to memory of 2692	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 1160 wrote to memory of 2692	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 1160 wrote to memory of 2692	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 1160 wrote to memory of 2568	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 1160 wrote to memory of 2568	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 1160 wrote to memory of 2568	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 1160 wrote to memory of 2568	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 1160 wrote to memory of 2468	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 1160 wrote to memory of 2468	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 1160 wrote to memory of 2468	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 1160 wrote to memory of 2468	1160	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 2468 wrote to memory of 2444	2468	cmd.exe	cscript.exe
PID 2468 wrote to memory of 2444	2468	cmd.exe	cscript.exe
PID 2468 wrote to memory of 2444	2468	cmd.exe	cscript.exe
PID 2468 wrote to memory of 2444	2468	cmd.exe	cscript.exe
PID 2704 wrote to memory of 2192	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 2704 wrote to memory of 2192	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 2704 wrote to memory of 2192	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 2704 wrote to memory of 2192	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 2192 wrote to memory of 1200	2192	cmd.exe	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
PID 2192 wrote to memory of 1200	2192	cmd.exe	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
PID 2192 wrote to memory of 1200	2192	cmd.exe	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
PID 2192 wrote to memory of 1200	2192	cmd.exe	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
PID 2704 wrote to memory of 2644	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 2704 wrote to memory of 2644	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 2704 wrote to memory of 2644	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 2704 wrote to memory of 2644	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 2704 wrote to memory of 1640	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 2704 wrote to memory of 1640	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 2704 wrote to memory of 1640	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 2704 wrote to memory of 1640	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 2704 wrote to memory of 2404	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 2704 wrote to memory of 2404	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 2704 wrote to memory of 2404	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 2704 wrote to memory of 2404	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	reg.exe
PID 2704 wrote to memory of 836	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 2704 wrote to memory of 836	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 2704 wrote to memory of 836	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 2704 wrote to memory of 836	2704	2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe	cmd.exe
PID 836 wrote to memory of 2328	836	cmd.exe	cscript.exe
PID 836 wrote to memory of 2328	836	cmd.exe	cscript.exe
PID 836 wrote to memory of 2328	836	cmd.exe	cscript.exe
PID 836 wrote to memory of 2328	836	cmd.exe	cscript.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1160

C:\Users\Admin\SmIsIYoU\jSEwwgIM.exe
"C:\Users\Admin\SmIsIYoU\jSEwwgIM.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2096

C:\ProgramData\WWwAYcEo\lkwwwIwk.exe
"C:\ProgramData\WWwAYcEo\lkwwwIwk.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1888

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
2⤵
- Suspicious use of WriteProcessMemory
PID:2588

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2704

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
4⤵
- Suspicious use of WriteProcessMemory
PID:2192

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:1200

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
6⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
7⤵
- Suspicious behavior: EnumeratesProcesses
PID:2216

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
8⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
9⤵
- Suspicious behavior: EnumeratesProcesses
PID:1476

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
10⤵
PID:704

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
11⤵
- Suspicious behavior: EnumeratesProcesses
PID:764

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
12⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
13⤵
- Suspicious behavior: EnumeratesProcesses
PID:2940

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
14⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2616

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
16⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
17⤵
- Suspicious behavior: EnumeratesProcesses
PID:2588

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
18⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
19⤵
- Suspicious behavior: EnumeratesProcesses
PID:1480

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
20⤵
PID:412

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
21⤵
- Suspicious behavior: EnumeratesProcesses
PID:452

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
22⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
23⤵
- Suspicious behavior: EnumeratesProcesses
PID:2932

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
24⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
25⤵
- Suspicious behavior: EnumeratesProcesses
PID:992

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
26⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
27⤵
- Suspicious behavior: EnumeratesProcesses
PID:2796

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
28⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
29⤵
- Suspicious behavior: EnumeratesProcesses
PID:320

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
30⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
31⤵
- Suspicious behavior: EnumeratesProcesses
PID:2572

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
32⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2176

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
34⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
35⤵
- Suspicious behavior: EnumeratesProcesses
PID:2064

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
36⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
37⤵
- Suspicious behavior: EnumeratesProcesses
PID:1880

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
38⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
39⤵
- Suspicious behavior: EnumeratesProcesses
PID:2464

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
40⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
41⤵
- Suspicious behavior: EnumeratesProcesses
PID:2736

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
42⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
43⤵
- Suspicious behavior: EnumeratesProcesses
PID:2320

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
44⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
45⤵
- Suspicious behavior: EnumeratesProcesses
PID:2724

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
46⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
47⤵
- Suspicious behavior: EnumeratesProcesses
PID:2420

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
48⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
49⤵
- Suspicious behavior: EnumeratesProcesses
PID:2272

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
50⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
51⤵
- Suspicious behavior: EnumeratesProcesses
PID:1880

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
52⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
53⤵
- Suspicious behavior: EnumeratesProcesses
PID:2372

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
54⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
55⤵
- Suspicious behavior: EnumeratesProcesses
PID:2936

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
56⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
57⤵
- Suspicious behavior: EnumeratesProcesses
PID:2400

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
58⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
59⤵
- Suspicious behavior: EnumeratesProcesses
PID:2856

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
60⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
61⤵
- Suspicious behavior: EnumeratesProcesses
PID:2088

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
62⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
63⤵
- Suspicious behavior: EnumeratesProcesses
PID:2712

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
64⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
65⤵
PID:1936

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
66⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
67⤵
PID:1588

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
68⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
69⤵
PID:2512

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
70⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
71⤵
PID:2144

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
72⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
73⤵
PID:3004

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
74⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
75⤵
PID:2468

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
76⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
77⤵
PID:1640

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
78⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
79⤵
PID:2772

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
80⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
81⤵
PID:1788

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
82⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
83⤵
PID:620

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
84⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
85⤵
PID:1604

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
86⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
87⤵
PID:2548

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
88⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
89⤵
PID:1904

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
90⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
91⤵
PID:1108

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
92⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
93⤵
PID:2224

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
94⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
95⤵
PID:1276

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
96⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
97⤵
PID:2884

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
98⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
99⤵
PID:1732

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
100⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
101⤵
PID:2536

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
102⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
103⤵
PID:2616

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
104⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
105⤵
PID:2716

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
106⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
107⤵
PID:1560

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
108⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
109⤵
PID:2976

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
110⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
111⤵
PID:1228

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
112⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
113⤵
PID:2568

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
114⤵
PID:960

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
115⤵
PID:2084

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
116⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
117⤵
PID:2088

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
118⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
119⤵
PID:812

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
120⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
121⤵
PID:1116

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
122⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
123⤵
PID:1356

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
124⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
125⤵
- Adds Run key to start application
PID:2524

C:\Users\Admin\wwkAEgoU\QmYkMAUk.exe
"C:\Users\Admin\wwkAEgoU\QmYkMAUk.exe"
126⤵
PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 36
127⤵
- Program crash
PID:2972

C:\ProgramData\dKsEgkks\suYIIMok.exe
"C:\ProgramData\dKsEgkks\suYIIMok.exe"
126⤵
PID:848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 36
127⤵
- Program crash
PID:1092

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
126⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
127⤵
PID:896

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
128⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
129⤵
PID:2624

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
130⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
131⤵
PID:2648

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
132⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
133⤵
PID:2072

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
134⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
135⤵
PID:2896

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
136⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
137⤵
PID:2932

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
138⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
139⤵
PID:2144

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
140⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
141⤵
PID:2216

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
142⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
143⤵
PID:2552

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
144⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
145⤵
PID:1892

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
146⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
147⤵
PID:3004

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
148⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
149⤵
PID:1244

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
150⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
151⤵
PID:1564

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
152⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
153⤵
PID:1284

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
154⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
155⤵
PID:1796

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
156⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
157⤵
PID:1316

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
158⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
159⤵
PID:452

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
160⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
161⤵
PID:2892

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
162⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
163⤵
PID:2876

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
164⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
165⤵
PID:292

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
166⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
167⤵
PID:2752

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
168⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
169⤵
PID:2372

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
170⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
171⤵
PID:960

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
172⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
173⤵
PID:896

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
174⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
175⤵
PID:2936

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
176⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
177⤵
PID:2680

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
178⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
179⤵
PID:1692

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
180⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
181⤵
PID:2492

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
182⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
183⤵
PID:2616

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
184⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
185⤵
PID:868

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
186⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
187⤵
PID:888

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
188⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
189⤵
PID:1356

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
190⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
191⤵
PID:1524

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
192⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
193⤵
PID:2328

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
194⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
195⤵
PID:1772

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
196⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
197⤵
PID:2708

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
198⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
199⤵
PID:1108

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
200⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
201⤵
PID:2892

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
202⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
203⤵
PID:2400

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
204⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
205⤵
PID:2124

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
206⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
207⤵
PID:960

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
208⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
209⤵
PID:2084

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
210⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
211⤵
PID:764

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
212⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
213⤵
PID:1448

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
214⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
215⤵
PID:916

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
216⤵
PID:1316

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
217⤵
PID:1788

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
218⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
219⤵
PID:1124

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
220⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
221⤵
PID:1876

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
222⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
223⤵
PID:1976

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
224⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
225⤵
PID:1708

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
226⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
227⤵
PID:2884

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
228⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
229⤵
PID:896

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
230⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
231⤵
PID:2400

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
232⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
233⤵
PID:1480

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
234⤵
PID:704

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
235⤵
PID:2224

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
236⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
237⤵
PID:2084

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
238⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
239⤵
PID:2404

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
240⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
241⤵
PID:1764

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
242⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
243⤵
PID:896

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
244⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
245⤵
PID:1172

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
246⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
247⤵
PID:952

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
248⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
249⤵
PID:1364

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
250⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
251⤵
PID:1992

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
252⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
253⤵
PID:1056

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
254⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
255⤵
PID:2512

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock"
256⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
257⤵
PID:1776

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
258⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1876

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
258⤵
PID:1068

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
258⤵
- UAC bypass
- Modifies registry key
PID:1948

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
256⤵
PID:2648

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
256⤵
PID:2116

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
256⤵
- UAC bypass
PID:2776

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YuwQMMQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
256⤵
PID:1880

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
257⤵
PID:1652

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
254⤵
- Modifies visibility of file extensions in Explorer
PID:1184

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
254⤵
PID:1920

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
254⤵
- UAC bypass
PID:1612

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HEUUUYQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
254⤵
PID:1796

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
255⤵
PID:1272

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
252⤵
- Modifies visibility of file extensions in Explorer
PID:2964

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
252⤵
PID:2120

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
252⤵
PID:2552

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hAgIoQok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
252⤵
PID:1716

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
253⤵
PID:2736

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
250⤵
PID:2468

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
250⤵
PID:2876

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
250⤵
- UAC bypass
PID:3004

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZCksskAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
250⤵
PID:2500

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
251⤵
PID:2544

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
248⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3056

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
248⤵
- Modifies registry key
PID:1836

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
248⤵
PID:2896

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vaIAcwoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
248⤵
PID:1748

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
249⤵
PID:1708

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
246⤵
PID:1480

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
246⤵
PID:2796

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
246⤵
PID:1664

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QSQoIoss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
246⤵
PID:1444

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
247⤵
PID:1908

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
244⤵
- Modifies visibility of file extensions in Explorer
PID:1788

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
244⤵
PID:2476

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
244⤵
- UAC bypass
PID:2732

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oIoowook.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
244⤵
PID:1732

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
245⤵
PID:2140

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
242⤵
- Modifies visibility of file extensions in Explorer
PID:1796

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
242⤵
PID:1272

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
242⤵
- UAC bypass
PID:2004

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cGMwwIsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
242⤵
PID:1776

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
243⤵
PID:2276

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
240⤵
- Modifies registry key
PID:2532

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
240⤵
PID:1832

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
240⤵
PID:2920

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QiMkcsEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
240⤵
PID:2320

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
241⤵
PID:2164

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
238⤵
PID:2416

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
238⤵
PID:292

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
238⤵
PID:1812

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IkYscsgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
238⤵
PID:1208

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
239⤵
PID:2916

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
236⤵
PID:764

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
236⤵
PID:2708

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
236⤵
- UAC bypass
PID:1568

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZuAAYQgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
236⤵
PID:1928

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
237⤵
PID:2008

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
234⤵
PID:1912

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
234⤵
PID:320

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
234⤵
- UAC bypass
- Modifies registry key
PID:2712

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fwIgcAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
234⤵
PID:2868

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
235⤵
PID:2080

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
232⤵
- Modifies visibility of file extensions in Explorer
PID:2124

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
232⤵
- Modifies registry key
PID:3020

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
232⤵
PID:1548

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZakMccos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
232⤵
PID:2984

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
233⤵
PID:2676

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
230⤵
PID:2832

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
230⤵
PID:296

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
230⤵
- UAC bypass
PID:1772

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lMUYIYIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
230⤵
PID:1540

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
231⤵
PID:1472

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
228⤵
PID:916

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
228⤵
PID:1744

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
228⤵
PID:592

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mWcYAQIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
228⤵
PID:2664

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
229⤵
PID:1596

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
226⤵
PID:1448

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
226⤵
PID:2876

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
226⤵
- UAC bypass
PID:2692

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sSIAgsYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
226⤵
PID:2936

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
227⤵
PID:1632

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
224⤵
- Modifies visibility of file extensions in Explorer
PID:764

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
224⤵
PID:2636

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
224⤵
- UAC bypass
PID:3000

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uwcYwcIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
224⤵
PID:836

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
225⤵
PID:1748

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
222⤵
PID:2760

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
222⤵
PID:1916

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
222⤵
PID:1068

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MmIoUsYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
222⤵
PID:2080

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
223⤵
PID:2600

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
220⤵
- Modifies visibility of file extensions in Explorer
PID:2276

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
220⤵
PID:1652

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
220⤵
- UAC bypass
- Modifies registry key
PID:2016

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NUsssoQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
220⤵
PID:948

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
221⤵
PID:2200

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
218⤵
- Modifies visibility of file extensions in Explorer
PID:1760

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
218⤵
PID:2012

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
218⤵
- UAC bypass
PID:2176

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\teIQAYck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
218⤵
PID:920

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
219⤵
PID:1052

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
216⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2904

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
216⤵
PID:328

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
216⤵
PID:2492

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jGgUgsYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
216⤵
PID:1532

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
217⤵
PID:2532

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
214⤵
PID:1204

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
214⤵
- Modifies registry key
PID:2936

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
214⤵
- UAC bypass
PID:2812

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lqkQYcAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
214⤵
PID:1104

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
215⤵
PID:1992

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
212⤵
- Modifies visibility of file extensions in Explorer
PID:2144

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
212⤵
- Modifies registry key
PID:3000

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
212⤵
- UAC bypass
- Modifies registry key
PID:988

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DoEUksQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
212⤵
PID:3016

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
213⤵
PID:1520

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
210⤵
PID:2760

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
210⤵
PID:2584

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
210⤵
PID:2140

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QOEwgsIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
210⤵
PID:1284

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
211⤵
PID:2628

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
208⤵
- Modifies visibility of file extensions in Explorer
PID:1876

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
208⤵
PID:2988

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
208⤵
PID:2688

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KQQIIAgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
208⤵
PID:2984

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
209⤵
PID:2772

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
206⤵
PID:2788

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
206⤵
- Modifies registry key
PID:2880

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
206⤵
- UAC bypass
- Modifies registry key
PID:2520

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MEIAUsgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
206⤵
PID:1184

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
207⤵
PID:1080

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
204⤵
PID:1584

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
204⤵
PID:2492

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
204⤵
PID:1892

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WswkIAoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
204⤵
PID:580

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
205⤵
PID:1532

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
202⤵
PID:1928

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
202⤵
PID:2560

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
202⤵
PID:2552

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dqEsEcQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
202⤵
PID:1608

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
203⤵
PID:2132

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
200⤵
PID:2600

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
200⤵
- Modifies registry key
PID:3000

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
200⤵
- UAC bypass
- Modifies registry key
PID:1580

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZcIcgMcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
200⤵
PID:1756

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
201⤵
PID:2820

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
198⤵
PID:1076

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
198⤵
PID:2584

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
198⤵
PID:1444

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LAMUsgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
198⤵
PID:1524

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
199⤵
PID:1628

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
196⤵
- Modifies visibility of file extensions in Explorer
PID:2084

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
196⤵
PID:2988

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
196⤵
PID:2836

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PKIwQIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
196⤵
PID:2984

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
197⤵
PID:1048

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
194⤵
- Modifies registry key
PID:1716

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
194⤵
PID:1984

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
194⤵
PID:2064

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ECoIkwkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
194⤵
PID:2964

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
195⤵
PID:2604

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
192⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2712

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
192⤵
PID:2600

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
192⤵
- UAC bypass
PID:836

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wqIMgUwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
192⤵
PID:856

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
193⤵
PID:2152

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
190⤵
PID:768

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
190⤵
PID:1224

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
190⤵
- UAC bypass
PID:1920

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EosooMoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
190⤵
PID:2860

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
191⤵
PID:1696

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
188⤵
- Modifies visibility of file extensions in Explorer
PID:2512

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
188⤵
PID:1600

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
188⤵
PID:2012

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AAEQgwwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
188⤵
PID:2060

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
189⤵
PID:1940

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
186⤵
PID:992

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
186⤵
PID:1456

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
186⤵
- UAC bypass
PID:1716

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rKYQAgck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
186⤵
PID:1316

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
187⤵
PID:1992

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
184⤵
PID:2536

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
184⤵
PID:1916

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
184⤵
PID:2200

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pkAQwAUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
184⤵
PID:1704

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
185⤵
PID:2296

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
182⤵
- Modifies visibility of file extensions in Explorer
PID:1668

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
182⤵
PID:1776

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
182⤵
PID:2172

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TaQsYsoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
182⤵
PID:2304

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
183⤵
PID:3056

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
180⤵
- Modifies visibility of file extensions in Explorer
PID:1752

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
180⤵
PID:412

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
180⤵
PID:2904

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OmYUAgcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
180⤵
PID:2520

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
181⤵
PID:1924

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
178⤵
- Modifies visibility of file extensions in Explorer
PID:2244

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
178⤵
PID:952

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
178⤵
- UAC bypass
PID:1912

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cSsQMcwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
178⤵
PID:2772

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
179⤵
PID:2296

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
176⤵
- Modifies visibility of file extensions in Explorer
PID:1328

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
176⤵
PID:2500

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
176⤵
PID:1560

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QmcIEcQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
176⤵
PID:796

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
177⤵
PID:1124

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
174⤵
- Modifies registry key
PID:3000

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
174⤵
PID:472

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
174⤵
- UAC bypass
- Modifies registry key
PID:2672

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OakwkMYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
174⤵
PID:1764

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
175⤵
PID:1456

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
172⤵
PID:392

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
172⤵
PID:1740

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
172⤵
- UAC bypass
PID:2272

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kQwcswEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
172⤵
PID:856

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
173⤵
PID:2796

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
170⤵
- Modifies visibility of file extensions in Explorer
PID:1720

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
170⤵
PID:2512

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
170⤵
- UAC bypass
PID:1104

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zgAUMIQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
170⤵
PID:1272

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
171⤵
PID:1384

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
168⤵
- Modifies visibility of file extensions in Explorer
PID:1240

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
168⤵
PID:2216

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
168⤵
PID:1580

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xGgUsMMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
168⤵
PID:1820

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
169⤵
PID:1316

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
166⤵
- Modifies visibility of file extensions in Explorer
PID:1676

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
166⤵
PID:768

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
166⤵
- Modifies registry key
PID:2736

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LUAIAMgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
166⤵
PID:1284

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
167⤵
PID:2936

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
164⤵
PID:916

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
164⤵
PID:1668

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
164⤵
PID:2616

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bWkcgoAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
164⤵
PID:704

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
165⤵
PID:1700

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
162⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2924

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
162⤵
PID:1756

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
162⤵
- UAC bypass
PID:1708

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DIQkMkMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
162⤵
PID:1828

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
163⤵
PID:1984

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
160⤵
- Modifies visibility of file extensions in Explorer
PID:3004

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
160⤵
PID:2272

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
160⤵
PID:2780

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gGMokAkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
160⤵
PID:2044

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
161⤵
PID:1952

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
158⤵
PID:1532

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
158⤵
PID:1048

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
158⤵
PID:2064

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OKEgsowA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
158⤵
PID:1632

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
159⤵
PID:1492

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
156⤵
- Modifies visibility of file extensions in Explorer
PID:1456

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
156⤵
PID:2712

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
156⤵
- UAC bypass
PID:968

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uyYMMMsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
156⤵
PID:1244

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
157⤵
PID:2424

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
154⤵
PID:1976

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
154⤵
PID:2784

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
154⤵
PID:2936

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KIwEoYsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
154⤵
PID:3000

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
155⤵
PID:2288

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
152⤵
- Modifies visibility of file extensions in Explorer
PID:2368

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
152⤵
PID:1236

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
152⤵
- UAC bypass
PID:1568

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LukUYsUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
152⤵
PID:2640

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
153⤵
PID:2796

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
150⤵
PID:1592

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
150⤵
- Modifies registry key
PID:2420

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
150⤵
- UAC bypass
PID:2572

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pQEcoIgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
150⤵
PID:2724

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
151⤵
PID:1632

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
148⤵
- Modifies registry key
PID:856

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
148⤵
PID:1916

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
148⤵
- UAC bypass
PID:1472

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pqsYQkwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
148⤵
PID:1548

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
149⤵
PID:2716

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
146⤵
PID:2008

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
146⤵
PID:2492

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
146⤵
PID:2564

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bicUQkkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
146⤵
PID:1976

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
147⤵
PID:836

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
144⤵
- Modifies visibility of file extensions in Explorer
PID:2424

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
144⤵
PID:2028

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
144⤵
- UAC bypass
- Modifies registry key
PID:2788

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kWAQUsEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
144⤵
PID:952

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
145⤵
PID:1160

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
142⤵
- Modifies registry key
PID:2708

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
142⤵
PID:2392

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
142⤵
- UAC bypass
PID:852

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iCAAQokw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
142⤵
PID:1988

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
143⤵
PID:2816

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
140⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2976

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
140⤵
PID:2084

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
140⤵
- UAC bypass
PID:1056

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\egkcYksg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
140⤵
PID:1916

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
141⤵
PID:2928

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
138⤵
- Modifies visibility of file extensions in Explorer
PID:1712

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
138⤵
PID:1208

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
138⤵
PID:1568

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aGMEAAME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
138⤵
PID:2940

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
139⤵
PID:2172

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
136⤵
PID:2444

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
136⤵
PID:1184

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
136⤵
- UAC bypass
PID:1832

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eIcokEog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
136⤵
PID:2752

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
137⤵
PID:2356

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
134⤵
PID:1680

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
134⤵
PID:3016

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
134⤵
PID:1444

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZWYkIUEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
134⤵
PID:1904

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
135⤵
PID:2820

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
132⤵
- Modifies visibility of file extensions in Explorer
PID:1732

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
132⤵
PID:1820

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
132⤵
PID:2868

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZCkkIQQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
132⤵
PID:2924

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
133⤵
PID:2572

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
130⤵
- Modifies registry key
PID:1152

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
130⤵
PID:2300

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
130⤵
PID:2676

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fwAYgoIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
130⤵
PID:2536

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
131⤵
PID:1204

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
128⤵
PID:2328

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
128⤵
- Modifies registry key
PID:1676

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
128⤵
- Modifies registry key
PID:2856

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rEoAUMEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
128⤵
PID:1080

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
129⤵
PID:1812

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
126⤵
- Modifies visibility of file extensions in Explorer
PID:2940

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
126⤵
PID:2496

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
126⤵
PID:2128

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eEMkUYoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
126⤵
PID:1720

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
127⤵
PID:1640

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
124⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2268

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
124⤵
PID:1772

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
124⤵
PID:2964

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EsosEMsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
124⤵
PID:2616

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
125⤵
PID:2632

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
122⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2428

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
122⤵
PID:2372

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
122⤵
- UAC bypass
PID:1664

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aUwwQkoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
122⤵
PID:3016

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
123⤵
PID:1600

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
120⤵
PID:2128

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
120⤵
PID:2008

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
120⤵
- UAC bypass
- Modifies registry key
PID:1644

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WqcgQQEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
120⤵
PID:2836

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
121⤵
PID:1612

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
118⤵
PID:2572

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
118⤵
PID:1788

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
118⤵
- UAC bypass
PID:2500

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jQscMsII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
118⤵
PID:1148

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
119⤵
PID:1240

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
116⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2988

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
116⤵
PID:2036

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
116⤵
PID:2172

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LwccAQwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
116⤵
PID:3036

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
117⤵
PID:2536

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
114⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1116

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
114⤵
PID:2412

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
114⤵
- UAC bypass
PID:412

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xsUgkEwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
114⤵
PID:1124

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
115⤵
PID:1216

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
112⤵
PID:2372

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
112⤵
PID:1432

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
112⤵
- Modifies registry key
PID:2060

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pGMsUQwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
112⤵
PID:2204

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
113⤵
PID:1236

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
110⤵
PID:1180

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
110⤵
PID:2036

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
110⤵
PID:1208

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KswAEUMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
110⤵
PID:2012

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
111⤵
PID:2856

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
108⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2320

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
108⤵
PID:2268

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
108⤵
- UAC bypass
PID:2828

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GqIAIUQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
108⤵
PID:1944

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
109⤵
PID:1728

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
106⤵
- Modifies visibility of file extensions in Explorer
PID:1476

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
106⤵
PID:1104

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
106⤵
- UAC bypass
PID:1708

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QOIsIkMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
106⤵
PID:2824

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
107⤵
PID:1564

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
104⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3056

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
104⤵
PID:2972

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
104⤵
PID:2832

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mSYkkgAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
104⤵
PID:2264

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
105⤵
PID:1384

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
102⤵
PID:2908

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
102⤵
PID:640

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
102⤵
PID:2780

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dGEUkoMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
102⤵
PID:2216

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
103⤵
PID:2532

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
100⤵
PID:1676

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
100⤵
PID:2172

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
100⤵
PID:2624

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FCMwEQAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
100⤵
PID:2756

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
101⤵
PID:1568

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
98⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:796

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
98⤵
PID:1228

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
98⤵
PID:892

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jkQwEkUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
98⤵
PID:1932

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
99⤵
PID:1952

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
96⤵
PID:2644

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
96⤵
- Modifies registry key
PID:2980

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
96⤵
PID:2724

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hGckooUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
96⤵
PID:1636

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
97⤵
PID:308

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
94⤵
- Modifies visibility of file extensions in Explorer
PID:1924

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
94⤵
PID:2192

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
94⤵
PID:1480

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jeEMMAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
94⤵
PID:2320

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
95⤵
PID:1768

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
92⤵
- Modifies visibility of file extensions in Explorer
PID:848

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
92⤵
- Modifies registry key
PID:920

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
92⤵
- UAC bypass
PID:2044

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UkYAEMgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
92⤵
PID:2084

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
93⤵
PID:2276

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
90⤵
- Modifies visibility of file extensions in Explorer
PID:2428

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
90⤵
PID:2532

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
90⤵
- UAC bypass
- Modifies registry key
PID:2372

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sAcUgMcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
90⤵
PID:1048

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
91⤵
PID:2436

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
88⤵
PID:2840

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
88⤵
PID:2792

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
88⤵
PID:2328

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KAwAgswk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
88⤵
PID:1664

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
89⤵
PID:2708

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
86⤵
- Modifies visibility of file extensions in Explorer
PID:1180

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
86⤵
PID:2008

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
86⤵
PID:1712

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WGEoscEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
86⤵
PID:2856

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
87⤵
PID:2916

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
84⤵
- Modifies visibility of file extensions in Explorer
PID:2148

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
84⤵
PID:308

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
84⤵
- UAC bypass
PID:2964

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RyIoMgco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
84⤵
PID:1608

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
85⤵
PID:2184

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
82⤵
PID:1092

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
82⤵
PID:3020

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
82⤵
- UAC bypass
PID:900

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dCkAQYEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
82⤵
PID:2980

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
83⤵
PID:2412

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
80⤵
- Modifies visibility of file extensions in Explorer
PID:2936

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
80⤵
- Modifies registry key
PID:1892

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
80⤵
- UAC bypass
PID:1328

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BCgsUcog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
80⤵
PID:1924

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
81⤵
PID:2392

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
78⤵
- Modifies registry key
PID:1908

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
78⤵
PID:2716

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
78⤵
- UAC bypass
PID:1432

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TwIggEsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
78⤵
PID:1236

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
79⤵
PID:1592

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
76⤵
PID:2728

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
76⤵
- Modifies registry key
PID:2760

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
76⤵
- UAC bypass
- Modifies registry key
PID:2116

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IuUIAgUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
76⤵
PID:836

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
77⤵
PID:1744

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
74⤵
- Modifies visibility of file extensions in Explorer
PID:2064

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
74⤵
PID:1940

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
74⤵
PID:2916

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AeMcgMUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
74⤵
PID:2396

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
75⤵
PID:2792

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
72⤵
- Modifies visibility of file extensions in Explorer
PID:2876

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
72⤵
PID:1628

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
72⤵
PID:2184

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EUMwQIMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
72⤵
PID:1228

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
73⤵
PID:2552

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
70⤵
- Modifies visibility of file extensions in Explorer
PID:2884

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
70⤵
PID:2336

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
70⤵
PID:1764

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eSUcoksk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
70⤵
PID:2904

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
71⤵
PID:308

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
68⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1284

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
68⤵
PID:2588

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
68⤵
PID:1104

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oEUYUAYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
68⤵
PID:1272

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
69⤵
PID:860

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
66⤵
PID:2928

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
66⤵
- Modifies registry key
PID:1592

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
66⤵
PID:2060

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZcUsMokg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
66⤵
PID:1548

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
67⤵
PID:1892

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
64⤵
- Modifies visibility of file extensions in Explorer
PID:2208

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
64⤵
PID:1136

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
64⤵
- UAC bypass
- Modifies registry key
PID:2812

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dQocYsUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
64⤵
PID:1524

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
65⤵
PID:2676

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
62⤵
- Modifies visibility of file extensions in Explorer
PID:1676

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
62⤵
PID:1080

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
62⤵
- UAC bypass
PID:2272

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TqEMUAUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
62⤵
PID:2804

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
63⤵
PID:2792

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
60⤵
PID:452

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
60⤵
PID:2672

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
60⤵
PID:1728

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XWEsUQoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
60⤵
PID:2176

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
61⤵
PID:2244

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
58⤵
- Modifies visibility of file extensions in Explorer
PID:1656

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
58⤵
- Modifies registry key
PID:2268

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
58⤵
PID:1564

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eUMMEoME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
58⤵
PID:308

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
59⤵
PID:2072

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
56⤵
PID:2084

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
56⤵
PID:988

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
56⤵
- UAC bypass
- Modifies registry key
PID:1104

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qSAIEEok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
56⤵
PID:1168

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
57⤵
PID:1152

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
54⤵
PID:2604

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
54⤵
PID:1548

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
54⤵
- UAC bypass
PID:1384

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iOcksQkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
54⤵
PID:1300

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
55⤵
PID:1284

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
52⤵
PID:2404

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
52⤵
PID:2680

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
52⤵
- UAC bypass
- Modifies registry key
PID:948

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IIsIsoYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
52⤵
PID:2532

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
53⤵
PID:640

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
50⤵
PID:1208

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
50⤵
PID:2172

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
50⤵
- UAC bypass
PID:292

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WIkwwUkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
50⤵
PID:2920

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
51⤵
PID:1744

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
48⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1988

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
48⤵
PID:2768

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
48⤵
PID:1228

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BgQYkIsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
48⤵
PID:1056

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
49⤵
PID:1976

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
46⤵
- Modifies visibility of file extensions in Explorer
PID:2284

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
46⤵
PID:916

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
46⤵
PID:2868

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RycIMEMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
46⤵
PID:2876

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
47⤵
PID:1832

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
44⤵
PID:2256

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
44⤵
PID:1944

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
44⤵
- UAC bypass
PID:2204

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BmAIkkoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
44⤵
PID:1656

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
45⤵
PID:1448

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
42⤵
PID:1272

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
42⤵
PID:1884

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
42⤵
- Modifies registry key
PID:1456

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pyUAQIIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
42⤵
PID:2848

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
43⤵
PID:2264

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
40⤵
- Modifies visibility of file extensions in Explorer
PID:1640

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
40⤵
- Modifies registry key
PID:2560

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
40⤵
- UAC bypass
- Modifies registry key
PID:2676

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fOEMIUMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
40⤵
PID:1356

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
41⤵
PID:2192

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
38⤵
PID:2544

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
38⤵
PID:2492

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
38⤵
PID:2792

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KUosQssU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
38⤵
PID:2716

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
39⤵
PID:2116

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
36⤵
- Modifies visibility of file extensions in Explorer
PID:1720

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
36⤵
PID:1676

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
36⤵
- UAC bypass
PID:1728

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\auQskgow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
36⤵
PID:2712

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
37⤵
PID:1068

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
34⤵
- Modifies registry key
PID:412

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
34⤵
PID:2336

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
34⤵
- UAC bypass
PID:1752

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SewkEsoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
34⤵
PID:2872

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
35⤵
PID:2828

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
32⤵
- Modifies visibility of file extensions in Explorer
PID:1052

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
32⤵
PID:868

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
32⤵
PID:1152

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UMgoEgYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
32⤵
PID:1932

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
33⤵
PID:2164

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
30⤵
- Modifies visibility of file extensions in Explorer
PID:1900

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
30⤵
PID:1236

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
30⤵
- UAC bypass
PID:1924

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FCcUUEYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
30⤵
PID:2400

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
31⤵
PID:1652

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
28⤵
PID:2428

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
28⤵
PID:2628

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
28⤵
- UAC bypass
PID:2504

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZsAMMMoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
28⤵
PID:2532

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
29⤵
PID:2416

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
26⤵
- Modifies visibility of file extensions in Explorer
PID:2368

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
26⤵
PID:1216

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
26⤵
PID:2716

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BmAMkkUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
26⤵
PID:2916

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
27⤵
PID:1540

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
24⤵
PID:1228

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
24⤵
PID:1728

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
24⤵
PID:1608

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rygMYkEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
24⤵
PID:1612

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
25⤵
PID:2784

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
22⤵
PID:2868

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
22⤵
- Modifies registry key
PID:2420

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
22⤵
- UAC bypass
PID:788

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FwYcAYYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
22⤵
PID:1984

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
23⤵
PID:2344

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
20⤵
- Modifies visibility of file extensions in Explorer
PID:1828

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
20⤵
PID:1092

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
20⤵
- Modifies registry key
PID:3000

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cgUYQQYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
20⤵
PID:108

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
21⤵
PID:1796

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
18⤵
- Modifies visibility of file extensions in Explorer
PID:1924

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
18⤵
- Modifies registry key
PID:2296

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
18⤵
- Modifies registry key
PID:1272

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sOIUcMQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
18⤵
PID:2264

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
19⤵
PID:580

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
16⤵
PID:1356

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
16⤵
PID:1640

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
16⤵
- UAC bypass
PID:1592

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YmMQUgok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
16⤵
PID:768

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
17⤵
PID:948

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
14⤵
PID:2372

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
14⤵
PID:2716

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
14⤵
- UAC bypass
PID:2752

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GoQcsMww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
14⤵
PID:2564

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
15⤵
PID:3064

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
12⤵
- Modifies visibility of file extensions in Explorer
PID:2524

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
12⤵
PID:1600

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
12⤵
PID:2312

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nioccAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
12⤵
PID:1968

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
13⤵
PID:2600

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
10⤵
PID:788

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
10⤵
PID:620

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
10⤵
PID:2272

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PmgIYEgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
10⤵
PID:2828

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
11⤵
PID:1364

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
8⤵
- Modifies registry key
PID:800

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
8⤵
- Modifies registry key
PID:1204

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
8⤵
- UAC bypass
PID:2176

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fYMMwkso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
8⤵
PID:1296

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
9⤵
PID:1328

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
6⤵
PID:1444

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
6⤵
PID:1480

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
6⤵
- UAC bypass
PID:1236

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LiosYcUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
6⤵
PID:3060

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
7⤵
PID:2136

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
4⤵
- Modifies visibility of file extensions in Explorer
PID:2644

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
4⤵
PID:1640

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
4⤵
PID:2404

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PwwIYAIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
4⤵
- Suspicious use of WriteProcessMemory
PID:836

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
5⤵
PID:2328

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
2⤵
PID:2728

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
2⤵
- Modifies registry key
PID:2692

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
2⤵
- UAC bypass
PID:2568

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yMMsgskw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock.exe""
2⤵
- Suspicious use of WriteProcessMemory
PID:2468

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
3⤵
PID:2444

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe
Filesize
234KB

MD5
1d161fe0bc1c30b7490e7c2a0a043e92

SHA1
2b4fc8a4ace392c5bcfac39021c7e40c83b9c082

SHA256
5bce8c9afe42bab9f4ef88b0aea1d646a30b037eb258acedeb34293d921cd177

SHA512
36de927257265bdd10ee2ffb905371f5dc45d74620a76ad2b9676825e6f9785834230763ff846f8b4f16e95b10ecf739083fa51a6c2c0012c2f3f9cf93380ed8

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe
Filesize
228KB

MD5
afb288bb1d569d6b3cbe51da9d120e6e

SHA1
f11e2edb9b51b2a851197354a6e8314cd5efb946

SHA256
3ff546b47249cfafb0567374641739b643bb78c6ba94cde77a38d5b5c2dfe017

SHA512
3b2e90846b43e1381409f4fce9a4834439974e767141fdd3f8b805f7fe68f4bf50737bd8aab580767f7b2067b8f4b43b0313366686c9ff4c121862c49ad383d0

Download Submit
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
Filesize
832KB

MD5
821a89d6243e7edc5f1aa064de4d633a

SHA1
1f76d86ad76966061653686291da58603823082a

SHA256
64a94df249b80a86fd594f572def684e9c63a5b80b42fadc07f73ab4b09859d8

SHA512
96620dda6169d453244d1fc6a21d7b3ff40868d482c8c874ec547827acc5326f2a6c36535eb05a580edc547c58a11d1998ed4ebd201203baf448bd6bafa86fc4

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
Filesize
646KB

MD5
276b2aab168b6bd0557d79acb94792fe

SHA1
bb7612f2de45c201271607702211b1c1b482dcf6

SHA256
fa021fa1b632b6176c633647b36043b6fd74666f9dc15e8b3892727c0e8317b1

SHA512
d23ac328444351c88fe0b8ce3ba65f8fff73f49e2d6474eb9568c97ec27b4bb0df80313d83ddf70d3f0663d05709576285de43c1d5774a64c4e0b9536949bce5

Download Submit
C:\ProgramData\WWwAYcEo\lkwwwIwk.exe
Filesize
188KB

MD5
05bbacc4d0c65477d9d07f8e15a742c0

SHA1
171af036267cf9157be920284f456fcadc817616

SHA256
346bff749ee8d4ae221b42349c51c9a0c53b94b04ef1e591e7f5632dd5502be0

SHA512
043239587d40b9747c36b8a988964661060073d638293658dad7d41c960bef13a7a1fb962d2591b0c031b4d56942951f334f3203fa5caf6498f764d39493db6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png.exe
Filesize
198KB

MD5
6168b0a0f27547d3739f9dd396527b7b

SHA1
1d296658679e628d95cafd83c8a426a1286f127c

SHA256
233f51d095efca3d66d1fb6f480086d29383f2a6244d8e1b18def50bcb588982

SHA512
0051e2de2aaa87fb645092922b31a6b9cba788930317c761d42dbb573ee3ff84faa8bf1cbc7a4eae22e3f7935ddfc0324705c2cc1c2165859cf4b63eb248afe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe
Filesize
180KB

MD5
d7fbec5602450c1f40282ebd2001645d

SHA1
9c1eeab39dfc676e5576f4811d711195cea3a4dd

SHA256
bcc94e9c53c7a077ddd6fb6d1fc50395e8d977517c384eb57866a60105a7e061

SHA512
8bc92b7450fa13acc120049f8b487aafd22ab32066458766bb40bc42893f245816c070e40a9c8122fb26d45c5f5cc94b0985f35a4ead9d52791cfe956aba2384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\192.png.exe
Filesize
203KB

MD5
12bbea46989fb5b58a1f8fd7545cc77e

SHA1
f3b702be361e7320ab3dbde5fe74996e457d541a

SHA256
086365f3e0d3e2a379b304b89dbc04ae429da648fcd97a63a284a5d91e5d8e2a

SHA512
88601893290ec888dbb981e076f0c71c67dcadb6a68df1c969f1724525b7d6980d0aea29320baf6ed89a9593b0d92a3d79413bdb1a0601e4a1e3eee63f37e491

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-05-24_5b3e104a28b0fe470b49d27e6fd466de_virlock
Filesize
81KB

MD5
070cf6787aa56fbdaa1b2fd98708c34c

SHA1
fb662cbd45033e03f65e0f278f44f4206a3c4293

SHA256
e073f22bff5d22fdbf3665855d2f979d300c4e28421a7edf5d616dd92c71580f

SHA512
93adca8cd47db7fd07d1bb0834c92ef0460d86975ee17276573223eb378d3cc7bc8324c0cd62c024664159b0320501d37bbc97d266a40ed2a51fb3e8e163ba52

Download Submit
C:\Users\Admin\AppData\Local\Temp\AAIY.exe
Filesize
731KB

MD5
7f79d259f47d5360f205b96fa1ca4d25

SHA1
503611adb36b88dc011ac91c3291184f73dff13b

SHA256
7ff56c1e92414ca4360fc711fcf30d5bc51ba86c95c3e2f888e874e039a31da3

SHA512
8e1ea8b7dad35e342d84f3aed4997d36d1251097eccd222de3af659b3d0d4d45072c68557d9a8878803087f3075f9335daf3208c9eccc01b72db37989421775f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AEMo.exe
Filesize
242KB

MD5
1aa3d0c0de3aeacb9c3a5e47d2e6bcad

SHA1
3a82a94c3d981453569e5194a418cc6ea321ed10

SHA256
5cc0293f37175f5b555830faa76400a2921431ef531c600205389888001a188f

SHA512
1d6d33107228d985eff7a6cb68a5b89afa62d3d1f9cbd1e37f045c301bca9c91bcd86839ad69c39b79749870287b35a67d4035c065195e4414ca2a069144ef3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AEcW.exe
Filesize
237KB

MD5
59e5e04fdcf0b4a8df4effd94bc2c3a9

SHA1
10ef4139e70dcd07321711b49523e559ea8a6859

SHA256
52e21378fa8355525d8acdd8eb5e4c21d567500157df534ab62a1460042c1251

SHA512
6c233be0cd2374fa6e34443f2017f523f94ba17faabc3bf156150befe226cec597036969c436b735268066e93dada5e5b4226c4edb58cc2bd16a07e917cad444

Download Submit
C:\Users\Admin\AppData\Local\Temp\AEoC.exe
Filesize
231KB

MD5
3e718fcd1e73dceaf1b935659451cebc

SHA1
4a464c225702e041eff37da1bd854b4b36fcac38

SHA256
5a0c10d6ca73a61cd7b3b922a645bf0af77dab09bb6c5e12240bf132ed079b6a

SHA512
53bacab272c07e22c85093342e0c78028f28aea43afddbeb66bfc2024d2c129ab53c27cfbd1dbedd3878b0186aab551e600db9b4f9ee4fb53f65b56f94c51a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\AOoUYAoo.bat
Filesize
4B

MD5
3b79957b9a13853c88850b99718fd061

SHA1
10724f1cadf4917336a56af8f41da0f08faa4e3f

SHA256
82db9759c8529e45a9852601d794b4bda5f22e07be46225bce8a54e366887790

SHA512
e5dcca2b36f406a925a4b0437c0b2714c472404411e4765f662e4213b815627a8ff6bf5ab5c6ef6ef55e7a7cc5028356157e526c0615c827acf841e9c69aedab

Download Submit
C:\Users\Admin\AppData\Local\Temp\AQUc.exe
Filesize
237KB

MD5
dff2c95a01ef2b605da22036d70406ea

SHA1
3919d26f4bf524ab2d080239224365aae00e6221

SHA256
4ce3517cadc7d8724734fe6408c8cba0ef9a27d90e826a34bfaad1af78ba9292

SHA512
fb21d6504c8c73ca58b1a319464618ce1f94395673f167384b2b5a7c846b5f328df27851f5c6cf240bc6d1b84bfd36f1dc4ee987c51c5e1a1baf9710d5814d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASAsYMMA.bat
Filesize
4B

MD5
1d0f3544aad6c87a0f812640a8ae061d

SHA1
ff1fa12ae904dbe7c6637cbe2a76034d09ed556d

SHA256
5628d587c071fa94620b0f4fe1b50e5cd89ba94d1e538f4db11e4879f0fb75a4

SHA512
a4e4ea6916b28282a7d25167806bbc5eb1399ab3848867ce5cd8fa4860299516ccb1509003fdf88329966765a42f3ee85792580d3296fd0e047d46b9feb20001

Download Submit
C:\Users\Admin\AppData\Local\Temp\AUEw.exe
Filesize
227KB

MD5
b3c6552e00aaddacdea0b06fd6455a43

SHA1
e1535afcf1d284c88050b85f4a75fe13dd414fdb

SHA256
409613cc87c69ff50f9cd4f82b7532948c09245fb0a3f08a6401caf8a66ebb95

SHA512
d8b1c80b44ff349f48f515987c217f9c66638f2423b95c2e305421570f2d92a5a94d43b3a49e731dda38b48d4f070f8323776a019967d250cf22b25f1d42b36a

Download Submit
C:\Users\Admin\AppData\Local\Temp\AUok.exe
Filesize
934KB

MD5
847ef5c03e2fccb95dfd4870c49f2c3c

SHA1
b8fcc86e5c4b6cf2f1a6e63eeec80929289651bb

SHA256
930eb7f3a0fe9c35d306fbefc60765da79e98ceb4d2160f87ba69761b1e67c89

SHA512
c77b0fa7af15141fe8ee204f79657a479fbc6492b16c1d9698fe48d5d17558e1fdd9796f6eaeebe47dda3a777f03db7c56b3b2ef4da934655392b7f39f05ff53

Download Submit
C:\Users\Admin\AppData\Local\Temp\AUwk.exe
Filesize
249KB

MD5
12f376e012bf040c9105ac188516327d

SHA1
d8c4892540f26b378f42e86e469ffd634d133968

SHA256
95fa131416ff66f308c6884642731d457ba91df2261f1ac21edd998904f2e0fe

SHA512
e6010256c06ff66a028cfc68be7576e4ebf85e75da8d1be0715e338f0e8d5612e890f9d18158519267aee1b15cf538bf5e03b81db7d032f5e84ef2af64ebabe4

Download Submit
C:\Users\Admin\AppData\Local\Temp\AkwG.exe
Filesize
244KB

MD5
da1242d687e02dc6d03108e6276577cb

SHA1
4a1fedb1168b8fec20dc28860b17338e8808a616

SHA256
7e86add5bbb96f35ad67d9cdad684ed84fadb0649a9aba7180e5d1ada1fd4774

SHA512
94f5090c2009e48d9d2558545f982edd60af13f0e04222812dc43d8bec3c6fff948cdd3d3d9169ee465fb0456a3e34971d3585694ff59d4c9978956a1e99a642

Download Submit
C:\Users\Admin\AppData\Local\Temp\Asco.exe
Filesize
941KB

MD5
b22301ea0ac1f971c2da1fb669456f93

SHA1
a62777aba31b7161faf28ef8d6c10c1e02d5483a

SHA256
8ea3d7f208da38743d0a1a881f047d2e3a10c05f8345eb0f29a85945b8d59430

SHA512
8cf4fb6cb58755aec5f6d1c6213fc2ffde8f86a4e4230e7dddbf8f910293341416bd58109786aa98e7d6e113e5f99091ce89734f4943148ee8aec9cd187be0ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\BUIIgAoM.bat
Filesize
4B

MD5
8652678ff10629ac2a33d1e561bffe45

SHA1
cf43f8c8f737e8b7f28068e9475a8d8c9264b1c7

SHA256
f4944a7c4736a67b17a403f0c367315535c8847fb8be8d9749389a8488d8e8d6

SHA512
cb7f08aa3254bb02ea40b2cadcb8c7081603287ec13bd90055f304576d72f232833b03dde4076b5a5afe9653846f5f85b30dc3fdc93dae71d2b82bd933702e2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\BiwUAkMs.bat
Filesize
4B

MD5
3a3c86b1a2a7e21eb14232fe2b159371

SHA1
080bf18b85645358474c3d0f5237cb5eceea1739

SHA256
92f335d8cae4473ad7933a234627f1e8dadb909ca4dbca7624251d234a2c31c6

SHA512
70e387457b9581bc7ba1a88fd6d4819462d3d028ccbb70d4448d70d9f9d36d4c2bfb731722c4013fc68c482456b5e5f6555cf6f1ea8f30d4bd3aa5b414eea6a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CIEq.exe
Filesize
239KB

MD5
e5ba2e9fb66dbb0240618d93848f2a0c

SHA1
ec9b7b09a6830d53f29a4195e663142628637ff1

SHA256
736ec33059787ba584d15a496731a98de09c3281b3b5b05d39aebbd3f14f47b9

SHA512
4e4cee9238caeb399e7725c758b7287cc3d6b5d9b489bb10967f3674100aaf3c5c5e17bfd74322268e3b2052ae762d5ec70bc6aaeef1e51348e628617f5175d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CKMkIocI.bat
Filesize
4B

MD5
ad0eadd6967ec1646bd4469e56fa80d9

SHA1
f5fdec162d552b2503bc412eb91df2d4d351c0a8

SHA256
8c2313e7cee7deec44a80fe399d45e42e27bbf1404a7ab11fc4874433287056e

SHA512
ae93722e402401012c8a42bc1c6e05a7bb53a7febfd622a5a8d94cd86d69b2376c3100087039bafa3e4e093df0caabcca0ade797ac9fc1978a0db104270215e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CMoswQoo.bat
Filesize
4B

MD5
e215d13bf107b0ecdafa9aa35b5a6fdd

SHA1
80dc12989218fb3a35c2d8a432845474c8dcecbb

SHA256
c548f376b5e9864a839b3de59b715ace6d034c8bc63e693275f1af89ec9878c8

SHA512
29d33eca3c0826db3b6ade568c9cde8a9af0af40ff69554fc4311c7bc1f353c7a6a3936208396ed7021912e0f25a229f0fa19b537124f1e8113110c4f30aa2b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\COswsAEw.bat
Filesize
4B

MD5
09dc16f5d90e0ee52d34ec3ccf51e661

SHA1
b72cb19c85b03b0f7dfcf367aaba42e7ff6dcaa9

SHA256
9b7efdcdbd90d05d6d17cacebbb5ae0abec8f3828572677fade14c1dbe6e67b0

SHA512
479f5040c248ce3e8bb299b5e0de348983a0533420fc951f4d091c6aabeea6496e3e65393f903e7c58114dea8090ee2835f9cd64f698b0ef41df165284119bb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CQcW.exe
Filesize
238KB

MD5
24eb9ba32bb05f182a86eab071f8cd1d

SHA1
a6438a6140f0317799ff2fcb8fcab5dc74ca1ba4

SHA256
4f6d0822913891fb928ad40ff914502a919ed82131e68c2dd86a28fb76e4348e

SHA512
976884d8784a34314bd78864b23dd1a6d84dc933400ca80d1e10ef177f81291c15b043ffd5921e55b75b7bae89444a2047579c8328598045951c5d88b8cf5697

Download Submit
C:\Users\Admin\AppData\Local\Temp\CSwQsIQs.bat
Filesize
4B

MD5
c27e7accc9add34565394d51da7b5571

SHA1
7d15505a802dd9ce351a3139361c1bc8f8ccdc0f

SHA256
0c2d4407d5b47968a5dd5a46fc079f70b5d96f39c531a3eb8ca87f37b93d34ce

SHA512
2ebfb6d775d725f024c286ce13e791b65daa74b1e98f114bcad39c12a011603f1002596ebaaf0cf14d6cd263ef6fe4c63653a135df62b924f34bd15630a45a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CgEO.exe
Filesize
241KB

MD5
28195bd4ec7765a7863cb7e9a01c5179

SHA1
b2ff9f19e9277c3cfef9d1e000bc6ecdb0edcc44

SHA256
0658ebdbb97f131b62f28393f52f99beb10232e12747492de5bd23d49813a106

SHA512
8a88a1bb5ba27629dd842d6de142f5125f4b23492328910010bf44a674ed8f5f964d08e4007062a8fe836ecf2f50a116212f429b197bdf5394f01994fbc7a10e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DGUAgYUk.bat
Filesize
4B

MD5
443380ffb8f310e3b9f6897df22a311e

SHA1
d7ffbfa9d7ba191064c8886470b3a071e0da3413

SHA256
d73babeb506477d57bf11b76a952dc3f280f117a80b42d95c90a80520940a84c

SHA512
64ebdc88d9caa83ca2c73dc77e6b7685e603ff16d10b34514dc4e68cb81294661cecdb4cacf6c63c084b555ae54a30d2ae5a59d26b35e9e15df6d20593e4c7c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\DIwUcQQY.bat
Filesize
4B

MD5
aed23ea93daaf7d1d3bf0225e3cd7e5f

SHA1
4667f85dca9a5a9b84923cd7a82c242c673c509a

SHA256
ee1942a06f00c93b752c808a86594dfddd6e72ed8b864d50a40b63b263170b16

SHA512
7d8ae3d5f88cd639cc1dbc3e96e29eae1951f389596c60121d15d2d3de48ea276c7b53ff73f5bc683b35c10bfca55aa5a0d3bfe1b8f4c311432e0ebc021403a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\DcgUEskk.bat
Filesize
4B

MD5
05b62f57ea36e2133b5389198f07bb4d

SHA1
b2295785ebc4779e59273839648bfbf3451ab0b5

SHA256
d0025e3ff935db414663d31f114280d67cda3870736148cc3ea4b1e806ec539b

SHA512
d47d9f624c084305b9cf76a18461ccf2fcacc405be56e00174e3862f09c2bb8f82401f283c6153275f8776c2ae2adcf5c0efd4400f48bfbf5e405cda726eb339

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAoUUwsc.bat
Filesize
4B

MD5
26baa041f353d8a29665c31ca9c2120c

SHA1
8622b2d4ba2fe33a6962df0a405068d00cdbdaf9

SHA256
e146d123c96c1a5277f0aa5f1e6908d4f8821613ee46855a80eb74394472069a

SHA512
fb0c747326e6b33ad424ace1b42f0768c94e66f4e7a9c5d6956675c5218dc00f6bf3eeee6883346db0ac8396441a38e9ca4c72055f489b95fd19270df07956c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\EEcO.exe
Filesize
236KB

MD5
4bbd3b6a9c153b6dd984f25d910248eb

SHA1
1f7e5e3f59c70fb29730c87bb58f4f071d9377c1

SHA256
b39feabd96608a04bbb970fc04df0648e73564a7dd243242142199334b05dc64

SHA512
364e28100ee9e9a38d38093806790e14c55873456c45081b97c3b453a04043c3cfa910fad6a75ea6c30d777892aede44b19a24279806f4b2ce90730fb78584ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\EIAk.exe
Filesize
215KB

MD5
9d8b0c1b148776910005c26dcf100d55

SHA1
ecbef0b36b7eee57c243c84797ebf9af124cba5e

SHA256
99947b4897ab7b21fe2624072813742d46834b89a999ce700a7f5d899ae00bfa

SHA512
e2eb62d23b8e9b9e8c825cbc79b5c61d01b32075957d36107f25260ce2a56d4414083402e2ea980989218e160b43432cc1ae3b8e25305fc30fa0aa52ab2bf9e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\EMwIkoIU.bat
Filesize
4B

MD5
d769334a4c3526ea8a32bdba46988647

SHA1
0417396053f0c87b94928aace6b38c854b89f89c

SHA256
92a088bbd27e5b65f25e3b42411a6d023d1e98b8daaf89c06b7ed1859d32c0d6

SHA512
ee0bc6fc65e19013bd94ae1bd1fac2fed196224cc1140cc1a921d859759ce616327507c8a0a6ea1f3daab87c84878308a95d5d32d9cdb22dd6c573f028dfd83b

Download Submit
C:\Users\Admin\AppData\Local\Temp\EWMkgMII.bat
Filesize
4B

MD5
e1f30d28927337db43495d0202c8d976

SHA1
33146f0a939523a91772624f37d4c786b9e5433f

SHA256
b4f6df73ed54367fee95fc248d4c8c1fb087a7ed6f5314dca5ed7f3f76dc2ccf

SHA512
9bd22e2f5ea060b0240c7bc4a3fc7b79bf252fb945c4d22ca21fc8b3a25362a2a5c1561408092d7509c011a4629fbfc1f564fffd89eff0ec4e403c0264966edd

Download Submit
C:\Users\Admin\AppData\Local\Temp\EYUO.exe
Filesize
189KB

MD5
2632959be274871db9ac0a09af8e4d91

SHA1
bce94927021f1fecff16a9a543af1f93ef8c5e04

SHA256
4c610db50699448f59d28dc60c1e948b31f398234df885d897e74bdda1c2fafa

SHA512
e8fe4d0690be1f9a978d5854d97d1ea810f0376b3a287372062732e99a1450e5bfcd5e553ed0ca037f82098d10ff2ecd72f61f71f15a641265b334e95fba9641

Download Submit
C:\Users\Admin\AppData\Local\Temp\EYcu.exe
Filesize
199KB

MD5
814fdcdb939a967a4dfcfc45a6278c49

SHA1
e812e3e3a7f4e8b1e6b6928239fbd9b9b14b525b

SHA256
62b9dc05721b8e9175b88018f14db6925dc836ef5c26f1347df5ccaab9b692b3

SHA512
cefec299fc17bc3b21e9979c6002d1e1975a7e3a4f11e3d74f2ce803882e7e18dd04675e429460ad0ce1a8df3edc1c768c65337b3728fbca7caae8dd97bfdf70

Download Submit
C:\Users\Admin\AppData\Local\Temp\EYkwYIQc.bat
Filesize
4B

MD5
489b7e887439648ddf859d708802d8e5

SHA1
436857f0b4067acf117022a7777fa6d870e46296

SHA256
9f5caf2644214dc8d93dd6cece5d05740e8b38f0d4d956ffe08e6d55de2283c5

SHA512
b60009543326d4fe36c1b3dd6506aeca27aaa9e622e7ecf0edaf29d2958e568b1af80ee39f0fa3de248264ef1546ec2236ca8290c278cee96df48cf69eb4ff76

Download Submit
C:\Users\Admin\AppData\Local\Temp\EmIoskks.bat
Filesize
4B

MD5
f6419efa3eefb037c5203aec5b9ce9ac

SHA1
a55e3b3a03536d5b18a1388532d20fc40904ba1a

SHA256
84f6ce4b49191a7612db05312390850911ecaf5126b262889a4a973be217ea58

SHA512
be212edd542e48fe6ce9b37ea8ba355fd5d56f4766c20807ec254f8e70307602fd7f5a6ec91e22fc7a7b6e59f07c31af2a2b05cdd7eb75eec56d2d00be26dd4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ewcw.exe
Filesize
253KB

MD5
7a2687b9afeae1d34f18950cc7dfd322

SHA1
56bedb5ffa6c3196290d8dfc3404f6ea97a8cdf5

SHA256
70c7cb576bdf1eb156c33d2ab263dde0fe8db99ed348db425026c57e64f00801

SHA512
a890fbd2d70b0d4266f30a8a7e7a780b050bf8a1049fddcad6985815ad4d3d07fd37bfe56b0f64c80f619c7420f317d9e0cf2a43b645546cf127084b7d19889e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GEom.exe
Filesize
4.1MB

MD5
f41143a4837269ba1da200191de74253

SHA1
e7134c3fb7c148b33f4fd4deba99f288262bcd1a

SHA256
922a5712cac3aa261cd4b3f65a89252d03f45d6256bc4a1e92cda4736909d329

SHA512
b3afdfd7af5fd03e542503eb911e8e869de96c3c8e58fc4293dfaf70ae4edd7a085cd11b4acee58e418fe5a7076629e2634b6f92df6030d208e5021216284239

Download Submit
C:\Users\Admin\AppData\Local\Temp\GIAYMQMs.bat
Filesize
4B

MD5
9bdf7a754e8f86094f430301c708129c

SHA1
71ad5ea592425f8ab4d1f68b7a3b7d7b8b2c396a

SHA256
4bc20fc2fe39303d68208d0497dbb6792fe80f04981c0132c6977732fc72da53

SHA512
d1d57939beb96db17447f385289f0d3fe627fea264b71640512b31c51e9f277eded9ec8237d46d1d4f8ee5be83277ffbddb1dd43c06fc4284be4de4ddfc156d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\GIgI.exe
Filesize
596KB

MD5
053a273308ddfd53ae142410a27625d5

SHA1
89c043e88554b26241aad0734a0d460cd140f651

SHA256
1788df677d4b4163947077cd4709e1f71467fdc5de52b05d381f5aa7ecd38901

SHA512
ec75a2cf916c73eccf0a4950e7ebd40145f9b9bf214950e01850f2ea90791deaadc968731a3ff1108971ec24b3c103b6494f433123a2eded1cee4d905ad89ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\GMkkUQgw.bat
Filesize
4B

MD5
0cf08ada6cfd8aac9afa0a833ee9caba

SHA1
1cfe2b056fd4ec8e4f56a118c09c89195d97c01b

SHA256
a0e5b66ade61fc337a283bd7d77309656ad5ca769918a8fedf42c385929c975a

SHA512
0ba49a7ce2438f99f28c4b5e7a6119da7200320bb5018e87f6547748049f7af5fd1df772bbebc637f3ec014a46ecd79fa502bbb6bcc501f23016a79aee2cbed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\GQQm.exe
Filesize
232KB

MD5
e5268edfdd44699b6c3c7b2a9a08c6fa

SHA1
dd2047374603419b83ed42b6ab391a8d5a3872be

SHA256
68932fee1abfe67b02c81b27f2fe0fee834d2833d67dbdd080aa945c0d069751

SHA512
bc33ac809c03360a4cfb814624606c9d4d70e79fb118ac5e5d4833d8cc8af31ff2ec5808b5a0a9bd2122ab6ec8268c42f7c5b503126c01921434e0c07b3da4d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\GYge.exe
Filesize
201KB

MD5
30004be0964ca12e10f65dfbff6fa9a3

SHA1
eceedd80b153f7abe4caecb6be89e1bdbf092e81

SHA256
de1e1c100336a318066db7d9f72188344d567ba5d311db1060cf77e48c921032

SHA512
f1c6c2f5db94fb9ef34fbc57e962a4fa1e827709dc08bf0392c1190137f20e244a2aa380640fa33e4961a2abf932a6f7fce79eea85f455c17b6c708e3b4ed27f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GcMI.exe
Filesize
734KB

MD5
d70513b6bd055eba8ff96e61cb20db60

SHA1
4cc80cbcade25dcf0d32014f251e1fc47af51950

SHA256
e2988b0eaa32449e1639d95c164e6c24a55a3b4cde35c7c8c60221d311afde17

SHA512
20350d61bd7d08b9af7d8ee77ef9ca36814837928b7049d0e5717e058486fcd39209b36677b5c21fbd373f9d69e9a25a343cc28496de32eb2907c53c863118af

Download Submit
C:\Users\Admin\AppData\Local\Temp\GcQI.exe
Filesize
253KB

MD5
c48dc6fdcc2c961e6f81d0c823fb1244

SHA1
055a1cb5ae02b654a8846775341b753148b0bed3

SHA256
42ca9de3fc3e15d2c1b5a16d4b6ede9719a730447529d5a9c8bd4c739282d449

SHA512
9c8ba4cec030989bd19fb0c782554b015f93545c24c62ff8927c8c1769d72e464dff6dcbe59c7036010b5dc9534c65786e68d52fc4d7cf8ff7a8fe518a41c1f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\GsgG.exe
Filesize
246KB

MD5
cd216709aa0a7aedb9315ad3b1b738ae

SHA1
28a7f0226716fa2b9b1c720a7b010b1e5af099de

SHA256
5ed4d1426e85355440f5f5caa1b519d62def4cafc990b3c2ba18f2e06a1bdddb

SHA512
6864dfb1c5742602921b6d3ea3b7537a1610b69d67d912b53a8af4459e4b61dd78ed95a037d793bdaf59de19f877725bf8e1ea6119b693ac62314dfbeba0aa16

Download Submit
C:\Users\Admin\AppData\Local\Temp\GsgI.exe
Filesize
245KB

MD5
54b308a4e81af17f84c938aa642cfd71

SHA1
3d3f592ab4e97d38092d7b79f29b81935195b189

SHA256
e4d0dad66a71b72252ae4be188f6b1532f3ce664612bf8af6ef8e735a2eb351e

SHA512
0f1b819c8a34bdc6a373bc972bfc1d6bb23ffdc0dd550b1ab4a7408c98cb9749475050d94b4f031dfe8ec0421bd33decc6f6e6fe9f16024b45896deae5adb438

Download Submit
C:\Users\Admin\AppData\Local\Temp\GwoI.exe
Filesize
196KB

MD5
03e43ec247e0dd00ca86fee6a0597ee6

SHA1
125b85b67c26fb57ceda34e4b1612cbaf8ae7c40

SHA256
fac884ef4693f7bcf4b573588506c60426ebd5229588ca0925b82553b3b0c795

SHA512
7d0140ef2d07ce670362a835708a9851f15f7ebc0108cce652ca0e93bb7cff0845ff6ef7d8d1b18890f50d849c07f564ac0c99e9104e306a3a082d95a7070aa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\HKgcQsww.bat
Filesize
4B

MD5
827ec0a4afbaffc9188b2135859272d4

SHA1
bc1bddad701227874fe3308bf88f33096997a80d

SHA256
dc2534cfeb7727dff7500555aee329cd62f2170bf3f0cdb466a4b538cd046121

SHA512
de605b9be43ef0e66f133da6dcf7ea67f2972f6dd9721e50aff02b6db6997cd692ebeb5c877c00105540f0f71bb938e2aa268bf667f6aecc7fe8ceea7c7b5e37

Download Submit
C:\Users\Admin\AppData\Local\Temp\HyEcoEIo.bat
Filesize
4B

MD5
570fe5a1174fedf0e229c5552995c6ea

SHA1
103de10ca22180c9d03ba069b5cf22884f9307b9

SHA256
b5d133f6acab595cdc946c64a85be18ed388524f91b224ecae870b7390448369

SHA512
1dade0fed86301bd5aaadf7ba055771e59889fa1e9b9c4139a7b0481b3099fb1e41f9fe4da2481e5e600090d919f3dcbf695fb6b200ca359a423b2cb64b1646c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IGoAoscs.bat
Filesize
4B

MD5
5e19b0d8324eff4e604d00b3385ac7d5

SHA1
a6650ef5e67172db601546e0164412cf1e8214b3

SHA256
05703a7d7353285402f02ca841fc5530d2d4fb4f5dd8d1925d5a30e29a058cea

SHA512
64c37e563d3e36586a79a7d60c76db602defb3bee80bbd205dbb0e3535e073372c015ff7dcef3efa3c2c2a240856fa52537e8b2d9c495ed810854c7714e7541c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIMS.exe
Filesize
1.0MB

MD5
e325d56ce738c7576ed9252e68e40a1d

SHA1
7ffce0d33404e689fde4d345d5da5acc7e32e504

SHA256
2b763e22ab760f10cad4b5a0ee53d78e809cbbf41b0a7bd1cee3fb33f96d7f4a

SHA512
25c179871b63332179757061744aa2a9a4347ce708a7993433c26e70a7a31a90dd35451d99045ec55bb05dce72d0dead9d71bcf6df601321fb6c4d70e157c2e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IMES.exe
Filesize
230KB

MD5
fc83ff0e9123d7e184d80dc3ae212760

SHA1
04a292e488447a53cfea6aa0a7b922748a920368

SHA256
9742293f988f5fc530b34506cc297777f6be447e2e5035c55ff10ac923b09325

SHA512
783f843affb8f58183b2f556cb9085a1512d7aedc2fac10ab454463eb5d5c8db4738404a16bcf49c5116feb233c3ab1e69a0039bf90e20a8d87586d1990949d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IQUo.exe
Filesize
211KB

MD5
8002fc215f95b459e568fe1671134f83

SHA1
6fc56b2a5233ee9df25a9fb0ff9b142a65b19474

SHA256
5a2014d7feafb3474ca6e27eb1e14db6435dbfb39ad4d0428dc30acee57aa360

SHA512
0e1aca1acd148cd16328e25b2c5c97db2873a0eb524acaa6d423136d921acce10f11d796d4c6498edf81cee9b4a3bbea6db012e99991091228267aed39ba8908

Download Submit
C:\Users\Admin\AppData\Local\Temp\IoME.exe
Filesize
245KB

MD5
04d7783aeac34e28f473353d35ffafda

SHA1
6b16f529918b228596c39735645823d1ecc5b34d

SHA256
4001856475051c518911fbe7363af8a04abfa22ce59eb2be94e913606eaf30e3

SHA512
717a5ee913a4b8265ed6872f3fa4e366a93a9598595b54529617d9f176921d903975eb3ed735047f55c899df1d0d0ce33a2847a7f6d2dc5144e5a91301624cb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IwQM.ico
Filesize
4KB

MD5
f461866875e8a7fc5c0e5bcdb48c67f6

SHA1
c6831938e249f1edaa968321f00141e6d791ca56

SHA256
0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7

SHA512
d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IwwocIEc.bat
Filesize
4B

MD5
1d7065dd7445ba5e5e4d27b581d9b2b0

SHA1
b154412e7e33cbfd634df495eb1f0ec65cc9617f

SHA256
01e2568093b896f01ef92845f8b13c26c3318e173eafd564022900a0cbfdcbb2

SHA512
213c0612f7bafd804bdfc984dff76196255538bf31a18524bd5a4be4861f72933fe1c6404b90cbeb2d6336503254849425e82b5dad9de7fa18b3a9a032d0d576

Download Submit
C:\Users\Admin\AppData\Local\Temp\JecMIAoY.bat
Filesize
4B

MD5
829d9fb436c170e3f91ba53e0dbadb6a

SHA1
db2ac0f06fa5017cd4f7a93f1281244680c01338

SHA256
16571a10c737cec2537034ad4fc0bdee4742e727d56ab98017f08db1f7f2f613

SHA512
99f32348ea617fccc1fa77a8cfb2f8d11eb1013298d32c29c30b3f7b430269fa83e43def011c653712b0a34a458b20ae4d167c4885b4410573eceb5706ca3712

Download Submit
C:\Users\Admin\AppData\Local\Temp\KCksgwAQ.bat
Filesize
4B

MD5
50d1fb5d7f9afa43a13146a4d7b64d97

SHA1
24d8ad79af59cc4746414ec021637af21613d171

SHA256
f0e73805238d8f698980eedb4918b65246937711f961acd3cc5fd962a6469712

SHA512
d822eda4eac341e84f0a41c0de1901fb0f579a162b29a86520e862343659674a21cedff6133a7fe252704d93ba5d38bb09d424ad0cd0db1040ba35d760d73969

Download Submit
C:\Users\Admin\AppData\Local\Temp\KGMAUYIw.bat
Filesize
4B

MD5
b72e6d478925164cb354b531409366a1

SHA1
ad8c50efea86fcf01bada2efeeaa3f042da9d9f1

SHA256
bff9fd01aeac348af40d9e4828abe33f2157cdc6be57087747648d214906a12f

SHA512
bc6cd162e37e9a15733d9e4dd4e417461ba913e93c4d3c9aafb218f25917a172ce7e2dee4ba77a3aa21824d832fee81253acf5af4948e2399deb9dc9786b98a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\KYEA.exe
Filesize
228KB

MD5
7a6bb8466103ba21d548d1e22cf653e6

SHA1
06f31ec89bbb398af7d67931f5cc1b4edbb9e5c9

SHA256
644baaa50f758ac430b50412210ffd991bd65829c32d642349a77114c2e85c6b

SHA512
76a09a520c0a48a09cac884212dc077e8873d2721d95b07488c4320fb4bcdbf0d41e66808d6c329be2536b744ea70184741b7e79225573c557ab56d994627c0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\KYEK.exe
Filesize
643KB

MD5
b0d3f5871e64f33afce8e5aa4ea4eb92

SHA1
29aa750ab2a5abc166bd8dc1136c08b24d4fe2eb

SHA256
c183d54dd5e9048a6125e87dfbfd425321ec5bcc1ec47285357ce3412f97ec9b

SHA512
cf9d68054078cd8eb9ec882ceda2a72223953da66992bc1e7b79ab0b24a4e02e5a40855f9e2829c1a52c32f32a23b0c978dab5c709cf9e8eec7b690120c35c00

Download Submit
C:\Users\Admin\AppData\Local\Temp\KYQY.exe
Filesize
252KB

MD5
bc567f99cbf41abfa3a8e04c1eae2848

SHA1
0062f0d46bec7dcb2dab59ac317aab9677c5134b

SHA256
ceaba89d3ed8fdf3eebbc8221fae81e7f064652bb7b60c78b63ee626163e9a9a

SHA512
994343e3e701e85dafaa6ec524f36ba0c88472f6176296c450403f27fb7023a71562abca117fd7316c8e234b920166c1c8df2edbc1e294adebdba3919cf49851

Download Submit
C:\Users\Admin\AppData\Local\Temp\KgYy.exe
Filesize
195KB

MD5
2b7fcb0df4a31a60067cb2e9376e19f0

SHA1
31dfb5c0f10b6991b9765eb961588be38a1ff87f

SHA256
94c582d55f8159b71621ebb7259cb223efa1e4d68f90f8fdcb06bdf56c1da288

SHA512
9bf95b18ec7388d86dba4132bd8a04c358c6ee8329bfb1f2f477b9fbdba7942b44d3d9a0c67f67261a4f6f51f5bb3fd7a6289390f4c5043a1a164b91dc19fbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\KggW.exe
Filesize
242KB

MD5
736fb3b10c6f93dd668bae9a9a5e006f

SHA1
9969c5f63499c1986bd474f28ba8d308158f1aed

SHA256
0fd66b8527ac5025c6851fdfdf26aa86a68f11895d2a51a4ca0bd9225e528cdb

SHA512
858f5dafef49d15bdab469b1e361f949769090310b53f098c51265d99930f0a15bf6dc7c22950c4bb2d8dde7e950a0fb3a73af90dfff8ec048818c022ff5e09a

Download Submit
C:\Users\Admin\AppData\Local\Temp\KkAq.exe
Filesize
198KB

MD5
20c6e070459a4d0913ce557cd2dd8dbc

SHA1
cc17a87e184814973cfad720af4bbf8c1f719fdc

SHA256
1eefa8bc21bbc8d83ad93f1d5f09daa63fb1f9d7f77d9ddb8b04bcdb1e395014

SHA512
370dfee370e33d6eb7b5dedac178fc0ee96a7ee8271a4c479e866587dda2d8b8ccb3e77064f7f737da715b8e06feacd0a40a832691a8f7578186b189da632197

Download Submit
C:\Users\Admin\AppData\Local\Temp\KsQi.exe
Filesize
219KB

MD5
1fbfd0e8106aa7462104947402dd888f

SHA1
842a31f81d3b996bbad5e5532403443c3c471d61

SHA256
0d56e40b30e0adcabe11f48e83fbc5572b2e0967eb3aa25d445be7a137204ecd

SHA512
f339a5c60396f6855d2925a1dcfa5fa034ff7f11252a54c89f587147afa685aa7cdbd1a5ff3dd980eb35a432ac167a91ddfb24c4c7aeb65e4944f567e5164970

Download Submit
C:\Users\Admin\AppData\Local\Temp\LSEkQYAg.bat
Filesize
4B

MD5
4dfad1159a00a13e34506f22287d56cc

SHA1
8a6019ae9cfc37f53404ac6f77b2d0ec323f7356

SHA256
eb7056264d9bc40057b4bb7f6ec65c845665a189636086f62b3546290c6d5d75

SHA512
3b3a5ff844067fdfd6f4cfb139ba475da0542bd18536da9904609c0316e4dddb137f3d658bf94b3c65fb064ccc7db9a74ddec823e1df331ae5db2914de19d288

Download Submit
C:\Users\Admin\AppData\Local\Temp\LeUgwUIk.bat
Filesize
4B

MD5
63dbf91add152bfc5ab2239e0c22a63f

SHA1
39c179a699e5b52e81f6b24a1596c32f4c1be4d2

SHA256
2b17fc5db89bccb96e7a3c950177c5ad5c90aefe889ec47b55b0cd8e811a7429

SHA512
14b6b15f54160093f17e45f159d3c73aeed0c01a1ebafbc232b16115bb487bee62799f6d98e0212b4d4e33f9c2ac6bfeae65ce28bc9fa0d38fff9921edc8a432

Download Submit
C:\Users\Admin\AppData\Local\Temp\Lggkocwo.bat
Filesize
4B

MD5
26012b05979163810c0ede4e84ec5fcd

SHA1
3cdbd3890cd41b232c9c88d9f1851f5511f0edcf

SHA256
533d4fb208d83010e486725d2a318c83c766413bc8580590afbf38c8aba74954

SHA512
875d78fc8259c212dd6ed40611aa5f04ce9eb38fcac649b9f3565b947f3b647e000fe3b89ffb567b1bbbc6d75f46e7e5cfa96098fabe833789825e15ed0822e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\LuIkEAAs.bat
Filesize
4B

MD5
40079f97f607a4c7589c4a5fdee3e730

SHA1
56bb0279d36248b25d236140cd71542e756f9024

SHA256
20615d8ae8ccde2fc3db1938ac7dba6ce02b0e867266b2f568a5f0c96054f672

SHA512
75fe948b412546a7a371055cd4c0109380323a8960663943cc7f242bd04c7c58108f6aa7c7650ba8b87729be5cc175014f61d07b8be30e1951490359f2b543ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\LwgwQAsI.bat
Filesize
4B

MD5
b4035a23f19397fdf91fbfdc988e9dab

SHA1
abf3bf58b85465458d6041c34ed41b09715b3926

SHA256
a172e09e98e469bbe2d727b1748026fbca608318f75c7386025b35926de21f2d

SHA512
4f1d477740dee28b9dd9ac85b1e82871d1716b647469a80491b1f39abe42619c2ad641013b1981d2ba876dd2b076923bc09be3c95285f53246458e29920647ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\MGEwEwgE.bat
Filesize
4B

MD5
43ea1290f5bc4a9c2f4b8e8762933a34

SHA1
4d1e09ab3141dab586a51a0efc9871fb199315af

SHA256
48ebcdff5102b6cd0dfe2d8e8f9679260bdebdb5d676cc56d8060cd19c667862

SHA512
66aae9406f9500787cbe95c0cf6c2b71d723c803a3dcc402fc3a97eed2222fb4976a1ac2ef854b9febfd8a7a4ed7269a7cff20e36838dc845147ea3f5a8ee7e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\MIUg.exe
Filesize
248KB

MD5
103d696a94d80d60f49eb9ea51c4f579

SHA1
af1493247dae6c8ee58aa702d4ddaa758d5c1ef6

SHA256
59e556180ec415ef666c882321f9b92bd247d541c14bcd4091605e657cd1f238

SHA512
8de1008d85bb4151e446187c35064d6c142c6515ef7114775d482ff63f97a67ac508f8f5d4278c47fa82647946f327c8aed2df154deabbdbe811a83d6c8e9c74

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSQsAoMM.bat
Filesize
4B

MD5
ea386fcd91f005b788c1bb7034a933e8

SHA1
dc02d800345efa009a509b9edd8ed8304231f217

SHA256
7f037ba5a4252797fdd6e3e98a4d3538ebfd7cd8b0151c3e14c95b3676af0fb8

SHA512
f9075e6583b148410b1ef3c3e97e1fd053e517eee8173bf31625e93676821399cd54b37a42009df382c8afb8b58c5cd5c93b43a717a4d649b6f302dc327cc2e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MYwo.exe
Filesize
1014KB

MD5
17a79fe5ea5170f9d0d3ae1f7e88682b

SHA1
9afd1c3b5e4236f358b653e43170c6b98f7ae3b5

SHA256
3d0df8be885f6d4ac86bf71da25f526d12a27931ca2605f44a3747b06eba4431

SHA512
bde9da66b256bfb828b9be798d76fb3bc97259a01c9017d53842823a66828b6b6055391055c0892d58812798f6f101a58f5ae44c1be6910c375a238183d42321

Download Submit
C:\Users\Admin\AppData\Local\Temp\MsMMkEMc.bat
Filesize
4B

MD5
483c5718cb7bcd62c260c45952be941e

SHA1
aa59b04995bcc222ca90c6dd01dde00b7acee6d2

SHA256
164069c8b9949e2e02777664696748f064ca3b289793642b5316377cc85dffa9

SHA512
bf97aa905c49e609d9a3aebba42d6a7071e755c81764e8e58584e4ab60d0a7c2f37422b2196171d8f6fb99daf0916740d9fb726883605c3841ede127362411ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\MwUE.exe
Filesize
237KB

MD5
acdc81f3255601262acce4ee4d361261

SHA1
dc4b4e57fa52157ebad0e9e90a508f1a76ebeedb

SHA256
013b1da9f7d05f82b747d976519689a446a52879301116a38599a3e87442ab68

SHA512
ee9eb37239037d9e095cede4d79d464f3a5b94c83340860c5146a10311547767da63df687f9086baf8d1754d05e494b22704eb3a050ac0cc692fb5603b4c3b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\NYAkcQcw.bat
Filesize
4B

MD5
4d9b4c24329ca7b7ab02b74d81a8ace0

SHA1
b402fc273bad6b3e834f3318dc2bf6c62d77ba32

SHA256
c295c0a2eccb0b1ab5ff5d35e862042ac45657304b9bd4612bedfb652f6d1eb0

SHA512
5e5f4aec6f199772e889c870be36e1c6a018bbffc1e9667565254bd8fe940ffafc3cce2246396cf9172b643a33b44d724e85b0c7fe3699d0215d9421793efe1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NoggoIEY.bat
Filesize
4B

MD5
998cf4a660cf0830da4ea4b17d065073

SHA1
7a0ec95567468d6fe232c1158ff6f06eaddb8328

SHA256
99595f0ba09dbc234e618fd1e6bac9661ab89da250728555b6807598ce653348

SHA512
33de01bb94d5d6f50378cef6ad700464199f5fc5d6a894162c747863523ad79ba82a09b0d824831bd43c7ef5c350467ba9c40dcfdf7f3dae638b8638d5666c64

Download Submit
C:\Users\Admin\AppData\Local\Temp\OYoy.exe
Filesize
235KB

MD5
3973998de5ad97776b440c1bb8a17ffe

SHA1
8bfa0a53f23239a056127d7bc4775bb1ea14945e

SHA256
244dad22bd4fd9949e98e6b1793219d726350993113b95d047e6f5fa2a688ada

SHA512
54675f50dae9b163abfca7a34234a7e52077afab12aa8ac3e41aa58cbb1dcc7541edfb8fa3fbb9edbdbebe4ef594d3883865cbaa3d8871e6a77c75825a271cdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\OusYwQsI.bat
Filesize
4B

MD5
f78c497516992d92ffc54969da206f89

SHA1
a0b3ebbdae6d07ab56d8ed109711c67d65cd8eaf

SHA256
2af240ee6770673a5ab8d268efb298e4947fcf7161325e748fd5547ef867d9b1

SHA512
34842ebff5305188a3299bba8606bc524bfb69946fc9839d332d6bac826d8fce013389bd1ba3bbe772ba595142478f8f6af5ba24a71a6cc1bdd536935669f721

Download Submit
C:\Users\Admin\AppData\Local\Temp\OwoE.exe
Filesize
8.2MB

MD5
3c59e004ae8d85cf63d3ec17e86a557c

SHA1
aec4a888910224c4c2ce9e2efc0c00ba8252aad7

SHA256
6ca8ad264a2cb6257039f9dd307b2b6296a8d9c3eaf6d89898f1eeb546f4fe81

SHA512
ec64c514349943b093a522a11ee51448ab0c84efea6aa31e91391df638d2e71ba6f59ee3f8dc36d2b70e918d57ac48f472a915b19a463e6f1900297e14d87653

Download Submit
C:\Users\Admin\AppData\Local\Temp\PCowssQc.bat
Filesize
4B

MD5
29345be9330519d450db561e15d31eb4

SHA1
58efabb7f8f78ec2f72b4020cccdffa6e91fde9d

SHA256
acb105fe54b04bfb3093b510b89749b18e8356a60161691dc19759c605448836

SHA512
cfe2f4cebbcfe0159226658bdb6b1229bc6ff67240557a9eeabd9ef0c84b25c52e4aa51437044359e35df2e1d4afde0158404ce4811e4385a7398a3ffed9a3a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\PmUwokcM.bat
Filesize
4B

MD5
bb2a86d4bcec628909daa246de00e4bd

SHA1
e9c8e804d5b609380bbab435a4fb12f450098e0f

SHA256
4cf9f26582186f5eead06d8ad9ea664481855900b06276d1d0de4768fca797a8

SHA512
f4d557ea5082e2c666e7c1d75c966503909733fb9ca9b01cf5779a0cac8cb32c6bd47ddd3db402446d20b6a00d644699f404e2bce97d21a4cacea4a0b62d3c26

Download Submit
C:\Users\Admin\AppData\Local\Temp\QAccAQYI.bat
Filesize
4B

MD5
7ff83d32e4f408ade8c71496945c0874

SHA1
6db4f600bc024f8a8e8137ead03817ef30fe68b2

SHA256
b93430edd6046eca43ed16907277e7872684512c22e95aad8c3f202fecbf8678

SHA512
9d64e1144b01f9b31b298571e68004265bdf4ee8de5303a7724e1818d0781f6a1f8e0d713a0e5e61d8b18fd9252a3e7484cfb1ea0340eb3f409d70236935de9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\QIMw.exe
Filesize
223KB

MD5
40e3c74649d1a19b71af04a812d8e71c

SHA1
ec55b686538d9d806ad2c3bf23e13994f7651ee9

SHA256
ca9a75690e74c99c48b1b1027509554f65f6519f55b970d4295926b58acf1fd6

SHA512
ef680aef7fd44277102fff3d0c9ff78135a8ce48b5685e9de5d1b75ab7d3271b51e0ef86d163518f0a5bee62fb3ae0d8566d00b3a4c43f8390edecff0fd843e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\QMAc.exe
Filesize
241KB

MD5
38b358ab1c1d18661558f1ecf4d56d7c

SHA1
9009b480a11b121d0d8713cdfba78cc8f67a6f60

SHA256
b99533ef8b793eeb01cbbb683d8f4c55895b9a3093e00ade6e611d3abd1a3c09

SHA512
fae978d8729bb625bca6c8b79b2cc972277b0cbf3c13b4bdcb16765ff6290bcf64ee7d540eaeeffb33a4a9c73f781c9e2f0a793ba0355065ac5499c137b54a39

Download Submit
C:\Users\Admin\AppData\Local\Temp\QQUYAMQI.bat
Filesize
4B

MD5
73ddcc3cc626150a4a6dc67a80d5242b

SHA1
6c6b59a9577648cf3f17d8449bbd65da3edea517

SHA256
0fd789fbc804783c7470272690f047ae46ba8b846682c3d909618dcfa36bb892

SHA512
2b3693cc173d9de6d6c2deefc376bf35ca2c3c64be4499f82643b1bab2612e8177e0c1038ef3673024308198108c3298366e61e5b4b66a21d94ec6fd5059576f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Qgso.exe
Filesize
796KB

MD5
b283ddc3ae36242ed39a03a99b5afcc8

SHA1
00edb62a0dd546ed1659452b7837d3e04b9a77d7

SHA256
6b9e11dc1b89324bae3eb224758631ded99f875cdd067b68ac92611a1946728c

SHA512
77cfd5aa4f13d120ca3914ce27a9281f7c46aac9d7aacdb6249ba078e2bef3577f9c0025dd64f4ca6a8fed8b9fd319c4d20845282fdb10424bad1aedca5cd79f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Qoce.exe
Filesize
249KB

MD5
47de19cf891f2cbe63f27fb4f673bc4f

SHA1
243fbbbcbe23058c697f1fa06cb888dd554fd1d6

SHA256
6b55e58fa5a04d4110becfcba863d9a51e4f36c7631898a9b8f6e75037f22bff

SHA512
c04fbb8b48e934c4e662f433feeaaf8f9859109d3e4f9cac34c7bfa2b89a7713fc1e35a133b67b033794fc9caae3e2cbb3d4a08aa104ae55e2874f6357649675

Download Submit
C:\Users\Admin\AppData\Local\Temp\QowI.exe
Filesize
205KB

MD5
18828917ad7518976e4339ba4019346b

SHA1
2ac7de7a24ec9b25c142eb8eeb664cd8b5af587f

SHA256
b95f1521ee02a327137b0d215cc381a01f63f3602d04cdd49f400aa9b30cbe50

SHA512
58f9a6cf64984bd1cca7b0bf9a542ce6eab309d2b66e85d3311b7c0ac6e46e41bb2f74e0fb9da18fd67f82ce373e34900b8e41d630c42f64ad6b021632b65154

Download Submit
C:\Users\Admin\AppData\Local\Temp\RqAEcYIE.bat
Filesize
4B

MD5
d313f2efdbf121f054850456bbcc53d7

SHA1
0cd575f660d74d00f8aca10af5aa41675c8ef5f6

SHA256
21f714d0956fd3282cae2752150f61f28149ef5a5fc941c600604177e62bcfe1

SHA512
e8cb70c0024c42580ac6a42fc9e718bbf15baecf79789e0fb824a14d4b0ba67bf298fd575d7cc5054499ea53b9744c54c35b43fce1f03f5ba3437d5249ac20c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RqQoEUII.bat
Filesize
4B

MD5
66fe511041f56b06b471409c0ffbf1de

SHA1
55fad0b3bed837d1593310f2fb531929a582bfdc

SHA256
f57310312aadbf5f286ba0d9afcf263dd584339272ca76a67e1d30fc097a15dc

SHA512
6d3270a08fc80ec684486d371a8367b911d67be3665d1715e01b4ce98a1ca95d0358232445ea15619d511fe7ef778efdc2ef5f270b448cd9290b052beddaa304

Download Submit
C:\Users\Admin\AppData\Local\Temp\SCwQQQsc.bat
Filesize
4B

MD5
7f26f03b2370291b3f72b8771bdee1fe

SHA1
c48ee2d7207a1d5400b51aaf3b8c9187e406948f

SHA256
8910c1d62814232e46376c7d6d8be2b7888597c68513360e67ef5ed1d395c72c

SHA512
4d80defe8e17fce2b65707cc77a02529ccd25a9592fc0349209e20f92b888017a3767e443f64bdacc1c90852e9e5d17d4dafaafb69670f8993ae782522d4b84b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SIYMcQAc.bat
Filesize
4B

MD5
01f8bc85c495e3427ca8550e0fcc8e2b

SHA1
45f5b143beec337c8b6719178279720b6f7ba543

SHA256
9b12b39c84f71c1172e9da31874151647c2b23a7fdc9d32e9c866174c73f4de5

SHA512
d3847b4a65783fe7f2b25842c285a6964280d64b7515208a7a42106ea2acde4e0c4513aa1eab96ae57d2c2dbe726f52cf55ad91f97c336474610378790c4cfec

Download Submit
C:\Users\Admin\AppData\Local\Temp\SMsq.exe
Filesize
185KB

MD5
cf727cda8b2a4c9c215ce9f0621c70bc

SHA1
80881ae00b1f9048f146c238ad0e72c32f54e183

SHA256
de86451b831914bdfe38563f2d02a51e069073c16f47d00aa75570e09d80d8d2

SHA512
c00718b9ec14ac3d8f91d7c2cfe45938303e6b2095ce8e47e42def2a1b395b85f11ab22ff661c4def6e95c43249cd7557b1aa167543f4d2515223fc44572918c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SYEsYUoY.bat
Filesize
4B

MD5
b54f11c6f99b5430057ac8f2141bb415

SHA1
79c946eeed0ff1cfea1fcc46b9c6b70536b2806d

SHA256
2ea0c73482a5e7e2883c70ca221b13f496156fd649de83922b8bea4f64b9f12a

SHA512
b1dc86bd00177a1d7264132fa1640659ad133eec0d9211ec7bc8843de764bc7aa703855dd4c5994e2f584b2020db96505640c92964e7fc3e97a3208adcf5c6e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SYcW.exe
Filesize
249KB

MD5
565acb31aeb3c92687147294635ed230

SHA1
6821b4b3f0f2726ae6bff5f4274c4c4f078314da

SHA256
c29a9256e5b979d435617b41f0c3ec2499a9c1c2ca9b2a5585f48e26841d672a

SHA512
d85b0b759fdad0d1b4ef973d768b4fd5791b491621f3328424e0fb1e2538f4342dc11245fce8cebe8feefaf3ed08b5fd5e32ce35e9dcdf616b3b486d511ce522

Download Submit
C:\Users\Admin\AppData\Local\Temp\ScAI.exe
Filesize
968KB

MD5
cf322a869b08d9272505aa1cdf4cbf39

SHA1
bc84339dc30de883f78b42aa9f3908b1cf5e5358

SHA256
fd30b00c971abc83d52d634731433215dc5479cf82fa41eacc18b89dfe9fa0db

SHA512
d210e2d20d73dbb1ec74c98e3b840e5fd53308d6a9eeded66194c43b92b5213b20fd773678288913135ccd73ab7442110f65c27edf363a1ab03baeac5ae00a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\ScQW.exe
Filesize
236KB

MD5
c5a20ef7d5cd4035ac426b32bbc78188

SHA1
c2c99c82a3355bb17c27aa5e6a7dfb4adcc4d4d1

SHA256
fdc03ba25fcec01bdbdc309c0f6cd321e30f88f2f2cbc142daff9bca14ad6d2b

SHA512
bd4695434b90512a814aa7cf2090394f14f60ef16cead312fd1cabf001eaa490b482d9dbdbaec5a0a4b0bd24842e91adbe5fca57ad1ad2b0c46bba157670c3e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\SigIkwEI.bat
Filesize
4B

MD5
d1122ccaf79bf91ca211423c5279c567

SHA1
ad7b9020a97fc941cc91408e8c10608c19a41305

SHA256
24e3025455e5f23ab7a785b7788fb2f94e362cac811eb23d9d5961b79fa6aba0

SHA512
85ad6c43bd09b2dad6d85046dd750569a0c7a304d2411a6cf3968ae30ca93af4603fef8b6f8f46887fa0d933d76896f92d436f990c14bab8304b1362289e20d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SsIs.exe
Filesize
241KB

MD5
c9742d36ba67268008fac032678790ba

SHA1
5c183e120160099dc0ca90a7bbb9850f5d705b93

SHA256
bdce7726afe8fe498fcb6e0021e513492678c6c80ace6a324ec2f903e2179465

SHA512
633b1f9a74e1d3c5ee23162c537aceed54b36b7608e2e25f88f60a2d128a84c8a60c61e760ed325cd94dcf6a79061452dc92a3305326e2ea89a8d2675f2f70eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\SwAy.exe
Filesize
186KB

MD5
ee323ae4f2a0fe41152531de044e5f46

SHA1
e5326b75b5c4e2d45b6269865df1955568578471

SHA256
d2d2c039ad6cb1f2bbb9406a4119cdd3136685492ea3efe881b96fb8e145d3ec

SHA512
c316326d77e4f18c411a758cababb8bc1f7b5e364c0cd794ce9c588bf62daf57e603fec1cee789c3fdbd8e923a43e2fa16d32bfe7eca62fe39a90c352889f895

Download Submit
C:\Users\Admin\AppData\Local\Temp\Swom.exe
Filesize
1.2MB

MD5
60c12bc752ef85c15e647d9dcb0caed3

SHA1
46162bc6c7eb4b7adf0c87e90f23091845e775bc

SHA256
3b650a35a5dad991856f7093250efcb6f63ff94c3627022d0af69bb50b5b7f3a

SHA512
6dbf8eec74f5be93cbf05839b1a416e22c8ecf2d2b7692faaa57d7fc96e1c5eb849bce251b02a0a6eb56bb2802f20c390d00ae723fe96aaf8711af8078aa6b95

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeEIEQoY.bat
Filesize
4B

MD5
93910c195d83a013d94a3270cbf78b68

SHA1
f2802a7a80f3d3d5b6e2c4385dd546cfc4374e66

SHA256
0f4ec7bde7336e199f0f7c9383ac1d71b56a81de704929620d171d40fd170c93

SHA512
d0cc94e010bf81cd653329889fa7bc2cec90d32bc208ef81ea8dbb9faa0d7e72d72ef3b09be328b81de8178c13b42403e04e1ec91518510083608804765c652d

Download Submit
C:\Users\Admin\AppData\Local\Temp\UIck.ico
Filesize
4KB

MD5
6edd371bd7a23ec01c6a00d53f8723d1

SHA1
7b649ce267a19686d2d07a6c3ee2ca852a549ee6

SHA256
0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7

SHA512
65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\UIsy.exe
Filesize
251KB

MD5
754cca26036b5cfba1dde884d9ad69c3

SHA1
d80617a518b502caf62b39f8f5d11e5b8ba61f0e

SHA256
e3139ad61c5df526cba2bcc9af1457180cfaa2cc776e4c86fe66b869ba76583d

SHA512
2e27ad01ec982e46c7b5866e87a100a688d5652fc1f08840f5f8477ee78846ee814650d39a160721fa243e2920420024663354e6a18e19953f49b49004f479d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\UMce.exe
Filesize
245KB

MD5
aa06166375a0bb272810cc6ac8385714

SHA1
9f2c503194e16d77d8ba4bae1eb2c74c46de37f6

SHA256
3060427c6aba6cb45bd6214611d05be3acb2dbe42126390ef63f5dd2528c8791

SHA512
24adca5766d19c2070e3b63f585533be91b2d6739a58802d0ee46f446692640a31cfd0f5bfbf4b50ed60de2fc5cc2298a9f254757949a4443b92c1e9bfc3e63f

Download Submit
C:\Users\Admin\AppData\Local\Temp\UYEy.exe
Filesize
240KB

MD5
dec426f632a8f37f489af04ae6519b29

SHA1
1caa60777af308b2ee23fde4cc6add456dacb02a

SHA256
dfdc366d0ef6657718d2400b64123c71476c122d682bcb3b62182953f6068634

SHA512
0edc9922f87bc2fae99123b7e00579ebc822bc7bc9d8e5798d50307a61a23253c9346cc2a1dcd75bce942d523ce3a102eaa96df7c036f04ea4859307028cf3b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\UYkQ.exe
Filesize
229KB

MD5
2ed656e9e8de81e87049192abf11ea89

SHA1
ee18e876124954d99a6958ff7e840df965c7c280

SHA256
a2d42388c88e95de0b7c8db2f75e6cbb13cafc8706f4bdbbc830ce4004e8f721

SHA512
5e9399846cd91843a44d311e4968fef77e0e9d4af9b979448e86cf2b0912c7e1bd680171a70e94d5bdcf4dae07e58a628198f5ecd52994ee6e8e585551149367

Download Submit
C:\Users\Admin\AppData\Local\Temp\UkQK.exe
Filesize
249KB

MD5
bbe3a96009be5976eeeb453fce2fae43

SHA1
c58a45aa621ab8a12f9816edb89a9dd2e7f7c61b

SHA256
1fd147490fa1385041fc12c91bc3cd9ba6f407afbbf6c4bdea09b37be9eb3de8

SHA512
c18c41ec52bb6741e90b592ffbec3a13c2eabb8253acc21f75eed63272a26190a005c17672670956d7896ea34c58e355bec08f4190fbe5a792fd04d54d8d7515

Download Submit
C:\Users\Admin\AppData\Local\Temp\UmYoAoYY.bat
Filesize
4B

MD5
db82dc7185209edfb1b8bcd4f54a21b7

SHA1
870510bf72838f980e97ba714f287063279bdfc2

SHA256
e0e7dd665831ea1e027a466677372c6e8b26d73bc83ab4ad7f3d7816e625777e

SHA512
2182c6161b735d02d7eaa82b22908a5a00523d268b4bea74ab57b24a353d49a7c606eba51ea5449864d5be09d5538d6694dad5c39579b17edbe27d35bfe3dd36

Download Submit
C:\Users\Admin\AppData\Local\Temp\UsUw.exe
Filesize
953KB

MD5
bcf37e698de65da55a5c9f1c4884fa4a

SHA1
98b995f3fffb9b5158920821ad8a4038c7e4c758

SHA256
9ba7234f929576f468ef224343130af03da1a88a928f304835a09d855369c733

SHA512
2234d2d90ac941a93dba9688393393d3c12e082fe8aee12fbeff7d3e65fd34d031e055df8567f88886d92dfdfa770ffee593ebe0c296bc63ff3ce649296f5aea

Download Submit
C:\Users\Admin\AppData\Local\Temp\UwwA.exe
Filesize
775KB

MD5
068545502807f33cf3539bdb27865c97

SHA1
5568da973a7064a41d16dbfac6035dce04ab0da9

SHA256
46321a47ffa4a6ff9897c0fb722826d6dbb03351cf6c60a62c5d815b5b5b81dc

SHA512
4ef85034b2c507e62bb43dc20347d7726cd8e9aa36885447a8182e585f332611a7b2ad0453d70584f3def37e34d06416127bb6fe4547cd482c1fecfe7a46b04b

Download Submit
C:\Users\Admin\AppData\Local\Temp\VAgoUQAQ.bat
Filesize
4B

MD5
489854ca8b53a2887a839b3ad862f502

SHA1
0d21eed1be5f3e3ee8b8242e82818a85ddb7b849

SHA256
8c59cd7f8508c3f08b21bc2ff549dd43a870b6b4146898333ce940c27e28f02f

SHA512
79a7e7fc617400e9601d4e596d6c75ca9b9a2ec2dce3b244b8573a96747f6f9e64e864e379363e3c5b5afd408cbc344fb5c736facd043af0cacf2194bbec4e7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\VCIQQAgI.bat
Filesize
4B

MD5
3f81fcf855021ced3ec64b8f246e8a45

SHA1
01adaff3862a74d8850fdc1803131e94a9a00d3e

SHA256
747e37df95df829bba980de04a30679e2a40dc8fb85920a84431766d46e6602c

SHA512
ad205b5f74d4982582e67843df381606fca860b68745685c8baf9b85794126443a73b0be2fa6623e78b98bc6a4641e1316ae2b37eb883e8034eb0c89a45a6eae

Download Submit
C:\Users\Admin\AppData\Local\Temp\VkcAUAwU.bat
Filesize
4B

MD5
b48093387a493fe09337f194417d5fbe

SHA1
a70b3e03bbe5c856f6f969f193fd0d89f9b61a63

SHA256
ce9f466ca21e9a75bfc5b4ba120709faf01bbc9ba3a609eb9151838046f09451

SHA512
594d2fdaecbf58813cf5405bbe7ddd13c745e191f37d50a7dcc6b781c4ec9fce7d2511e856f79006ead8a22711714b5169003abe104ceaa3d209dcc431950019

Download Submit
C:\Users\Admin\AppData\Local\Temp\WEEm.exe
Filesize
194KB

MD5
d1c32580409eb03a48d140f5abd8f204

SHA1
e3a890221e190bebf7c2af6b86c930ea30103b51

SHA256
e9e5f5cacabd066554e11d7558934df8e25d6ef4b80f345ad3c182b02255ecce

SHA512
00592357a868ebc876e144abc6469331653e8f0ea4f68da86722eb1d8c5faf301778c9a73f16a82e312178f66c8d737aa87073e99e6538727351d784807ad9d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WEkIAwoQ.bat
Filesize
4B

MD5
67453cc48070b6f0ac19070b194c002f

SHA1
045207a7ce5787ffb947bc65c4b644df356cf45d

SHA256
8b7fb91d1995f286a374929f9b09d2e2c428876f9d1b861c2055349f5bd35a8e

SHA512
b56b2f07edfb8de823b32d6fda65dcf650416582b377df87a072d9ff0caf3d908e8911faf10fe10e9a9315d10240da79564f978aa39114f2519fb3e14d9f0032

Download Submit
C:\Users\Admin\AppData\Local\Temp\WMYK.exe
Filesize
226KB

MD5
ea808165277d6dba3d841def60863e3d

SHA1
58e2a3ca3c9750cc1c3baeeb53a439ee5e917387

SHA256
0a34f7782ab2a2ba7ecd3a159d0d6639a759b7e9ae128f6763eb7baa765a2d68

SHA512
2b5b1f6c59c88a80c01d256cbf06b0adda4e46da8e768d624826358330d5ec3827bc93e453664de079cd7a56a3ac3f91bcbaae8086356acd46c6bb7edc2e688a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WUsO.exe
Filesize
243KB

MD5
7f1a582502cac9ea88c11dc70c2b0149

SHA1
f85189ab82f1f70d090ab5419647f08addec6b2c

SHA256
7d10a31068b62e4f143e800fbdd2e243c577fdf471e1b81100df08423b6921fb

SHA512
2ced03ff456be35e759f7f7d65c37a1f44f82a591c5abe873d595683816178cf780dff3abc70efc6d440652248f72b0d2aefd2bb39b27a139b66166fc9c21169

Download Submit
C:\Users\Admin\AppData\Local\Temp\WWEEwkkU.bat
Filesize
4B

MD5
14c0ef8228c8c79024f0721e95becce1

SHA1
09c70b7e27116dfa20c23a9a6b5a8d64ac6d6581

SHA256
dcc60810f505daf49c26fad85a020eb0ee8dbf3877c6e897534149feb00a619e

SHA512
f1ff5d48351f9bb12d2ed54b522bcc8d912fd7ba26bea0e7f70642dab117ccc77de41eccca17dafb29bc1358b719c56138eda2f0b6cf7a65904667c8fa5204c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\WcYK.exe
Filesize
228KB

MD5
fbe88669ed91bca6b8e821192d024eae

SHA1
4f853e189f3e220b756a749decfa92b41278a2d3

SHA256
0336895da4309790b60e0e098c22b5793ab8492ee2a769c24f8295a4f7908acd

SHA512
736966f4d536885e72276901aa229f7fd94951a7d1e29fa2033dbaa47bbaec029ae576009abc8edd268f9550f9ceb993a019171cb66ba78e76ee302ce561bee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\WeUgEkoo.bat
Filesize
4B

MD5
43af41fad0bd28a2f865b47d92d5d392

SHA1
38f221d38c439b49e847afa252e5904f992fd14a

SHA256
089289348d53807a6570cae705546592be2772f69150d5c888ec45d14a834ed5

SHA512
24b209a0b3c5750d1b33fb1b64c15483d9669c95cc0b785eb7f072f2dba4003ea1d5571fe458aaa1c1d0bf60c5ee462d2982def28bf75e2bf230acaa125589a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\WgIK.exe
Filesize
201KB

MD5
1287712eaca20e6603a9a451b2cf41b1

SHA1
052c45de147a06890551a4fb11fa9962db00cb20

SHA256
fd5bc6ccafc08fc56c51adae4b8453cc2e0662e665e8075855725417c89bfc00

SHA512
ffb5c72d8c850993b9ed7349cc73bc4f2fab22a29e38f3737a5fd3769fc05c26d0899efb35a346863c3734169cd3c596f517eb595a6b28784db69798f5df93d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\WksM.exe
Filesize
551KB

MD5
4fb17e06e42204d63ed4f51a022c555b

SHA1
0d1870e7a3e9254fa89600d89dc55338acf5a2dd

SHA256
f9c1d53478bc9f50fc5b182232018473adcc270b1c95c482679477ea2a15c265

SHA512
99ba2d90f26d2ceb30244b42f8f58b8b218f132b455f9d0a111643363823e976a538d49b59f7a7b43d416b02c0ff2aee58c50cbd238823069d45bf200c7b250e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wswe.exe
Filesize
232KB

MD5
671e5d6dffd97d755eac393bc9248b3a

SHA1
9449a3857d38ccf5db03f58e069c5eef14b1890c

SHA256
21e79b7b41d661388c5012cdf0d3e47f38f7713c167122f546fb0e2ea8ea6bb6

SHA512
c46636df9f4347865954902d603077d301a648f7049e332fff83306df0a9a2a46a4c35d4d5fd4109db9f619d01178f2746a1862cf51e90df7d39fe397badd00a

Download Submit
C:\Users\Admin\AppData\Local\Temp\XKQkUcQk.bat
Filesize
4B

MD5
db293b825ce24f7406941ca92a0a4691

SHA1
f704ee2302fc2cef68f42769cfa1f7464dbdd62f

SHA256
82decaa9b631e4fff5da24d6c3ccd869373e35314be0e19c375ff78e70226d7d

SHA512
bc081ce9ad946d3b2a914057c7324d8a1c133c80c86e5357383c68b0afcc38e5f7d0b618f74b0e77a2a64b4be1e7653e12a804bbd2a2f78c792084ec94afe04c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XMokcYMA.bat
Filesize
4B

MD5
f4098a1e599804ca5f0dc1a9936782fe

SHA1
0a601b957cbc004fcbc46727c5b6257a490338de

SHA256
364a6e833e1d83c5e4b96da41cea754caf975fd531c8de91e1182d463f4886ee

SHA512
c7b87724f7e39f9207024fdb96f772c9f0c83874ae16a642c0de5afc380cbdd84dc800ad7bba245c9476e95c26eed581bdde9e5be07c8dd1335dede2cc796912

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ycsy.exe
Filesize
229KB

MD5
df69d85ca2746d88227f1787e9df82e8

SHA1
bacc69a6a8838d8534970313d3e099e774851fc3

SHA256
83070d613eaa0da739954a0c134f1862a64a7840dc2514796568cce7e7026123

SHA512
56eccbf3272308c1c8a49ef9e0c5f81a41689332e2442372833236eede095edb26034665d1d8b1935d19d9b9cd3a0a30d91155972a3524ff1253f9a821c4d108

Download Submit
C:\Users\Admin\AppData\Local\Temp\YgQoEgMg.bat
Filesize
4B

MD5
1fb80c0b4bcea096da24a88e4f65d2c2

SHA1
cb827ef8a5e8b256d5ca4b7a7381e0d1f7816237

SHA256
9eac1dc34aafca8e5f8d2f958fade118866c96a7cb2528a0317a50364aa08bb0

SHA512
d8c25bff5d605f265318b1152af1ec398f53f11e792fbf4e13191c7269b05e41a981443b7cccecd41f68d7561123aebb1ee31d737000e52c2bbb5559a367054b

Download Submit
C:\Users\Admin\AppData\Local\Temp\YwAo.exe
Filesize
245KB

MD5
0fb87de3b9da0ebd7a0ea3c0c2e07a63

SHA1
d3787af8d47711e8dc4c422a59a07a3d742c24a1

SHA256
8f7c57ff9c59acbfe9fff6dab994d91cb342375b2f37880900db6577a2e2b587

SHA512
d428c4fdf1129d9ec693eb68e69f841b6b0fab59d570c90a63eb3f531994c31c82858f35ed3db7e58694d69edc196272566aa4263360e88b18b0a5152cdbf7fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZKssAAsU.bat
Filesize
4B

MD5
a8e06997d6d938a938288c1bc4f012a5

SHA1
03810a9ac76e814d72ec633965c650c10dcfb869

SHA256
2f3cf650bc662b3f08ef06799572e542938bd8f17264bad4825b7e73fbae3ad2

SHA512
399eea959bddf2d8dee605c41158237ed4dbdb9e7c6cd82de3e8db5090bb1e331fe4a70048842a2164758600da9e3ede421db7ba7828b5effc89c858cb4b3499

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZyMooUIo.bat
Filesize
4B

MD5
9ffe94e1f99ceb8d95609436895f7d1d

SHA1
52cf8e61133ba0d197adfe80b83fba3433d73475

SHA256
bb327f9ceb624b2a470f576f81e81882dfde6251b699c27bed9b32183e0a0caa

SHA512
ac462b9ab827d10197ef5bd871e7fbeaa3b0bedda1def6ec8e6c8d63b5580d07473ec824d59715dff73d87d4728f1f0c4938ff001acbf4b0a129ba49bba8ba0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\aIsI.exe
Filesize
230KB

MD5
d03b7952aa45bdaee76f3e24b0117341

SHA1
543693420df5459502e026973946736e5b171e49

SHA256
767d8973117865db9ace92d3c755952297d838282c6becf66f9cbe4b1e68a1ff

SHA512
bcde970c20958189900056f39ec4bc4ebec3c71956729d03820221b1f87fdc30447d424991f97639a4f004fb9e30a1a8dea442c5f72a6cbd7a7eb16d5bff156f

Download Submit
C:\Users\Admin\AppData\Local\Temp\aYQs.exe
Filesize
231KB

MD5
f13cd5a60ade311c1923ca5ab5a96f99

SHA1
3759c1e9065813942f1521f1fb2173604d948da2

SHA256
02984211cf83c516e0958f2285c3fd4638dcc9d9c9083989301ba4e87971b30e

SHA512
1c4c45beab492c622da536e90d4d4904fceecaa7d1969a009e1c2eb5e64c97758d9f77089690436f6d94ba1314e3bb3969df2ff12fe6946d492ae3ba41348c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\acUq.exe
Filesize
873KB

MD5
c117bc5b15e34797948a7deca7c5ae3e

SHA1
3b29113cd078422cf3d36f1ed84328ee1c39fb48

SHA256
5d9f4dab6c0004a856f7b1047091a11106d23b8c40f79d4ac2455a057f47caa9

SHA512
703cbe4139cacc97eb69ed92ddfc82565e81983598bd10e55bfd8dc44554ce3d44d2743603f13d0b65af22b9cdacf264e3a9287850041c4339c0ca04bd1ac5ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\aiIYQssE.bat
Filesize
4B

MD5
a10a5ff04e6653f3df9bd6a0dec7278a

SHA1
36ef9208d066c9bf1ee8d5cc60d3f4376fc60dc4

SHA256
51fab2d3091b903ad5aba7c78c8f1a0f2844f483f5dbc23ee5d3802b6e9e69e4

SHA512
8b8878ba52aeabfa92886dcea32940a3426a598033c10307a846d548069e8088ebe374bec64438e898a290182dbc96c96bbdf4e8a80cf7c124052e001739dd38

Download Submit
C:\Users\Admin\AppData\Local\Temp\amwEsIYw.bat
Filesize
4B

MD5
3c7208b4e6396bd6435f26996b928d52

SHA1
91a1b639af7ea19eb9a5f6a7b66a40e406e49222

SHA256
11cd9894ac9b17065e6d3b8a01259e459b4b9a79d257746fdd3a0c5add69d694

SHA512
d4702a53eb6ffbaee90da6903cd19b9f2e7f13eda5a4cf0f757b5c55bfbfd728ff8666adc5d1fee214f755525db20af80583807b9150cc471a170ef92b59b03c

Download Submit
C:\Users\Admin\AppData\Local\Temp\aocU.exe
Filesize
184KB

MD5
fa1e38fb9f0ec454535dfaf1c2fc1c59

SHA1
893acd1b58248dd6dd8a7badad1aede49ef28170

SHA256
dd757563d128c96633aa5f8bd7b643faec8ede94e8b5c26c613b72708fad72bf

SHA512
4d348bccbfb6fed46d717620ccc45b4d20561fd0a0da2a23e4311195dceaa098fb9d5f1664aa3cac1aa8c1bde3c382783c6dfd09043a7b81cb0bd31e4e416b37

Download Submit
C:\Users\Admin\AppData\Local\Temp\bCYIowcE.bat
Filesize
4B

MD5
a17b52c506f6c19b3feb9c2a31c1ad44

SHA1
da0638d6355885d057e884f114929b3ff07fb687

SHA256
9d6e28311c07d7b42b60a44d6a992f4b3212bed756bf7a1cef4ab8bd615a6e62

SHA512
7b75162e2d73cf8399984247898d9beb6547aa5876006f2ee7c1abfea5c1def7a9c169b8c60b7990256a2f2b831e50acd45374a9ba188e81919b716f84c65fc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bWwAooUI.bat
Filesize
4B

MD5
133f5fdd04dedd649a67477d804ca2bc

SHA1
ec262963c97b91e2cd1c4b2503bc8ec93e53a622

SHA256
79e1c3fbcdc8640b39fc5e98fcb1234fffd1ceadea7a271987e659839041c895

SHA512
1cff93d8c93a3f7f17833eab7628355fac3bea2c79167cb43abbe385b5c25fd683e3708be699db0673151ba35b22d76d501bf94bef879ca86b3a6c6268eb0418

Download Submit
C:\Users\Admin\AppData\Local\Temp\boEscwkU.bat
Filesize
4B

MD5
775303c5a06d015dfb54ffa2aeb8d792

SHA1
1ee2eef131ed551ba2958d5320cae9db8219fac3

SHA256
6a4ddf684a2c721aa66c970ef2c9bd8e2293014996397870576e7725de6abea9

SHA512
9cf1419eb11e57558ca03a34284a324ef0c1457c77e01426828bcdd1c0cd51b8aee8645006963b9e8e80803aff180e89c20d926ff343cab6c16cd2beeb465661

Download Submit
C:\Users\Admin\AppData\Local\Temp\cCoAAYUs.bat
Filesize
4B

MD5
81b40f1546d3bb3ed310a1c1ca32508f

SHA1
36bcfcc7c6b9a43326ce4abbcaf1179100cb2a14

SHA256
2acde09ac7c205f8bd47b5f423138dc48a42ea66eff5b6181006bf319bc63f5a

SHA512
7fb6bb5175c3aab03c7e269920f0d3fc570814353a4df73abcd946e65e228e093cee0cf78045dad75506c64c081f2f102ff0315985788b71f2e0af1cf4253c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cIwE.exe
Filesize
239KB

MD5
3dddfce2636b1c431cd2516623d22f2e

SHA1
aa87765c836d6a537f0195ae78a6ca6224cd64e8

SHA256
2d2a93bfd70acd7a5da8256182cbbecaf18a48ecfe06c0ca67f2442c423df918

SHA512
3e41d396d603428632c2cd4525cc09659fe3488757a7c63cb08ac5ef2051855f3cfc2680cace80f39d9b152ac275844345f028bcb23f807d45fe4cb1582b4112

Download Submit
C:\Users\Admin\AppData\Local\Temp\cOgUYoYs.bat
Filesize
4B

MD5
28d7fdcc85810913d7154cb21b04255c

SHA1
da188f1d92359ef311dfeb66ac359ba1e062be68

SHA256
ebe079f0d899f45404bdc25daba1a64676d36ba325a5d880bc5728f130daa06e

SHA512
0f0717de68c005d368be69705c42b7869173cc5d0dbdf288f562a48de0196a8bef88228a16aaa72202d6d610fa4a177953c12c491b52127a151ae894acff2a61

Download Submit
C:\Users\Admin\AppData\Local\Temp\cUMY.ico
Filesize
4KB

MD5
5647ff3b5b2783a651f5b591c0405149

SHA1
4af7969d82a8e97cf4e358fa791730892efe952b

SHA256
590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db

SHA512
cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cggM.exe
Filesize
234KB

MD5
ba817b5d99d971babb72915f2ffb650d

SHA1
f8df78d8cdee43385d83ff92eaec8d7374eafec3

SHA256
bf749ce844e1e2c2cf666ccb6a4e8c17e53a975a061e59e248050b555ff706da

SHA512
bc9932868708cf73ec959e5cf2213a16ded078d4ee2a147aaa4fa604e83e9233b4ed8fa523964b8e554128ee0e9c657877f8d7c65362c2022b3f0b4265b614bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\coEu.exe
Filesize
1.0MB

MD5
c80660b9a6d9d038a02723f6bed181b5

SHA1
491d132d7c33d4b2341a8726893940dd60578e82

SHA256
f74e8b183f362f2153072c94b54b2fabf9de0e9404a6ee1356477023456aafb4

SHA512
88da7802c70a3cf0f11d1bf08bdc26f7e9098635a597fb99944d9424e8e7fc2f1fb76b9a91f5781d64fb75049241cd972e5b0ba5ac9a298f4eb74889c5ba9b43

Download Submit
C:\Users\Admin\AppData\Local\Temp\cqIsMkwE.bat
Filesize
4B

MD5
1a96461de197d1b5090fc485c274da96

SHA1
06ecc0cdd0d318bffa96153e18ca7a5dd1d4521f

SHA256
78ea0c89a723bbdbc5dbcbae9c67fdd8248e3318dc2a4faf8a24eacbf8f69c3a

SHA512
2a4f23236563e0540a99ba723cc02f96ca264625309e4c9bb180eb1b605c8575fc5a2584acbd39dfec6c98da7b634b92045ad7317d28f05a48f6e88de053258b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cwcS.exe
Filesize
232KB

MD5
4cc615f41c2d08028cc0d60f90b4df37

SHA1
3f263f627324e9f57e4e6a42f9a5e56d8572c32f

SHA256
970a4eab13ed2e7721560a326853485d912beb870bc37b0b06a0cdc12388f4ff

SHA512
50a781c5c365435b680100e063b9785f5cdf5219c0703d92c64a3c1f0017d801c11ed11b2555abcfc50029cf59ed1b16941215b4c3e14a4da1b3d243277c2bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\dEMkMAIc.bat
Filesize
4B

MD5
91b4031d8e6c1e75bbae2f66fcbe7938

SHA1
45c0d56fb38545b1f795b6d03c5aff0804ce2aee

SHA256
ba8b6d87865ed4a50582c5ca35afec2d4449779cd9848246b13e47b2e2acde4c

SHA512
9f911bf816b16081e45fee40e1991639141820ff12fc549aa4fcf55d3604fb830dada0ac0b4624d7fad028f3e9abdad06fd4dc2cab69fde968d5b9cda51f9f4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\diwoEgEM.bat
Filesize
4B

MD5
28ad00f3e161e7d770944d7f8993831f

SHA1
dbe11e5936354f02d1e4a3934305c0dcfb0e2305

SHA256
568acd6eef9a1be70ed87e40e73eac83c36f48aaef033e66d8561ecc8a4336ad

SHA512
b7346da7bb13d316e735addf01e55867fe77a8ceee7b630b27f16bfc967ad2b2dd04f92d121a03d1440759bff953b3e45e1402ecb9dc5ae4cce7ec3c99539516

Download Submit
C:\Users\Admin\AppData\Local\Temp\eEUS.exe
Filesize
188KB

MD5
fde903e09008584404742bc666cd017a

SHA1
19d032a348ed27631f304fb88f3f4b7aae5587d3

SHA256
038886f686af785466ea5de3632a01bab649e8a816d54ed427c470b539f1b732

SHA512
d0c191deb2fbe7036b0b22f8837dfe740a88e6fbae440c3a00c395beb1103f4b40598094c48dc764dcbc3b1b95e0eca7eba90d663dd54b180eb6c7b91abef7b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\eEcI.exe
Filesize
325KB

MD5
9326a2d11e72b468cada8ce041428348

SHA1
5d86b8eba21c1dc63feb79aed8932acf34a91de7

SHA256
db3451e88f9863899bf8d16f1caa44d98f87d8e082bc4de3814d6c736c208e53

SHA512
f74b6c611fe59c16a719fa854e6e9bc3a567b222f7d781e83058f3b6102282144675cb07d8317612ae18cb1afad55a9fa36e0b48a8dae376c236e70a76beb4d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\eUwQ.ico
Filesize
4KB

MD5
ac4b56cc5c5e71c3bb226181418fd891

SHA1
e62149df7a7d31a7777cae68822e4d0eaba2199d

SHA256
701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3

SHA512
a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

Download Submit
C:\Users\Admin\AppData\Local\Temp\esAe.exe
Filesize
248KB

MD5
9b6d3686ca30df79933b990358191b63

SHA1
2d86f480a4b75d7f8047fd8d6be1fc618ddb64ca

SHA256
1178accaaaa02cea7e257a727cc02f0f9a5138b3e6d71a45bb450f5bc4066132

SHA512
68fe731c7e3fcd6d3617a950f6124a0b7b76950261b76784ff3c408ee3f98ab503f0c0564fece006232bb16c9893e6fb9bcac6e8e897944d35ac4f6f679db6e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\esUS.exe
Filesize
253KB

MD5
3728d2dbda321eb518629cbd2e477fe7

SHA1
919a2331706013b6ea09ff72f2714a5a4ff5af7e

SHA256
c0bc6150cc101c4e0a9ab97f43b7d6b518149a70be2f704c1b1b4c08796da5a2

SHA512
a5e43d4bee26d49e194a80b40ecabc815ccb05f6048f59619f085442c547ea52e648c93c47247907b2a480755d040f8ddd0584a8a67e5d7a51c442d4126f044c

Download Submit
C:\Users\Admin\AppData\Local\Temp\eswm.exe
Filesize
231KB

MD5
11bda3ffd78249df4b305eb2fdf64262

SHA1
be7746ad16de6f03bd99f6fd38f50d4f475485b2

SHA256
3c1207962158f440f60d0a217fd623a93f3c6f49a93631976c3a4042c18b41da

SHA512
464538f2a8887f207a486ed2c9bfca67c6809ae422308eadb23b1af38b46ca0486814a41817c8bdbc758c5cb8774b9702627bea899f55a413ca55e454eb7abd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\fEYwsYEs.bat
Filesize
4B

MD5
d0717205d1e38db93608aca2b3bbcf91

SHA1
a05302d242da0e40abee63a7f510a3de75c2f7fa

SHA256
5fe7cb3beaf9e1bf559eb032da9680c6647da05f5efbe6613531362d1c1b4ca6

SHA512
badcc5575e1815dd2b40d1b9f2a26204353551de4b8dedce66c8e5ff3ab666047cc58899f443255e2834a91d11ef5067c0c64cc651a31e99d653d2c90b5002bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\faQcgMEI.bat
Filesize
4B

MD5
cf7ee2023cd7ad671ac2ce7a5ff93520

SHA1
4251b74eddb8659660d19549fd74963ec1f7fdf9

SHA256
c0e02b4dba240e784416e7a92a047c1a16d1529ae429549d6d43a32b8a389f86

SHA512
5dd52e9eed4e2529eb800947a0bf3ed21cefd5854b95a104dfd23d573f608d67facc5012cdb56b1ca4f26d98c9e6001d3ebce9802464f72fffa6e34a3fefbd0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.vbs
Filesize
19B

MD5
4afb5c4527091738faf9cd4addf9d34e

SHA1
170ba9d866894c1b109b62649b1893eb90350459

SHA256
59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc

SHA512
16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\fkgcYgUA.bat
Filesize
4B

MD5
ff4a1d9e84138e899f0ddc564d184382

SHA1
733bed7d7417c073e2c61243aa327f903fb2c81b

SHA256
6b02ab4c2cd9e3bc5f2c5f1b9ab7cb1580ba9dcc898424c666c21e316128c793

SHA512
bdc1f65102931037a136a842ad4c6e01d39d73fc9330a6c61131e2b4fbac6cc3656ac1ffdeb7515f0e56b1b14fb0164dd7a6051d125f692e885297f30654da35

Download Submit
C:\Users\Admin\AppData\Local\Temp\fqUcsgYg.bat
Filesize
4B

MD5
d9f104b4829d5df5e57572022b745c21

SHA1
83268b5cae62145965570c2d84ef4592ba1d433a

SHA256
e807defe08c4d4cf3c0f607dff4dc5520889cbb159bca5921edd6511ff85b622

SHA512
04b8d5e6ef5b534ef3a64c3979c706c9223d78cc174a4ddef82a1c17661dfeadf90d2249627570e790c361f525681da1e88e03ea92fa220c8d1fccf59638cac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\gEwY.exe
Filesize
244KB

MD5
12df69d028bdb46ae8704d39ad1f91e7

SHA1
fda9595c723be0e9c08fe7940bce8b56a1c50cce

SHA256
47b0330795be0418095bb6e64c0860895996f21fb5666c2e62aeb9e48d3668f4

SHA512
869556fa6fbe63f0b9c2b4c9cd4665ee1b3780b0bf46295d01f461868b88e7d875e09ade461ffd71088086c81a8492aa8a5e684b510d87c1742af0479bcd322a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gMgW.exe
Filesize
198KB

MD5
2ad3102be40278f04298661140f28aed

SHA1
de95595b205ec60c2480f213b0d50ec78f59154a

SHA256
beda66da80d19d797e29967624349d073bc8a1c6c34b24c27b514c057fffcb40

SHA512
f876df31a6935a03e7e07b472b6df4bc30efbcae83a32559c4aa02c5ec5f652b9d830111046f9c4e4e3c8a06962ccbb60bde398b7d0818375477737b1268c3c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\gQog.exe
Filesize
239KB

MD5
b4024abef60eac1aa0a3a4eedea56b37

SHA1
e6fd8fc20d5893981d5bcc5c6681aad3045b022d

SHA256
765c5d8055a23578a17919a50559872289ed6d8004d6f7fac1344f8402a56a4e

SHA512
90946ec1ee91befce27041ac6047b792e17bfeada60cd7ed9ab8dd7721a65308d2b6cd9c89eef89d75f36f08067622dd68cc2149ee4a0cbe34b1662861455f19

Download Submit
C:\Users\Admin\AppData\Local\Temp\geAMMIcc.bat
Filesize
4B

MD5
1d1e8682ac23c72ed2700b7ff303edf3

SHA1
5ac99841e068a16777ae87551e1fecef7a995ac5

SHA256
fa0930da7def86afc44071e9523f6574f2b2ae8659abb634e50b7f0bf5892770

SHA512
4a894bc48f3ee25246563b72663307000ca23129152b9b00e9c194e8324fabe84d7ac5b7406a1ceabd1f0f6e7aa3bc189feb6fd26847733c838cb7b5538a6f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ggIYsMow.bat
Filesize
4B

MD5
b8f4371bc83790557d4b094ae2d3c99f

SHA1
7a042479cb256c6b4579710e28c6d3ca16862ce7

SHA256
ac3368da1732c531562e3efdd79dab90cc94c173437a002dcd9068a2212e4058

SHA512
93e528a3a6286acca9b3bec888ecdfe49e1bfecd0d17fb27dcff91a81feb440538b7dead4c8a7a88454fc79491495a7920c376bd91c676454fc32c1751fd3ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\ggsQAAUQ.bat
Filesize
4B

MD5
4fb71344d959e75a5c361f615ae20080

SHA1
9bc12e43d76da84cc9e1a1161f005a8cf320d2a1

SHA256
29828275603cc2af53a601d40a8074e13e4db7e17b7e27acc9e9951c0673d49a

SHA512
46a20563441031be6de216b126b432f931b80720c995df4c468ecd239d17a8dba0fd0e92d46418f12a219feb462f10cf479a27d98a991e8d70c8a30dc25d314b

Download Submit
C:\Users\Admin\AppData\Local\Temp\gkUE.exe
Filesize
248KB

MD5
80f24d2107636f47630023f56e2bacaa

SHA1
59974ef6eb068e8d443c9cbfdb316d7b77c77935

SHA256
05e983954fd048de25977e69ae179411dc7b4201a96c14c441d5e4d37933d914

SHA512
fe6fb0a37f3d6e5e1b34ca1fda2f1ebaad0776ade396887ad40e03e700014fbfd785d88f3e009dcd466ec1c53e88ca60c6e1a994eb3a2b957b1474a9063a71ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\hUIcUsog.bat
Filesize
4B

MD5
8e7f082619dcb27234e24a858279a376

SHA1
e984c4f8969486fe8689e13415d60a5f8b09446b

SHA256
13cc7d3d0220b945120d18c8135a7ce9460c5c91bb08e260c2ede6846dfe9d6a

SHA512
bfaed12494037c2c6fbbe913cb80db9550347274fe1b0aef5e7c4baddfbf48c506cf6ebb9ca9d59912dd1046592dc38ba1a3435e515fad24c23f73efaa107c58

Download Submit
C:\Users\Admin\AppData\Local\Temp\hkswssYo.bat
Filesize
4B

MD5
18724367123b93cd16a3b7fa4481db29

SHA1
63ae577b47843a5c3a188957f3c1bb260bf5e189

SHA256
a9c709b997090b19d0d25e3781b6b0cfb3b58b8bc7aad51b58f3a428fb5ca8f9

SHA512
d8bf6f4647fcb13190bcd4cda0a4082488f0315e0341c25e6afa8c8f399edff482abf673885f75c7676d12ebc2c3f9c554cef0a341a04bb584d456975bc30beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\iGswcIEA.bat
Filesize
4B

MD5
bfc99dac782d6de1e6ba85a04942575c

SHA1
4421f18917081af91f25ba6446ef28c7a70fdee0

SHA256
c031e61fd9d8afe5d1da5cf88610c48eaebc4ac9a42d156e3d74dfb9b4052368

SHA512
807b03e3a0db5fa857e1c1f844cbfb8bb82c045ac533735afd4bd0fd87df035e644d6d8e8ef012d5f2af82f42e8e85eba2a2eeb7e67910d705954411f07a1b34

Download Submit
C:\Users\Admin\AppData\Local\Temp\iMIE.ico
Filesize
4KB

MD5
47a169535b738bd50344df196735e258

SHA1
23b4c8041b83f0374554191d543fdce6890f4723

SHA256
ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf

SHA512
ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\iOYgsAsI.bat
Filesize
4B

MD5
96f406fa1149cc936a05b0ed00731f39

SHA1
721bea762b44f4071074ef57c254dd3328102edd

SHA256
84f43ea64fcb2680fe0bbf3bd0fa17681dc6cf8d6a34423cf3bdca70f6731399

SHA512
cb949d35afc8440ec57790bdf4d462624b24a52be5310f2bdfd2f113165c3c726fba3f6e7adb280ced697707b776c8da5822c8f8be37e9d89d9d0be14b2465be

Download Submit
C:\Users\Admin\AppData\Local\Temp\iksC.exe
Filesize
243KB

MD5
3eb8625361cdc537db844f6ce9083914

SHA1
f3015fe7eef01e1273863f553c8e509d9d1a21c5

SHA256
c8694583d5e3070d5579210673d50cbe250393517fc857084f88142711595d55

SHA512
ad53ec9f22cbf88f5d479472e2c60234abd173eb89fc99958443a43c92191fecbc3bf061c59b1e8921d48842bbbd178acaf2c620a1862941f7cc23181c76f51c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ioYQ.exe
Filesize
245KB

MD5
f06560544832ff7f74edc9ce0084e48b

SHA1
c15823626d605e61a3f7528ccd95429d0555e5f8

SHA256
2ee291e55d5f2416b612e7f15a76092b9d18371b7e75dc3f8d933cb5a9a0fc4c

SHA512
1915576113258df7a6ca10073c9cf54af857d2d0a2e02709c517400e00083ef1f79a76a34e93a39d27794c15777d2f1eddba2968ffee821f5e4d28c394acc93c

Download Submit
C:\Users\Admin\AppData\Local\Temp\isMI.exe
Filesize
241KB

MD5
c57b5d950259576442dd22afdef43968

SHA1
329e707ce6259a7820551d19d30098a235dd97c7

SHA256
017594237b32da5ef4e012f880071f19cdd58676922eb7ab7cdff47f566b111e

SHA512
5de58c5ef9754b089308305c12331890f84d89c89d074c8240dc062e7ca429cdbae581950e93e8d046e287c63b00c695f1f081e6cba2c5448b20d5f978846f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\jUssAQko.bat
Filesize
4B

MD5
203cdcc36b40002d32cec6aaa7342e9b

SHA1
a28a4220735beb204354df20e90d20e260bc42cd

SHA256
4936a8b855c6801b95aeffb9679d6e427ae19fd8eb417127a71c6aad2de1075d

SHA512
7b2df507ed15778136963029c72532f469f421823d059269764585034810c3343adfdeabbd81c974e4e7754bed4a71a460ab3e1a3e5f0baccb4a4e23ad0a4217

Download Submit
C:\Users\Admin\AppData\Local\Temp\jiUEYkAE.bat
Filesize
4B

MD5
b73fcb3f112340162d7dddceda4e9553

SHA1
6b6ead98f0c77919fed1a7671f4cd7e7bbbff613

SHA256
89171eb96a7822ffde5757c8aaf8a99c7efaf2f0a8e68c5b72083ca53eb712de

SHA512
27bb6071cd502cd568f2fee0ae58f8537369414fb15efc64cdc45bdd9b38f59f5cf7d91b9ade0e01fb50979328419356a06355edabb39288b6d05dc8ca2c37a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\jqMggMEE.bat
Filesize
4B

MD5
69e84cdcd63b6232594aefb5621c40e7

SHA1
16a41e41cee3b46815af655178975c53d6eb8acd

SHA256
35c0d9e1c57dbfeba5f8f2130d2f02a45e87b8cbb38630c5b1b6f3016ebab9b7

SHA512
cba3fda7604f96cf4a26db617bae5958fadcbfeb9efc05d2eefaf4ff96f27edd6381f2d09f75a6aa737a75ba47fead5b4a682f1fe71efcdb794cca268ee63746

Download Submit
C:\Users\Admin\AppData\Local\Temp\jsgUMwsQ.bat
Filesize
4B

MD5
e2fac12987e693fa0f6c279c7ee525dc

SHA1
1c391ee6a94777ff490e01ad76e32b3dabafa23a

SHA256
bfc35e88216ff1832029def10ea39fbcf51c7fbae08d0308ef5f38d10cc1787c

SHA512
d5ee7e18a51b9f79b62a93a0a8f2dcfa9173e056015419267edfe1160b99cd5e02f8a50ac68c1ee671bedcae0cf8747810af267b106c0574824b2e76dde7a849

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusUMYsI.bat
Filesize
4B

MD5
d263941c193bbf34d6abdb4f75058986

SHA1
3c0c45569a722927e7e4dcb6fe7990a6461f8cc3

SHA256
971b421116459dc38edcd3d4b21c5cac5a9c92848f9deaf252d293b290f26be2

SHA512
e5d333e17ec60b56161448a4304057eea8890ace1787ca433b02ddb70d9051c4b9a26c3a639fc2969d0dbaf10962a303e7573a4791d389abc50cb930b93d2f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\kIoE.exe
Filesize
1.1MB

MD5
6886d8b1262fd29db324c2431b33ba86

SHA1
ddf4992a61dcdd8fc4387a262d83e6f0c5b4a548

SHA256
6c02cd4181275e7daed1880ca8b600128538164192de0d9060e79b46cadca07a

SHA512
8ec7598a178a04b7f14aeb5e60b9da017feb6b6f5c2709f7351e134f0b59156de3c13043ed8bfb3073d8c5a52471d74715b2ce0fdae0cfe27e8c86daca980ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\kIoy.exe
Filesize
217KB

MD5
ee7c8a8aaf3d641b5e053fa4d6f8e69e

SHA1
dd5394db569139ce6adbc5afdea72314d3c5c05b

SHA256
40adb638aa5dfbf4379e335e734ca4a7af8e2a63fe1efa8407a42d0c54b88123

SHA512
81262cf3f617c0b7b227cb0bf7f9f8bed092771952d1e8789723006407bd4d2c60a0835bde3921dffed1730f91d3efcdab2a802476793a1986ff0cb40f22c3b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\kKoAIIgk.bat
Filesize
4B

MD5
db461f5a44a22228eac5c3ece22e121e

SHA1
98b643338d8da98539af6c350a9a019d91dae893

SHA256
1fab1e1375aac56338967bd0e654ac5db61368eef605b1c5cc3c66a101a94ebc

SHA512
fa855affbec925db6613651689f71074cff72987df076c4fe81d6ab885f7e58a710d3ff823ac6d12e2a4139e5a31f0adedc372ca31115827921ac81005ea4639

Download Submit
C:\Users\Admin\AppData\Local\Temp\kQsg.exe
Filesize
207KB

MD5
6c6f0d8bbd4cf132c5dd870ad7ebe324

SHA1
3036f67b6d01e51f659c172e3024a09d160b9b61

SHA256
2d395b4080fa5c1ace59194c0b9fa2b28b49f9dadd974eef72e8ef1c26b47afa

SHA512
99733ec3452ba89329819bfc145ca16aaccd8bef7d1c8e623e2e27e9f628e9fd5fb8cf029eaa0b5508e60e84514913d18784889b74bfa05707a161e29a6d0d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\kgEM.exe
Filesize
210KB

MD5
935147d389a1d8d5d92fbe8ae627820b

SHA1
b0ae31f94f558634c7a1fa9a5e5e07b2426f1cb8

SHA256
c6312b9ad93666ec432b5516b542ff71e62914986e2817b46ed95abdff09d736

SHA512
2d55ca168f71f52396f50eee1bc861bb58e1da7741ef26be346dbca0bb73baae833a7ec5427147ebbfc2bd59efcb1dba1fbb9673881640d5a15fc6a4abe05867

Download Submit
C:\Users\Admin\AppData\Local\Temp\kgcK.exe
Filesize
658KB

MD5
86e1705afb34ccb60baefb1fb91594e7

SHA1
aa9ee4a0f9be1ac7887bacc095e0fb6f6c79aaf4

SHA256
e30a0870e6da9d9f3cd57b82a01dd503208fdcaadddea47a75ffd2e881ea6c37

SHA512
32f59ac81ca70af0b76636865c562200c7862def4f4ff12e77178b10fa4dfc6bcc05132e98309e35e2077994a334f1dcabc23d85ed0e9cf7134fec29e23eb38c

Download Submit
C:\Users\Admin\AppData\Local\Temp\kkcm.exe
Filesize
962KB

MD5
f024fe39a71af12f43166e9e5c741476

SHA1
4ba6bae83a325515657f06022193ecfd3e1ac4af

SHA256
34fe1d0c93361a7ab143859f39fa27cbee2b1a521ebeda102e3d71cf33ca1ae0

SHA512
a2f55ea114e97b13693c5f7374abde4e91f9d2a6f9ad3aaf0a2f6e680d4fd255602800de13d9bd372b429a930f7d35e2e81854f621a42e90e0249c92740ee9c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\kkkG.exe
Filesize
671KB

MD5
e7b15fe987a6d0830d3df39a62270cbf

SHA1
40a5483ae576a80811f3ce856685f75987a375f7

SHA256
ba20e5a5dea5f8686399bb82e3d1c94e15443dddf04a9e11c64db910e955bac3

SHA512
7b03df8c0f55c65f808f79ec9aca5ac12d4b2342547136c678f743cd9b82cf609c4c142a373a5b133dfae78fa4b07013ec99df6551fd311e0b2aa6bee6d37c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\kwkK.exe
Filesize
236KB

MD5
a3cf1a9e0c57040f282acc905a07f7cf

SHA1
5c13ec0e34879ed4942c5d8eb3c0facb38bbaac3

SHA256
e96af897103019095f29be7a95265783600638e17f4a651d9ba7846ad84863f4

SHA512
403e24eddc639bfde6c1fb324a7178763ebd0e2d18c5aa279feab52e73087e0fdb52ac9d7c103acb7d7fac4914c9ebb340ae0282ae58d3eb95bd8810292c89da

Download Submit
C:\Users\Admin\AppData\Local\Temp\lIQgIgQw.bat
Filesize
4B

MD5
ffa2292fa44ea28da2cd774b454a9255

SHA1
5969d2cfa63b61b03f1887798bf18ad8497db905

SHA256
421b7af8401c88e08b65bcb9e1e0f8637fd3e22c9a19a64f9c5bfbe9565b07ba

SHA512
d1302ddd5b1a3844ddd9bdcb6dd2b781c7651c2ae19852ceac83dea81917cd94cd9c7242788dbd2f4244ca367965c020493d041647e3ed87d8f5bc5d987c5fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lMMMkwgE.bat
Filesize
4B

MD5
28acf643a030d8dacf6712d9f8488590

SHA1
4c948313fc8405e694a224274a6b1cf6a672898e

SHA256
a74d1687ca3251fdfe17a50a372c3309a04380cbfdd72132cfa7b8359e803e34

SHA512
637c601f24095e44de88037d70f7cbe69ef432ad4e9c968f250510fd0d47e163ffb33f09c5cb400b1c7f06057d385e8e51ebdfa6fffdf045429533ff9273f182

Download Submit
C:\Users\Admin\AppData\Local\Temp\lyQEwAsk.bat
Filesize
4B

MD5
167633f7b3df1b3797d9cd4da637375d

SHA1
a81c0b2c3ca90f661bd535ec23e389ab771db9c3

SHA256
bc320d622ce455cc0f4e6b873567cae1e1db6c27e955abd675124d4b57164d05

SHA512
d652902527f1b4c11b78ec45988d18f781f03959836c8ecc64ce220e4dac1a41b3e211da37047e449475cf17c9ead217c2b07a4d0450521e31818a64c68e1289

Download Submit
C:\Users\Admin\AppData\Local\Temp\mIMkoEQE.bat
Filesize
4B

MD5
c9d51cb32ae25c5cc24541da9c1ad2c1

SHA1
5f8a62bea1b0e712cfcf52ce7ca91590296c5821

SHA256
b81e4674d362f1a9ea960d7c426d4cdfc06a90fd50c59e26df885d01813d62b6

SHA512
222d6a5b157e4afe7b606d39b1499e1211c20098924b143fceeb3ce0ab44515310c8b7c5926fff61cc6bd3526512d519cab0c64a8a63aed4ce4998413430441c

Download Submit
C:\Users\Admin\AppData\Local\Temp\mUUg.exe
Filesize
239KB

MD5
fc500714c7f4b466a14fac06fa620d99

SHA1
5f7f8c136f61bee6c77d0e41a5c263c83bb0a327

SHA256
dffff786358e9a9e23238f3423a199ae363b3cde3730a3522c66aaf07104b9d5

SHA512
4644eae59ee3d6553639cdbe73edfc26da5f7edbcaeaa06578c8dddf6391e6d58cbe4fafe471a632dbbfb8590f176b5f79a1cf8dfd73d403d038156b84d1fa94

Download Submit
C:\Users\Admin\AppData\Local\Temp\mcss.exe
Filesize
198KB

MD5
9bbf7c2d456151656e464ae01f2dc53d

SHA1
0a04939a4dc485aed755bf60e5b5d4afb4afdfa3

SHA256
05a65002bb872c39338d82187715720c3fb6d4a4bcdfc5e84153bb1991582e48

SHA512
d8b648f2e091b109e84b823d24097fdc066d5fd72d058794062018fcf73dc5fe9a34741345e9d8b2a373589e2b9db740c08e2c95bbac1345a02036f1396c6883

Download Submit
C:\Users\Admin\AppData\Local\Temp\mwwE.exe
Filesize
240KB

MD5
7d48359ca84eadf1460e703c010c1d47

SHA1
e923e15e6af53d225bc048dfe74909f4105f101d

SHA256
570c88f7053e1f2aa23157727ddbcb3869084651ee5d7213ba7ab46b8da80290

SHA512
b5d260757e653e427cc5dcce31ace9cf3cc030af268d44d1eed4a6a0e37455e037f82311a803584855e818329830c6d17ab02f7b5f4f34d2e838a6787580622f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nmAEYYkg.bat
Filesize
4B

MD5
d51f058ad25ec613c964fee4ab3ef1b9

SHA1
5b5b057272dcc2bfe77262ee25fed615b6fed2bb

SHA256
d685f3c2d21a4231e1442085445efe477c374e1318824f785e15eddcacabad09

SHA512
977e0938f2a6d6505613c7a14666dad87afb787de55aad49c3cb6133d64baebea09410f3179fd5707cc336766e0605bd0bc627a989e6e2a12915a38920aed9ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nmsYEooY.bat
Filesize
4B

MD5
598b56c338ce9a35eb30569975338ebe

SHA1
3539725783f8adfd66a7cdb2544f56f0ad4a7aae

SHA256
66ac49f25b6adcf8697eab3f4834adce3c89a61a62ae28bbfb95fb7e608e8f69

SHA512
398abe9bb04ccba1e79160284dfe229ab832029e53fa9282bf8c8d29e8d211dc77bc6dd26ba61cc9244e3c741eb65542ad79d0ad18e18e616aae68f244d5ad63

Download Submit
C:\Users\Admin\AppData\Local\Temp\oIoe.exe
Filesize
640KB

MD5
3ee64ec3d19fb21c904f1c7a91869fc2

SHA1
2fcc56d1d0c72046c17e90ee35919798f2815dca

SHA256
6b25920d78773c3993d0a154015466307fd8317a45b26fc33b7efc1ff5d3a201

SHA512
4d6f09dfa9064e343c75b6c844ae221cc2d4e7299c0c868e69fbebf400d44f55e32e137881af269232a5102fcdd1933af9c7bc67e8d1128def95b1f3b661637b

Download Submit
C:\Users\Admin\AppData\Local\Temp\oMoe.exe
Filesize
247KB

MD5
fe94cd0e662e5e95233ee99f842092c0

SHA1
b8c3e288daf0a26884c51b6d2ceeea11323f30ba

SHA256
969b8fb0dbfac20113d476e5eac885f66d2943b5c178ac9bfe45eff878d01b8d

SHA512
e8d6bfe502cad084fb22af12ed5957905b1a7e90dd5ddb72f2d6512ef7ac294525e35cf39fa2aaa88b62d5cd62f2b9eaa0a4360de8bf16aef9cb60446f2cab8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\oQEe.exe
Filesize
242KB

MD5
da95d5847abfa4960e9a8578aef309f8

SHA1
07507da555a94fc89e5a9d69601685c88ea16ce8

SHA256
53d75eb4f244dba471aac24b37b22dee08c1d6683ea107b8344426174fc8bf1d

SHA512
8ede39e6884a692dca2bc6b5f47d005bc1f4b5ef448d9998c5f4a4b8798c50bf993660411620a1c751af69053e75d14ad5d662b9b06533de4ad6fa74b71c5a8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocAEkYkc.bat
Filesize
4B

MD5
53c90ca38689f3e32e9c3c0af428ad2f

SHA1
e20ea9f5998fd534d7af7cffdaaa131e50c9f996

SHA256
30b91059b3613a61b72aaa732c3d12bd42779cd9f281d855730edab09704af56

SHA512
51daef68df72454eeeaae32bf8f4b82d9e9ac82dd253fc75c8fe79901271f8eb3515a2c9cb97e7eb4f128177a3b019ddfecce2f66e5cd7a462cbd65ca782b580

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocEy.exe
Filesize
232KB

MD5
37733eabdeac0b6ebac8e33efc2c0762

SHA1
67f6621b543f3383248c1d7f2de31da8a9421100

SHA256
eb0b2b6f083ebbb6119834247f3aeefc360ddeb481e4eeec02f0021077ba6cc0

SHA512
47ae8c6502571613e1adde5677f04e7211ee3d07cb3ed665c7d9c094347ecee965eb62905a9198f2ba66712fe2baed3675331c54ad8c2ab5433b2cb525fa6655

Download Submit
C:\Users\Admin\AppData\Local\Temp\okIgEcMQ.bat
Filesize
4B

MD5
ed581b5622cc1d0e8f9acbb1852087ee

SHA1
d84a73f0c37e8e1da12d5efed013d03b03a04b7f

SHA256
1aeff64e4f182f5db14e1e8005c9f5412bdda7a38b61780c1f033f007a8e8057

SHA512
b47dc6f96285eed07a590e655d91922e35e9ff408a8c8f3e14efe8c7676daeccc63708a0d268800a3f787bfeab948d8397cfcaf202a6422a699b7036e3b89ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\okMK.exe
Filesize
669KB

MD5
8c4c515d0b979ee20d27137265016010

SHA1
a7563f0506da0abce5943b6c33f1aee71a376d32

SHA256
13bf61fb7b2353be3ddbb20ce2d5f290f148de47ae5c195d45a9546e92d937d9

SHA512
abd00ccd137845bd34de2af49e7c280e766e4e293bfe8bcbc5bc631cce69036087e33b7374b1c9c82f702d54aa546848998122755554e6e2c10120ba84f8eece

Download Submit
C:\Users\Admin\AppData\Local\Temp\oooe.exe
Filesize
822KB

MD5
f87870cefaf6c6a54bb95a6efff1fd5f

SHA1
01a80e9e19998145355baaa994e510926c97af3e

SHA256
1f529e345774688b4c4f924bffdd685f66191ef30cdf1e83dd2dc38cd2b685ae

SHA512
b1b357e6b6376996c4f12c35d7261619ab8d948e79ca0542cde05c4ce0f38fc3b9a6da23d1bfdca5f72207794a97ffeb5f4fe1d10454a3694a029e5c91fb5f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\piEoAQwI.bat
Filesize
4B

MD5
b08c49723eb50b43e0fad232296c9b47

SHA1
12ab3620606d657c6e851ca7d44abc3fe41787f4

SHA256
0e56d8bcd9610ac27cf759970270ab928c731efc865972e301822041b217e2b6

SHA512
1ec8c7d5eacaa9b3bb84f8e004c41b7f34c7f0498ef0799440025b7ba3f34fda794a8fd5569f1f1d75df1a7a524251913b98ace5f1b9d455de85684eb2e8bd25

Download Submit
C:\Users\Admin\AppData\Local\Temp\psoIgUMQ.bat
Filesize
4B

MD5
880aaa8983b9d1e6bbd5d108f63051d1

SHA1
0e5be65d00a4db833a55fd74ae4dbe91eb1f6add

SHA256
6eb642fb5a5d02a2f9d36538c2de236742b9e13ecfe5ecae69b0002de2e5ec08

SHA512
d05d252b24719cd68802bbbc1b39d512966d71c472261e99e664c260b32c6587be051f0da825f52756e6decee1fa3a0d9361acd0d54209da31551f2300a9583b

Download Submit
C:\Users\Admin\AppData\Local\Temp\puswgUoY.bat
Filesize
4B

MD5
1d1c98304db68aab2fcdba1441aa6051

SHA1
49f176993b06456e54d50482235e2b1f2a8c49ff

SHA256
df1e095242ecafcc3c479ed00173aecae537236382a2b3415c03fe3efbeff170

SHA512
459315e5212a48574185eba53779e04101ca417cee9b095e16bc0d0879215b2f87103e7e5c4e0365e8d7fa6a8b8fdbc1acb369f123abf3122addc453210926d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\qAEE.exe
Filesize
217KB

MD5
614c98a84c86f7ee7168ccf9cc40bec0

SHA1
ca78d3c6fada27ae35991ebde92f970cdf0407f2

SHA256
72fe64a555f92b0badd183940820c2edb7ad9f0e72c4e2063e73a681bd092f20

SHA512
16a29cc97b075e0db885dcee0959545b490004902e105c86310d2067538829d8b0cea4a30fb21768f5139bb2f61c4d1ba79911f7cfc89abdd72e1466621d96fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\qEEG.exe
Filesize
241KB

MD5
d41c704ac38d06b80ba4ac5adad7f8df

SHA1
67d67e0755f28ce7297759497a42f52c251b5145

SHA256
58f6210a8459b36a0564a3eb6ed31424063d449589139c2ebc22fee0769942d3

SHA512
d817a6baf30f0098a4f52e8f9c1db057d2c9230896919a36c516873925c4ceeab79c610a8fbaf4831b0fce1f20829abea1b8280bc4d452fb1126466ebdc5dab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\qEUw.exe
Filesize
246KB

MD5
84eaf11b70a7ff16c543c2cb27784813

SHA1
f3f78cc4e1b3472c02c839ba1dabc9310f339bd9

SHA256
c68f02933690bd7b7eedd51eca907997a1ba1dc1a4bce8ed1b136a8bc7249601

SHA512
b97fcc823d1553aa5ff33add5338ee45eb3dd67542f65f0b187c5fa54668b24eaf59a5472726ed7162d85888d01c6863d9c37f18626cf0ae6a0e3dade43011c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\qIQw.exe
Filesize
405KB

MD5
74c8ca87a42511211628f9946a638dbd

SHA1
167344df9bcab995d0c51acbb7e80d6c1fa43785

SHA256
e3e9585008acc49662230e2f3d12f678fbd8b520dd61196f2718a03627e9b7b7

SHA512
059f91d30e0f5c7764b6325efae4181f1776a08b980d0ea7a606c8d6a1a519fbbf7828eb3e965d1f8c7b2b7dbd0d7ff6c686787dff79b647a503f72bd5cdd002

Download Submit
C:\Users\Admin\AppData\Local\Temp\qSIEYYYU.bat
Filesize
4B

MD5
d72216e97c55019dd32e054863d3025a

SHA1
78f7ba11cf45641ef3085c16aec306a17084fe9d

SHA256
5dca947f8c7c4daf274d32636d3c35fed76070543fca099dfec636bbeedec5a9

SHA512
49309561221b207c02c18479cc8935ce720b532a97410ed39b289a29e1509fbd37a36f962022cac72d6f02b7377d45e278fbe1906e2f206c948fe9841ec823c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\qYQUoEQk.bat
Filesize
4B

MD5
ee5e85d16906632a256f77096f35673d

SHA1
c84bf1fb6d64b4c295c5f6e0a005f47af76e9162

SHA256
a578f06f1143a9f8ba7fd39b165cbf60c836d1fcc09797f89e9301831abed8c7

SHA512
a72a17cbe2fa27f96b6fb86dfd5962c202db93c299b27d0901362afacfedab5fbc19caec6a27d8e8455e2aa663dfbcbf9ea4e6b0490dbf5e07edb55248efa581

Download Submit
C:\Users\Admin\AppData\Local\Temp\qcoEwYoY.bat
Filesize
4B

MD5
5fb3eaecc6fe2d7a2d18e72b5e165f7f

SHA1
f0de7eaef5e22f0fd7c75639454ed01aa9560227

SHA256
fb9b4ea5b4644bc90c0a5af152ae0b5521f53521c4c48c31aa71a52710554e34

SHA512
72657b012b02d93d45495b692791cbd123a0d264bbd560893e2082531a868d6f8bfbfb4fedb48d2e95ca136c5626baf9e9d926ebbeef41fffb8d8d97efed56a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\qsEY.exe
Filesize
250KB

MD5
679f9b582b8fc5dc3e7a1af444b89e40

SHA1
16e5a389eb41db25481ee45b8c23b22885e6a122

SHA256
bd9ccc6a56124f0052263ca88da1e4404a0a2530aaa28e57dc9e9ab9ce33920b

SHA512
c7f2994d88b03ba0bf53ee098eb783bdcc6c19715c1eadbf2a9e23ced492dac0f5a43f4971406d4edcf58c7244f1e3cfb1af3321d084673291bfa8cff5999078

Download Submit
C:\Users\Admin\AppData\Local\Temp\quEoMIEY.bat
Filesize
4B

MD5
ea75805523802e4b159bedbfb4605b8e

SHA1
710ef4ac532fdd2588f00622da8e880657501380

SHA256
a17261ebc96ba6408f5a09e432239c65a410927f45fc057b4035341fb6a45794

SHA512
21a3cffa47566d0aa24a977e968b8c3f78ac324978611ecdf47700d21c9d847a533c8511c66996318f7f252a3f156b6bb6d632591ffce72a7811fe19a7ff0e6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\qwwq.exe
Filesize
313KB

MD5
0d20a807b73a3d1163766e27d9eae365

SHA1
e28a8415fbb48e939ac325206c5474e32a41d9b4

SHA256
6dc766d7aa762c20861b39165148269afac9aa332e5ed6a3e1f2cf95c37bd721

SHA512
2160f94d452f243edbb54d636bda821833d19caf1d2d4be2509b9831559632c79da6b7b48cf61260a8d6c11b0002e50cd30f13c4aa334ecebdd85d87a3e44948

Download Submit
C:\Users\Admin\AppData\Local\Temp\qywAMkgw.bat
Filesize
4B

MD5
b45173a2a5a698e7f769cdee6329a593

SHA1
433fc7ee931f783768340f20c63fb539c0984e5d

SHA256
d6ad69dd013e529c1a77e1099af7d7da57e0ab42df4f35a0ac914b91398945f9

SHA512
f89beff854f6dd9223cc4eca27ae87bff66cae8783a75591973a99191728b364051ae1a186b8b1969fcea874029cad9d367b9ff419a6a71b693e659558fb6c21

Download Submit
C:\Users\Admin\AppData\Local\Temp\rOMMsQIo.bat
Filesize
4B

MD5
fd46f7af096fca8ad0a4e459ed7bda72

SHA1
05040d0f4e767229974b1558071878e0f198d5f7

SHA256
bfe7a90f4092d45fdad21de89d70ea572866065ca39ad393fc7ddaabf93473cd

SHA512
491aa62f9cecf3a7b8f9b3d74304f415424c267f12e518a053afc3ed06aee1801ade2790c9369808a4fd1210e566d4d41af63da6b80f3f4d93e0a84c591d7c42

Download Submit
C:\Users\Admin\AppData\Local\Temp\sEAE.exe
Filesize
309KB

MD5
68df742d596a18b84c544204ea624702

SHA1
e562b14022175e9e64df3e535395992a68e56c2d

SHA256
8e1ad847bac4a8ef4b0b0fab16c602325474fd7f9497b9b71c241bffab3d4b5f

SHA512
c1961b383db7f19aa4478dc5527928e96a439b405a4e56ea3d93bfedb265e7e3f9d060cb1d2c798aa9289c61ad1e2f8604b66a8c1db324ae9ab3356e6be03b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\sEwEEsMU.bat
Filesize
4B

MD5
a20a249fe7926a022f8668074a048740

SHA1
3223a05c3ac9c867669bebd0ef38679b35770191

SHA256
14595c5a6270d5afea6baeeb5aae7f04619f5d81afeb477513bc06f3add1cd8e

SHA512
5129a57387ef5be4909a67ddb2459d1cd018de28208f5add17dbf2572235002bd707d239210ec2822a18996da2e51d2b25bea91292dd81e12d8e9a0733d6eb72

Download Submit
C:\Users\Admin\AppData\Local\Temp\sMwm.exe
Filesize
230KB

MD5
4d75877968f19cd306872cd7cf63895a

SHA1
6d6c203a95b23ca1a2f002b541d4c1bde5170263

SHA256
f9dd76961ca8ea0fad087a3335e3ab16a3e2dfe2e75ecb09f9e9299319599c8d

SHA512
f887f07b87328f0137a93a3a30ddac24ba93e2fcd5953e22159abf60135056c8e01b0016aa91da820412ebc72d90302746f9d695afbce74d00ae87854de838dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\sYEe.exe
Filesize
234KB

MD5
f1fea1ae363488cb1f0741b05d1cbec8

SHA1
0034256e8ccd493fcb0700f64ff75d335938dd41

SHA256
96622cba9b87bda7bc03586486cf1af2c26b58acfcb274e0bf6184bdf090110e

SHA512
9f300e6d25dff418d0aa886f44b5d575083a35ac927059b78d9c910eb124f4b2bcc79f472db6070c8ab567f3b8103295744398aaf22b9c6fcd05fa562c7c3c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\scsM.exe
Filesize
240KB

MD5
06e32664ee27f4dec6376da07f37a0d7

SHA1
87157565ffd238d1d56dc5c91d65bb2a02afae75

SHA256
ad98e6576d39ba7fe0269ef1f14e2b59bb086519c6be42bd42b952ba7dc35bda

SHA512
71c73369acc932acba01f17320ef3229719a991581ad82017163ab0cdab323424e56e59d2f401d99a23de8d3c7d3ef7a5a7740d352ecc2afc695e4aa9f8bd762

Download Submit
C:\Users\Admin\AppData\Local\Temp\smIgcMcE.bat
Filesize
4B

MD5
5a3c544b7e925e271e358a95ea976915

SHA1
af50588a40056616904c29155f73a644a5c68f37

SHA256
56d5b375796e28b465e964f3e67811283ea675acda47eb9eba2c11696d61ab17

SHA512
b2440f0d9b5cca3c98e21001442f2ababb63b872d2032bbb721936caefbe270d0075b89fc3f8ccd73ca23c764d655016f9be69bb43ecc9c04a186e77b19c46ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\tEIsoIYs.bat
Filesize
4B

MD5
282f56e9d37ab7e1d740e0a6c1190af2

SHA1
1cd26815d2d85e65c131ef80459d54cff02ecd84

SHA256
e67f1ab51554fa907910fa3cad5bbae51b5d851161bfd7427295fc0284770b67

SHA512
d47cf3f019f4e86df604d57dad1f71ee02c9fd54a35f326c034d6e1ba6a9be320f659eac19b7a8a3572e2e2c5a035d4ac76456ef20fa10634c50bf78fe46acfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\tesIEokI.bat
Filesize
4B

MD5
fd2baf10ace97c6570ef5c4046812a2e

SHA1
549becc92e569e9cedc1a26bab11bac5179561b8

SHA256
747d754491aa621f5e392c04ccfeac91d4ba21fbc914ff122207e74b253a9b70

SHA512
bb009f47e6459cb89670f7204d21bd8bebb2576aaeacc0c9369b4b04be81bb6046cfaaf1d281e96c61cd74332b96eda93c872c1e8e889f80735a8f77b63bcd6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsYQUYYo.bat
Filesize
4B

MD5
b266293157017016ea33c6d438bb59b3

SHA1
ae6eb36e622f8f17a7a5d8b338e01d64a8a7fdf5

SHA256
eedfbc54f2ea3c1b6e3c46b6f4b0867487ae13837646535121b6ffd2888e16a4

SHA512
0682c38d958c73c8d9f98b12759b2631b92ede16579eb0f1ded851b4c377ddce742ca040370f3027b8320b68cc5706e1348514beb786e93711ad17cc5533c51d

Download Submit
C:\Users\Admin\AppData\Local\Temp\uKgokEQI.bat
Filesize
4B

MD5
d000e853913b80805b3b9cb5c22fb564

SHA1
7ddf05adccdf28ee68212352e145b4bdd104dc1f

SHA256
2ce25c44c58e0116626aafaafd01718192ae2d39c79ca31db0c051b3bfe23ad5

SHA512
06a56b2e37ac2c1f82682a8400e0bd276469ae20b01144bc8889181d7b4b6a2c1bc2b97ec3ba01c7863de1b36a97a96fa9cc7622bf116dbf78dbea370c1e9839

Download Submit
C:\Users\Admin\AppData\Local\Temp\uMcy.exe
Filesize
4.8MB

MD5
53cd932803a93083fa08d60f35fcf9b8

SHA1
3e2154e6678fcfe1c01a13cfb43cbcc59086c581

SHA256
c76e73a83febfedce8ca77aa9d2d2a845e6cfc711e82bfba17225795ce6a554b

SHA512
117ce162c3bb4efe5538855a3b83d364e73cf30347845d45ec9c1df5d44e97e544a1a3d2adff192ba801199d2b59095adf5742d78197e30cce10a1deb7c03e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\uQQg.exe
Filesize
231KB

MD5
946dddef0f526af77d7908601639f264

SHA1
ad5be8ac86a624b2ec5c7606663da7e71b43532f

SHA256
810a9d421abb51218def7f1df72854301951e2e3640c3c1170d9e21df4750e04

SHA512
42046b351749b1f387eb25dabdef17575c0b23e019dccdc19954df4a0ed20cd7b1c92d50213e0c4580f6ebeb60c71be3326b02ec574383797286f9c82f34b1dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ucIQ.exe
Filesize
324KB

MD5
43cbcedd4532b44f186d4a2bd8bf9524

SHA1
948078aba38ba6df0a3822b9c5bd60df522ab384

SHA256
20bb23ab51b401e7bb5f5f4a9b8e1cd2aebdcbabaff694ac2df86b394c28c881

SHA512
0067d048446ea8bf3b7748c06f9753dcaf392aa0a3cd04a5cfd7e127bd71ededaa299aff975de2fc9ef513a96cb92e3b1a618e033b9107604e9ef32132ff59a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ukIq.exe
Filesize
730KB

MD5
b81adc547a639095ca1968dfea20b616

SHA1
587e8350e2c4a24121444de529723ae22bb57228

SHA256
c57f127297fbae999c67a9c68d17597d81bc8f2eaf958ce68a8305aa8e680a54

SHA512
86f9ac11982049520b1f9c22f46f304bf052e970499974456f5bcc7b7846d48301a3833846fb5aaff796891e066ad4bcad84aecb0c59d9205d38db995d15b907

Download Submit
C:\Users\Admin\AppData\Local\Temp\uoQo.exe
Filesize
849KB

MD5
6bb1d78dac2c1b5f1b6cbd17a206a464

SHA1
0cd2143e12051465a6331cd4da372ba0b0040562

SHA256
81cc56e88ff36332debd3f94acf08ec74596e72d9f59aeb8989268ebd9b1976a

SHA512
a2d476901ff381b59858ef4192e1e823517afb771d6324b9ac14d674da4db6b8eefa9f0e35dabe85311dfa780d49fdd78d33798849b172f3935cf85eee02cfef

Download Submit
C:\Users\Admin\AppData\Local\Temp\usYQwkUw.bat
Filesize
4B

MD5
b9abf60f99c8f3fd49eee4afc67378fe

SHA1
999dd12480ba47d6d61bbf6f120a3cb3be9c4d7a

SHA256
2821659540571d6923aba8a1dede3e768d57ad281a79f76882d66e944d18d102

SHA512
46a5ba33bd16b0d619d80c942966424e8d9caea47f1818bde52230cde7d2db9bb24be311da5b79e215c3a71eba1b1caffc714783fe082f198d1ae0a8af01ca21

Download Submit
C:\Users\Admin\AppData\Local\Temp\vKoMIIAM.bat
Filesize
4B

MD5
0ca72707deb6477ad71697c728c903b4

SHA1
00cf034ae224ac1216629d659f3fbbb204b812d4

SHA256
1dff5e850cd81b98d447ccd999cdd1c7c4f51a6be28151f6d88a2b921ac14209

SHA512
7a3760b914c64624ffb7d10ba4eb9e53dbdce013e533d1f572adf256633ddab42ec1c667e0e34de2d4899b21d5a424f9d192e071af7885c82bf8f0d77947da3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vWIoskQU.bat
Filesize
4B

MD5
8de4ecbb6e5529972beacd460672b5f5

SHA1
4bc8b8fc319b56ff224d5b7ff41a6c9455e55976

SHA256
f838c23d895baa29b7521cf0c806b05404b72e3ab6e896758777ff8c5d252528

SHA512
77d5e2218d635be6febd0bfed8d0f0397dd42bf5fd993f5befb6188ee484f224373e2cf6dc00eb2444e7987c24178f934fe7c6c1bb95604db0240eae07843bfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\vwAoMcsY.bat
Filesize
4B

MD5
d1b160e26349fc7abeba45f638d834ad

SHA1
6748afddb76bc09507e0d6cbcd5c259e86e21868

SHA256
026618bf14f1ff1fe1224c9b8f6a0fa4ac97b7133ef05f3701b52d26000da158

SHA512
c52f7cd80bd9074f3a27e287fbe4627e8d235dbc0af9f42075602f85dbe631705cb6090a730ae12e3f7b22e6e96b0d308b0a065cb2d7fe63aef5aaf0f5313ee7

Download Submit
C:\Users\Admin\AppData\Local\Temp\wAYq.exe
Filesize
195KB

MD5
79168e30a1b6898b36181b63557ff437

SHA1
fef8d6030640181c87497021748179e5fca142bb

SHA256
9b2485d01816836fa136046fc6b2371e896a9bc2c78b808020889594c277f6bb

SHA512
f8364a1a7a62938c99a06e78d68aae516eac5be8eb72e0b20b9ec4220962d2463b3badc14d4c9ec9a9e72298e708f18319e480a50ca356360e3b86352b762796

Download Submit
C:\Users\Admin\AppData\Local\Temp\wEEQ.exe
Filesize
226KB

MD5
c46840f291d3353e1fb4b11961c8f2e7

SHA1
ae97db9454a264320bda1a48c0c296b83cd1b26a

SHA256
b26c720ec1a9452864e9855c5b2bfc71043f76d04357ded9c75eea8d93f57f97

SHA512
147944071953bb81c49dcfe890490d38c4596ab3bd29affb616599d12ebacb243ffea921f8079d8cde09c7e0ee97587f9254e8ab92c24cd97892e2aa9c8d2c73

Download Submit
C:\Users\Admin\AppData\Local\Temp\wEQEwMks.bat
Filesize
4B

MD5
19dbb1c1d9d1800826bdb800e56fb88e

SHA1
8d99a5d19615bcbd77b436394f7077fbf3315e28

SHA256
15ebdd1587b7823c5edbf26a7d5140fc23f145e75a480780322a40f2b463343b

SHA512
370b74a29b9ac20c11a98140cde5d9791230d0b84fe9e99afc6c867b49907c60d97d7814ebdf64815e710065a0850a898cdccdb828bb6ae1c25aa43cd9650021

Download Submit
C:\Users\Admin\AppData\Local\Temp\wEUk.exe
Filesize
248KB

MD5
6003b0a2586e76f9c78726e003abe696

SHA1
92812f0a982099be0049ff41db53dcb96d16ba5c

SHA256
bdbf45b231d1e45966be43f5a46cc75e02c68c448aff0aa4290314ee597303bc

SHA512
de7f338bd564f157fefebadf6562e8cfe2b8002b94bb5faed635da237905a7335f5490954411725a774ff854831ff548efa8358ec22fa0d2c8af71afff9c3bfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\wMAYQEQk.bat
Filesize
4B

MD5
531e225483c30f1355d6d219fe170588

SHA1
25269d5fefc58736bf8551f36f2ff6baea02f477

SHA256
1660acde8d060afe1ff440afaa8176ac0a5ff80d73f81cd7df768f1985cdeb04

SHA512
ead8d3cc4721d6ddccd3c021ed29ee2f4cd10ea4c82aa14deea39c7ab69a639258406903cad50dd13e075f1f6708f79d147b725747a43cf02129c4f42aabc9b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\wQIa.exe
Filesize
203KB

MD5
ff8fbff7f6051399728493d086b2ad89

SHA1
996788b5f862dcd232926ffe082bbdf1a019c49d

SHA256
081d5b66bdf430ba6d0212dbb26c89687bb7240edc60cc81f93497f98f0fbcb3

SHA512
8e4ec618caae530a088d5e461dccf73b576d4ab954afa69b9dd46c6a4cdefb188e7c8e2a4fe2eb943551a52ac3d04d97f343b673da8e682b6c60c7b6d90a092e

Download Submit
C:\Users\Admin\AppData\Local\Temp\wUcc.exe
Filesize
244KB

MD5
b4d5b54708ebe5f754bb649f2a16ef9a

SHA1
b567a00fc4c663da8ee749ca295532e1e141e385

SHA256
c39636395dd2cc00b3db0b9be95ffb7a64d2d84807ab19bbe70135a497dc3e57

SHA512
bd1ba43667d13c640b29fd5bef0fbae7a36924d50bf6f8ead201bc2f7ae185167485fd3bc517ba9d57d18214a8554d6c95f3e19325a38683b244320cc109b423

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmEQoUsM.bat
Filesize
4B

MD5
6cb1bae92dbfaa20a4a2c028c2e8abc6

SHA1
6684434d2ec8d9177c2f291fa79a21d053ebcc1e

SHA256
5017f2ea98e64c9c329706be0bbd9a535231fea2c7cb617aa9674c44dd95474d

SHA512
be394589ffb594fd0e15e2089efde3544d06285b1d442d288c8fe624edeceec20d1e2dc47ab9769f94b82417df4e4cbc89732af275db92127e37fd593818811c

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsIkcgQI.bat
Filesize
4B

MD5
358fa147b69cc7a3fffb8e128bb7d43c

SHA1
4f8dd81f7ca624d5867ae88a43491ec863cef36d

SHA256
ac308251cb59c58fbc35f3824f979b0bd341fd8556c64ca0ec8d04c4e49331d3

SHA512
ec24b2fc8395b34938284aa54406e26cc98924a57fb013be79ae6ccc7ee1892c4bc3c016528b988b2f4fa555e1b4f17fc2f5b070c3c455d8708b01bbbc508884

Download Submit
C:\Users\Admin\AppData\Local\Temp\wwYE.exe
Filesize
209KB

MD5
64b6a8e8ff6d5b242452cc4ef49743c6

SHA1
7972246d81671a919dd5db9a584c3959ffdfa3c3

SHA256
eb03de5a2f215ed2f94408a9b2ca8f0a4209d4808123be1c3745a3d6772ddbd9

SHA512
0bd3582b49c4f0051d9452124bbd246a428fc2f01be2b7c10ffbc7f0d87af46159be65e079fdeeb384d0b9be664d6c3190381f2984bd554d4728b9171844adeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\wwgK.exe
Filesize
228KB

MD5
8b450ee0bc6e21edb41487226a18b4cc

SHA1
4842acffdd1a5628cd4fc0aba7d211d2df0b60cc

SHA256
19698928db74b36deb85f9f38cf99187fdc1d9e18a2e7a1bc01042aeec7eee10

SHA512
7b09ba24e12fb79b7a1570ca5b8b41d089c3640577a98c7c6c451901b61cf2a75ab29d995b8725a6c5d235d7c3659c1586d40237fcf9bf5a02f36c0e86b3cb8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\xAwcokEw.bat
Filesize
4B

MD5
8a6e3a4a6502275f30b59811c904da36

SHA1
6f0bf6ff63533eb61bcef6a939abe3b5e2012bfb

SHA256
2c1a33b22624a1ee9463ce69f968ac019e63e96d234354ef1e32cfa4b3720166

SHA512
a6cd9a7a4ecdf35ab58c8ccfcd5697fda2de127ff14b45f17ff470d12b664958be47f4b9856dca70562cc485f7ebbb29ded0a315b85db7d2159843152b1e6d06

Download Submit
C:\Users\Admin\AppData\Local\Temp\xIYIYkIk.bat
Filesize
4B

MD5
aa87a321af2493437ec6208cacdc5b19

SHA1
2f56b4c26cfa7524e57546298959b6b365cade98

SHA256
bd24394c7638f15eecae1ddf83327e59a8613b54f9115910a9d153a71b29e667

SHA512
d5b5ed085389f36cd2c1ec09648779a071ecc2e42d13819baebafbfddb2ffdfecb53c9ddbdd3565c6ebee203c8052d2c0b81cb2fd7a0740b37d35bbf9a78ef7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\xSAEUoIw.bat
Filesize
4B

MD5
ddbd5f4b49d3c52c286381525215ea4f

SHA1
13b11cca6979a7e775b5a68cbdb5c658277f5434

SHA256
d4ceecd59f38ceccc6e5fbf2e0a20e5b2c830cfb448c00a29189386104e5e8af

SHA512
c5baa94c140c52c4105a5708da6d4583369c293e9c352f75ffa768a7587b769f355c98fa6e30db9d23d74a6c0da8420a8039c00db5a1db70a38522f17807363a

Download Submit
C:\Users\Admin\AppData\Local\Temp\xuMMQQAg.bat
Filesize
4B

MD5
036a84793e202eb1884dbc35daea0ecb

SHA1
ed703d524e48ca771ba928b25ef4441085c7dc25

SHA256
66e39725a15c5b71ace2794aaf0590603867df3ba934d7c3b9a6a288538b7a7e

SHA512
87b66202c052221ae5abb267c4715ba4c30aaea8fdce848c372c22d7dd9954ff68cebd81cf7fdced1eafaf38ad6748d5f7fa91b5912a7c98cc6353822bb97b14

Download Submit
C:\Users\Admin\AppData\Local\Temp\yIcg.exe
Filesize
235KB

MD5
f169a3d14d2c9f475378ddd097b1f3ba

SHA1
48835ba9f4f46d03fb0d8e1d65efcfe32b09f4e6

SHA256
637f721dbed7888e2c28afb27f8630288a426f6c820c46544559879384623172

SHA512
ea21869fd64cb22047d3f5fdcee3d5c966ffd2ee7d280e49c2b30576986fe22929f5e0ddf9a9b969022e4498ff588828901772e7f86ad45fdc1f3f8b13d0c166

Download Submit
C:\Users\Admin\AppData\Local\Temp\yIwu.exe
Filesize
235KB

MD5
10dba6496a93c08ae7feb336c2c580b5

SHA1
4352108e14c60bab4bde95c7b5e129429f4e7596

SHA256
529b8a6232129582933f44e53afb85511c121c91daddca195f38f34858146619

SHA512
effa782a921adb5a942b767b7d24a729f84ec81efdf7a33f3759d44db49b321fa0171601636a7bbc145422b2eb11aa14c0a7257a8198ea1dda32dc2ebfea2712

Download Submit
C:\Users\Admin\AppData\Local\Temp\yMMsgskw.bat
Filesize
112B

MD5
bae1095f340720d965898063fede1273

SHA1
455d8a81818a7e82b1490c949b32fa7ff98d5210

SHA256
ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a

SHA512
4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

Download Submit
C:\Users\Admin\AppData\Local\Temp\yQgU.exe
Filesize
237KB

MD5
188a00aaf769175353a69f4e1b17b79f

SHA1
5f4d9049d21533cbe76ff73ce2943dba50b0bbdd

SHA256
922175f78200ba3edc5f9c2e21e69751cde3128babdfc8d2be3f90515c66fec1

SHA512
3a63ed46eef54c281e06666aed38ad5863447af6a417043a085bada61242850cb3209fce7a6cb02ecfd6f8a603c08b7d797674d231da2e57938c450710395c36

Download Submit
C:\Users\Admin\AppData\Local\Temp\ycwC.exe
Filesize
196KB

MD5
3653ff0cb89cd464e051b71aeaffa1ae

SHA1
1b46c65728ca8171189d05ff1c196e0c67e5391d

SHA256
4fba929a3ede6d601434b031518ba7ae4afb13daf095f9fb2f35e542d1301d9e

SHA512
2d6a18aafd63ed43a956b50aa04f613639938ddaed09c3ecc35e0ac8d497307497976976618fe2d0f79cf146efc195c546a5c8fa5e9c85ff7bd89227f7756b16

Download Submit
C:\Users\Admin\AppData\Local\Temp\ygMq.exe
Filesize
208KB

MD5
5ca0078af88060c904df36b1df93dd46

SHA1
d3cd9c4c9590e540076ea37494f59b30569c57d6

SHA256
3b3cc5e3d7c816ac487914e4697001d8e303316ad03e9b34f666be3794bd3117

SHA512
c7320d31052e8f941eaf64579083b6946bff5b8318bfa679c513a5cd8cd6dbce3141fb2ea2fddee16b12aeb2db085ef15298d6479bb27685bd079d695bc6d81b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ysoY.exe
Filesize
681KB

MD5
4ad1c1485ec39f950b6edf153fd6518f

SHA1
a6df8f1faa619c2cef24f097a8ad27746baf07e3

SHA256
4d9f1b267ce89745e293990e3d0c3ccf0a601a360d6c66b16b6e675673fe7e3d

SHA512
cf8415fd16d7097d5eddee671fedd4e361646589ad3e5e3822d0368cfe460dff954c599bb6e241d195edc36ff8317181867c8aabbbb5382ce8d769eab8576d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\ywEgIkcE.bat
Filesize
4B

MD5
d2030d6ca4eda0b248e2c39a3605a7e0

SHA1
53cb9da5b280b891f0458b4814981309926a804f

SHA256
6b57537d538d94e7c084f1dea5c44fed2cc658b772b920549326bff57b19ae91

SHA512
76bb040efef1cb733c58c8bf56fd6778f355db6328516aefa128730917417390586c4f1e544d8da719f61c523b69dd495ffe15aaeac0a2f9cbb166867e3e89b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\zEUoEEEY.bat
Filesize
4B

MD5
54618556573fff98249f0bb67559b0fe

SHA1
99c7134dde048a84a6bb8ccd096fd920d34371be

SHA256
4827f853092517abb309ae99df513558d21bdd2606a717464365314a2f8aeb9c

SHA512
a7ab985758080286b8092ab78ec9631213e550666b6a5fa72d79bae619ab4a4bce56e71a42ce16a0e167f10a6d3f8ecb1fc94b596bbdd87093002d3b836b13dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\zGYwsoAQ.bat
Filesize
4B

MD5
adcd880cbc92083e232c2bde42e1c639

SHA1
598d4513b8f4ed64beafc642f630db073e7d8d5f

SHA256
09dd75f7953a572c545dbdc4e1107f55f653b4967a4077d7c607ced2829decdc

SHA512
7d541387e5b60d067be9f1b8f1790e292b00f5205b8ff334e701a08b71fc3d0f886be22db76580738fdbc6e9e4340f5aac0f86470f54bd077af0f486ad9cc284

Download Submit
C:\Users\Admin\AppData\Local\Temp\zGoYcsIY.bat
Filesize
4B

MD5
3be41bad62bf863b5a9a07cfd20fdffd

SHA1
edb6053f565ebb6c60f67eabf55d7d7369be3622

SHA256
61989e8f72c31e3e28a93e207a2cfc39fe0073cc46639cfbcee6a9692f84c9fc

SHA512
9a4460d9c5d98078ab6be375a6be9a78be4b6fd3667d6dee1f5a3abaae74a8e20fa2864f4132237092e0e6fa2c0c46daa3e36d29a72c29ae4cd6a08649e752b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\zWsQAsEE.bat
Filesize
4B

MD5
74e405df3114bade0bb343247584798c

SHA1
d8ee2151ac255b2810aebba83cad324536a38410

SHA256
d2ff89cef4e698109bc93088405f78fd1d41aae2484250e466738cbc36f50f51

SHA512
56d003abc1870711fed7a37c92a559bc7fd2132e46eb0ff7d78ea26ffe0d20de256cc0349e08fb48a0733fd90deeec37150fb6e4dd37a967e7679860af63a74e

Download Submit
C:\Users\Admin\AppData\Local\Temp\zYsoMIEs.bat
Filesize
4B

MD5
80e24096f2f698c12fcee9e1dc1f16f6

SHA1
3ccd0011e5cb7f4bf569cfa6e47bc26d4f30e471

SHA256
535309933118ceb0302562394652b8cc7349f2bf1990f867734f8851f1518de3

SHA512
cd4472d7d29a3e0611d30ea1f855c9542748762509c9f41bf6b523009deabc7a2135c1329e13b355489212111a5f7949401348247ee1373fd899b8c9e95a8fd3

Download Submit
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.exe
Filesize
798KB

MD5
64bfcf6f33178cdb9905786091d28a64

SHA1
7557fdb0a1639825a82d379ca1d88e1c11a0d56c

SHA256
094a2e0f0d0a7db587de105508154478c8e137461b0c2eafc5db78b25ebac01e

SHA512
c5874360aa3f82978827a69be98a917fde5c58a32bbb76afbbefb746139dd47a923f41ea6cb72c1d6c68ecb7f8e97050eb31b0044dbf9405fe6d4df86cf9912c

Download Submit
\Users\Admin\SmIsIYoU\jSEwwgIM.exe
Filesize
199KB

MD5
6ee2d148e546226201505ab658e6dc7d

SHA1
f7e235dbb9bb51293654242739f3c5a9ecd76a70

SHA256
a9d1cfa5f7b09868a9d7c9f9ab862464f12b12de2030cd2aacc1ce4f01fdc72f

SHA512
ed92b2db128cd41b4e592243b6b726cb6f66ab880a443dd289dd8572f29d0dd64fd1491005f1a009525899704237a42bd9ae04de5ca10659d23e0f1b4c09d3db

Download Submit
memory/292-428-0x0000000000120000-0x0000000000165000-memory.dmp

Filesize
276KB

Download
memory/320-337-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/320-370-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/412-245-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/412-244-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/452-278-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/704-127-0x0000000000210000-0x0000000000255000-memory.dmp

Filesize
276KB

Download
memory/704-128-0x0000000000210000-0x0000000000255000-memory.dmp

Filesize
276KB

Download
memory/764-129-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/764-162-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/992-323-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/992-292-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1080-405-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1160-22-0x0000000000470000-0x00000000004A0000-memory.dmp

Filesize
192KB

Download
memory/1160-42-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1160-5-0x0000000000470000-0x00000000004A3000-memory.dmp

Filesize
204KB

Download
memory/1160-15-0x0000000000470000-0x00000000004A3000-memory.dmp

Filesize
204KB

Download
memory/1160-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1160-20-0x0000000000470000-0x00000000004A0000-memory.dmp

Filesize
192KB

Download
memory/1200-92-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1200-59-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1476-138-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1476-105-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1480-222-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1480-254-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1592-476-0x0000000000300000-0x0000000000345000-memory.dmp

Filesize
276KB

Download
memory/1600-706-0x0000000000170000-0x00000000001B5000-memory.dmp

Filesize
276KB

Download
memory/1600-705-0x0000000000170000-0x00000000001B5000-memory.dmp

Filesize
276KB

Download
memory/1664-452-0x0000000000160000-0x00000000001A5000-memory.dmp

Filesize
276KB

Download
memory/1664-291-0x00000000001E0000-0x0000000000225000-memory.dmp

Filesize
276KB

Download
memory/1876-360-0x0000000000120000-0x0000000000165000-memory.dmp

Filesize
276KB

Download
memory/1880-611-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1880-580-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1880-429-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1880-462-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1944-199-0x00000000022C0000-0x0000000002305000-memory.dmp

Filesize
276KB

Download
memory/2008-684-0x00000000003C0000-0x0000000000405000-memory.dmp

Filesize
276KB

Download
memory/2008-685-0x00000000003C0000-0x0000000000405000-memory.dmp

Filesize
276KB

Download
memory/2064-438-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2064-406-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2088-686-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2096-16-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2176-415-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2176-383-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2176-537-0x0000000000320000-0x0000000000365000-memory.dmp

Filesize
276KB

Download
memory/2176-538-0x0000000000320000-0x0000000000365000-memory.dmp

Filesize
276KB

Download
memory/2192-57-0x0000000000260000-0x00000000002A5000-memory.dmp

Filesize
276KB

Download
memory/2192-58-0x0000000000260000-0x00000000002A5000-memory.dmp

Filesize
276KB

Download
memory/2216-83-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2216-114-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2224-621-0x0000000000120000-0x0000000000165000-memory.dmp

Filesize
276KB

Download
memory/2272-560-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2272-589-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2320-498-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2320-527-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2336-82-0x0000000000120000-0x0000000000165000-memory.dmp

Filesize
276KB

Download
memory/2336-81-0x0000000000120000-0x0000000000165000-memory.dmp

Filesize
276KB

Download
memory/2372-602-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2372-631-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2400-673-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2400-642-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2412-517-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2420-539-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2420-569-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2464-486-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2464-453-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2512-497-0x0000000000810000-0x0000000000855000-memory.dmp

Filesize
276KB

Download
memory/2512-336-0x0000000000230000-0x0000000000275000-memory.dmp

Filesize
276KB

Download
memory/2524-591-0x0000000076FC0000-0x00000000770BA000-memory.dmp

Filesize
1000KB

Download
memory/2524-559-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2524-590-0x0000000076EA0000-0x0000000076FBF000-memory.dmp

Filesize
1.1MB

Download
memory/2524-166-0x0000000076FC0000-0x00000000770BA000-memory.dmp

Filesize
1000KB

Download
memory/2572-392-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2588-33-0x0000000000120000-0x0000000000165000-memory.dmp

Filesize
276KB

Download
memory/2588-32-0x0000000000120000-0x0000000000165000-memory.dmp

Filesize
276KB

Download
memory/2588-231-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2616-178-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2616-208-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2664-221-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2704-68-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2712-707-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2716-601-0x00000000001F0000-0x0000000000235000-memory.dmp

Filesize
276KB

Download
memory/2724-548-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2724-518-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2736-507-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2736-478-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2796-346-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2796-314-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2856-695-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2856-664-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2932-269-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2932-301-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2936-622-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2936-651-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2940-153-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2940-186-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/3004-662-0x0000000000330000-0x0000000000375000-memory.dmp

Filesize
276KB

Download
memory/3004-663-0x0000000000330000-0x0000000000375000-memory.dmp

Filesize
276KB

Download
memory/3060-641-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download