bf12b8d4b73b9a620d6f6fae322ea8763b26932b6802586f610a7a41e3787537

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
Size

194KB
MD5

133a8c1a28986426d2eb0ba6daf4756e
SHA1

954d8ec4bca96c898e8c6dd46b153d314066d656
SHA256

bf12b8d4b73b9a620d6f6fae322ea8763b26932b6802586f610a7a41e3787537
SHA512

4e049d4f65f5a63a3c85d5f7bc2978c66d88acac3cdb75905463afc0da0bea5ac4cc307aa0aeb1e02b0c7f8af8cafbabdf6040236a230dea49455f08711fa6ac
SSDEEP

3072:yF9pLvxydiOrQslB/waKwThbs6XxmBv0CnMOKyFW3ArtsL2U2XckMA/:y/tZyd0S/wpWs6hmqp6pw25l

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Processes:

reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

UAC bypass 3 TTPs 64 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Renames multiple (55) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

niMUIAso.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	niMUIAso.exe

Executes dropped EXE 2 IoCs

Processes:

mUYIIoQU.exeniMUIAso.exe

pid process

1508 mUYIIoQU.exe
2996 niMUIAso.exe

pid	process
1508	mUYIIoQU.exe
2996	niMUIAso.exe

Loads dropped DLL 20 IoCs

Processes:

2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exeniMUIAso.exe

pid	process
2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

niMUIAso.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exemUYIIoQU.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\niMUIAso.exe = "C:\\ProgramData\\aScoQAkA\\niMUIAso.exe"	niMUIAso.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\ZoYsEUEI.exe = "C:\\Users\\Admin\\XuMkEgco\\ZoYsEUEI.exe"	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\eQsoIMQY.exe = "C:\\ProgramData\\BCcYwkow\\eQsoIMQY.exe"	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\mUYIIoQU.exe = "C:\\Users\\Admin\\xGMQwoAk\\mUYIIoQU.exe"	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\niMUIAso.exe = "C:\\ProgramData\\aScoQAkA\\niMUIAso.exe"	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\mUYIIoQU.exe = "C:\\Users\\Admin\\xGMQwoAk\\mUYIIoQU.exe"	mUYIIoQU.exe

Drops file in Windows directory 1 IoCs

Processes:

niMUIAso.exe

description ioc process

File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico niMUIAso.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2472 2564 WerFault.exe eQsoIMQY.exe
2804 1956 WerFault.exe ZoYsEUEI.exe

description	ioc	process
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico	niMUIAso.exe

pid	pid_target	process	target process
2472	2564	WerFault.exe	eQsoIMQY.exe
2804	1956	WerFault.exe	ZoYsEUEI.exe

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

Processes:

pid	process
3016	reg.exe
2940	reg.exe
2120	reg.exe
536	reg.exe
1792	reg.exe
1540	reg.exe
1036	reg.exe
2832	reg.exe
2676	reg.exe
2756	reg.exe
1660	reg.exe
2888	reg.exe
3052	reg.exe
1812	reg.exe
1164	reg.exe
1292	reg.exe
2432	reg.exe
376	reg.exe
908	reg.exe
2392	reg.exe
2676	reg.exe
2760	reg.exe
2876	reg.exe
2944	reg.exe
1772	reg.exe
2324	reg.exe
2348	reg.exe
1668	reg.exe
760	reg.exe
1216	reg.exe
2096	reg.exe
280	reg.exe
2808	reg.exe
1208	reg.exe
2396	reg.exe
2568	reg.exe
2168	reg.exe
1812	reg.exe
2108	reg.exe
892	reg.exe
2332	reg.exe
2636	reg.exe
2096	reg.exe
2332	reg.exe
2964	reg.exe
2628	reg.exe
1316	reg.exe
2496	reg.exe
708	reg.exe
1796	reg.exe
476	reg.exe
2336	reg.exe
2116	reg.exe
2836	reg.exe
2548	reg.exe
912	reg.exe
2120	reg.exe
2288	reg.exe
2696	reg.exe
1596	reg.exe
2980	reg.exe
1768	reg.exe
2408	reg.exe
2864	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe

pid	process
2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2648	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2648	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1440	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1440	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1924	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1924	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2156	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2156	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2596	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2596	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1332	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1332	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1560	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1560	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
268	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
268	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1556	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1556	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1408	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1408	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2216	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2216	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1536	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1536	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1104	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1104	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
408	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
408	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2044	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2044	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1312	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1312	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2176	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2176	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1528	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1528	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2096	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2096	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1768	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1768	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2128	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2128	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1448	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1448	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2264	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2264	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1908	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1908	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2884	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2884	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1588	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1588	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2336	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2336	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1712	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
1712	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2604	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
2604	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

niMUIAso.exe

pid process

2996 niMUIAso.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

niMUIAso.exe

pid	process
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe
2996	niMUIAso.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.execmd.execmd.exe2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.execmd.execmd.exe

description	pid	process	target process
PID 2360 wrote to memory of 1508	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	mUYIIoQU.exe
PID 2360 wrote to memory of 1508	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	mUYIIoQU.exe
PID 2360 wrote to memory of 1508	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	mUYIIoQU.exe
PID 2360 wrote to memory of 1508	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	mUYIIoQU.exe
PID 2360 wrote to memory of 2996	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	niMUIAso.exe
PID 2360 wrote to memory of 2996	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	niMUIAso.exe
PID 2360 wrote to memory of 2996	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	niMUIAso.exe
PID 2360 wrote to memory of 2996	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	niMUIAso.exe
PID 2360 wrote to memory of 2704	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2360 wrote to memory of 2704	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2360 wrote to memory of 2704	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2360 wrote to memory of 2704	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2704 wrote to memory of 2720	2704	cmd.exe	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
PID 2704 wrote to memory of 2720	2704	cmd.exe	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
PID 2704 wrote to memory of 2720	2704	cmd.exe	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
PID 2704 wrote to memory of 2720	2704	cmd.exe	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
PID 2360 wrote to memory of 2792	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2360 wrote to memory of 2792	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2360 wrote to memory of 2792	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2360 wrote to memory of 2792	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2360 wrote to memory of 2780	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2360 wrote to memory of 2780	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2360 wrote to memory of 2780	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2360 wrote to memory of 2780	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2360 wrote to memory of 2784	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2360 wrote to memory of 2784	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2360 wrote to memory of 2784	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2360 wrote to memory of 2784	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2360 wrote to memory of 2608	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2360 wrote to memory of 2608	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2360 wrote to memory of 2608	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2360 wrote to memory of 2608	2360	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2608 wrote to memory of 2504	2608	cmd.exe	cscript.exe
PID 2608 wrote to memory of 2504	2608	cmd.exe	cscript.exe
PID 2608 wrote to memory of 2504	2608	cmd.exe	cscript.exe
PID 2608 wrote to memory of 2504	2608	cmd.exe	cscript.exe
PID 2720 wrote to memory of 2684	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2720 wrote to memory of 2684	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2720 wrote to memory of 2684	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2720 wrote to memory of 2684	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2684 wrote to memory of 2648	2684	cmd.exe	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
PID 2684 wrote to memory of 2648	2684	cmd.exe	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
PID 2684 wrote to memory of 2648	2684	cmd.exe	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
PID 2684 wrote to memory of 2648	2684	cmd.exe	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
PID 2720 wrote to memory of 2624	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2720 wrote to memory of 2624	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2720 wrote to memory of 2624	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2720 wrote to memory of 2624	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2720 wrote to memory of 2760	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2720 wrote to memory of 2760	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2720 wrote to memory of 2760	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2720 wrote to memory of 2760	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2720 wrote to memory of 2824	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2720 wrote to memory of 2824	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2720 wrote to memory of 2824	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2720 wrote to memory of 2824	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	reg.exe
PID 2720 wrote to memory of 2836	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2720 wrote to memory of 2836	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2720 wrote to memory of 2836	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2720 wrote to memory of 2836	2720	2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe	cmd.exe
PID 2836 wrote to memory of 2332	2836	cmd.exe	cscript.exe
PID 2836 wrote to memory of 2332	2836	cmd.exe	cscript.exe
PID 2836 wrote to memory of 2332	2836	cmd.exe	cscript.exe
PID 2836 wrote to memory of 2332	2836	cmd.exe	cscript.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2360

C:\Users\Admin\xGMQwoAk\mUYIIoQU.exe
"C:\Users\Admin\xGMQwoAk\mUYIIoQU.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1508

C:\ProgramData\aScoQAkA\niMUIAso.exe
"C:\ProgramData\aScoQAkA\niMUIAso.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2996

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
2⤵
- Suspicious use of WriteProcessMemory
PID:2704

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2720

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
4⤵
- Suspicious use of WriteProcessMemory
PID:2684

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2648

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
6⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
7⤵
- Suspicious behavior: EnumeratesProcesses
PID:1440

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
8⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
9⤵
- Suspicious behavior: EnumeratesProcesses
PID:1924

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
10⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
11⤵
- Suspicious behavior: EnumeratesProcesses
PID:2156

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
12⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
13⤵
- Adds Run key to start application
PID:1736

C:\Users\Admin\XuMkEgco\ZoYsEUEI.exe
"C:\Users\Admin\XuMkEgco\ZoYsEUEI.exe"
14⤵
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 36
15⤵
- Program crash
PID:2804

C:\ProgramData\BCcYwkow\eQsoIMQY.exe
"C:\ProgramData\BCcYwkow\eQsoIMQY.exe"
14⤵
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 36
15⤵
- Program crash
PID:2472

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
14⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2596

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
16⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
17⤵
- Suspicious behavior: EnumeratesProcesses
PID:1332

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
18⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
19⤵
- Suspicious behavior: EnumeratesProcesses
PID:1560

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
20⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
21⤵
- Suspicious behavior: EnumeratesProcesses
PID:268

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
22⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1556

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
24⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
25⤵
- Suspicious behavior: EnumeratesProcesses
PID:1408

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
26⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
27⤵
- Suspicious behavior: EnumeratesProcesses
PID:2216

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
28⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
29⤵
- Suspicious behavior: EnumeratesProcesses
PID:1536

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
30⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
31⤵
- Suspicious behavior: EnumeratesProcesses
PID:1104

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
32⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
33⤵
- Suspicious behavior: EnumeratesProcesses
PID:408

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
34⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
35⤵
- Suspicious behavior: EnumeratesProcesses
PID:2044

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
36⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
37⤵
- Suspicious behavior: EnumeratesProcesses
PID:1312

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
38⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
39⤵
- Suspicious behavior: EnumeratesProcesses
PID:2176

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
40⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
41⤵
- Suspicious behavior: EnumeratesProcesses
PID:1528

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
42⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
43⤵
- Suspicious behavior: EnumeratesProcesses
PID:2096

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
44⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
45⤵
- Suspicious behavior: EnumeratesProcesses
PID:1768

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
46⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
47⤵
- Suspicious behavior: EnumeratesProcesses
PID:2360

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
48⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
49⤵
- Suspicious behavior: EnumeratesProcesses
PID:2128

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
50⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
51⤵
- Suspicious behavior: EnumeratesProcesses
PID:1448

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
52⤵
PID:400

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
53⤵
- Suspicious behavior: EnumeratesProcesses
PID:2264

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
54⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
55⤵
- Suspicious behavior: EnumeratesProcesses
PID:1908

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
56⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
57⤵
- Suspicious behavior: EnumeratesProcesses
PID:2884

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
58⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
59⤵
- Suspicious behavior: EnumeratesProcesses
PID:1588

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
60⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
61⤵
- Suspicious behavior: EnumeratesProcesses
PID:2336

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
62⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
63⤵
- Suspicious behavior: EnumeratesProcesses
PID:1712

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
64⤵
PID:1448

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
65⤵
- Suspicious behavior: EnumeratesProcesses
PID:2604

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
66⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
67⤵
PID:2672

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
68⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
69⤵
PID:1664

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
70⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
71⤵
PID:3024

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
72⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
73⤵
PID:2484

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
74⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
75⤵
PID:1632

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
76⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
77⤵
PID:3052

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
78⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
79⤵
PID:2604

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
80⤵
PID:1316

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
81⤵
PID:928

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
82⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
83⤵
PID:576

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
84⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
85⤵
PID:2884

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
86⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
87⤵
PID:2676

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
88⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
89⤵
PID:1164

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
90⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
91⤵
PID:1568

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
92⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
93⤵
PID:2412

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
94⤵
PID:1412

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
95⤵
PID:928

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
96⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
97⤵
PID:2016

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
98⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
99⤵
PID:2064

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
100⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
101⤵
PID:1292

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
102⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
103⤵
PID:1032

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
104⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
105⤵
PID:1284

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
106⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
107⤵
PID:1316

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
108⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
109⤵
PID:2076

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
110⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
111⤵
PID:1440

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
112⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
113⤵
PID:2660

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
114⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
115⤵
PID:640

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
116⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
117⤵
PID:2088

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
118⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
119⤵
PID:3048

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
120⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
121⤵
PID:576

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
122⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
123⤵
PID:1596

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
124⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
125⤵
PID:1860

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
126⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
127⤵
PID:1708

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
128⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
129⤵
PID:1696

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
130⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
131⤵
PID:1940

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
132⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
133⤵
PID:2168

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
134⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
135⤵
PID:596

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
136⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
137⤵
PID:2136

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
138⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
139⤵
PID:760

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
140⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
141⤵
PID:1000

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
142⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
143⤵
PID:1164

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
144⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
145⤵
PID:2128

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
146⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
147⤵
PID:376

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
148⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
149⤵
PID:552

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
150⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
151⤵
PID:2848

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
152⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
153⤵
PID:1640

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
154⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
155⤵
PID:2432

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
156⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
157⤵
PID:2608

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
158⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
159⤵
PID:2112

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
160⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
161⤵
PID:1856

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
162⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
163⤵
PID:2104

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
164⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
165⤵
PID:2488

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
166⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
167⤵
PID:2176

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
168⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
169⤵
PID:944

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
170⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
171⤵
PID:2828

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
172⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
173⤵
PID:2128

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
174⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
175⤵
PID:2748

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
176⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
177⤵
PID:992

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
178⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
179⤵
PID:2152

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
180⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
181⤵
PID:2076

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
182⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
183⤵
PID:2228

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
184⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
185⤵
PID:2012

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
186⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
187⤵
PID:2428

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
188⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
189⤵
PID:1856

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
190⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
191⤵
PID:880

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
192⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
193⤵
PID:1800

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
194⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
195⤵
PID:1788

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
196⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
197⤵
PID:1832

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
198⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
199⤵
PID:912

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
200⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
201⤵
PID:2576

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
202⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
203⤵
PID:688

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
204⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
205⤵
PID:1624

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
206⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
207⤵
PID:1080

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
208⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
209⤵
PID:1944

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
210⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
211⤵
PID:1664

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
212⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
213⤵
PID:620

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
214⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
215⤵
PID:1448

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
216⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
217⤵
PID:376

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
218⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
219⤵
PID:2824

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
220⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
221⤵
PID:2004

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
222⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
223⤵
PID:2532

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
224⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
225⤵
PID:1664

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
226⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
227⤵
PID:1740

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
228⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
229⤵
PID:576

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
230⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
231⤵
PID:1720

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
232⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
233⤵
PID:2796

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
234⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
235⤵
PID:924

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
236⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
237⤵
PID:1168

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock"
238⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
239⤵
PID:2808

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
240⤵
PID:2660

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
240⤵
PID:1992

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
240⤵
- UAC bypass
PID:2216

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
238⤵
- Modifies visibility of file extensions in Explorer
PID:640

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
238⤵
PID:1556

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
238⤵
- UAC bypass
PID:2108

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dkEEwMkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
238⤵
PID:2476

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
239⤵
PID:1216

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
236⤵
- Modifies visibility of file extensions in Explorer
PID:1620

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
236⤵
PID:2936

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
236⤵
- UAC bypass
PID:684

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vuIUMkok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
236⤵
PID:3040

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
237⤵
PID:2988

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
234⤵
- Modifies visibility of file extensions in Explorer
PID:2604

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
234⤵
PID:1060

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
234⤵
- UAC bypass
PID:2856

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eKQocMwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
234⤵
PID:3024

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
235⤵
PID:1600

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
232⤵
- Modifies registry key
PID:2392

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
232⤵
PID:760

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
232⤵
PID:2596

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\icQgIQUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
232⤵
PID:1008

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
233⤵
PID:3028

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
230⤵
- Modifies visibility of file extensions in Explorer
PID:1300

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
230⤵
- Modifies registry key
PID:2096

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
230⤵
- UAC bypass
PID:1808

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QQIowwwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
230⤵
PID:3036

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
231⤵
PID:1080

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
228⤵
- Modifies visibility of file extensions in Explorer
PID:1256

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
228⤵
PID:632

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
228⤵
PID:1692

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sOkEAcsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
228⤵
PID:2248

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
229⤵
PID:2292

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
226⤵
PID:704

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
226⤵
- Modifies registry key
PID:2108

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
226⤵
PID:1556

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vgscIIsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
226⤵
PID:1756

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
227⤵
PID:2708

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
224⤵
PID:2936

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
224⤵
PID:2716

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
224⤵
- UAC bypass
- Modifies registry key
PID:2396

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zwckQggY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
224⤵
PID:2176

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
225⤵
PID:1640

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
222⤵
PID:2760

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
222⤵
PID:2432

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
222⤵
- UAC bypass
PID:2172

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jwwAIwoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
222⤵
PID:1028

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
223⤵
PID:2312

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
220⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:908

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
220⤵
PID:2744

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
220⤵
PID:856

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nmMkAEgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
220⤵
PID:1700

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
221⤵
PID:2504

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
218⤵
- Modifies visibility of file extensions in Explorer
PID:3036

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
218⤵
PID:2336

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
218⤵
PID:1808

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tMkMwwAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
218⤵
PID:1528

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
219⤵
PID:3012

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
216⤵
- Modifies visibility of file extensions in Explorer
PID:1936

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
216⤵
PID:2248

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
216⤵
PID:1820

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sekMYIQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
216⤵
PID:2684

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
217⤵
PID:1628

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
214⤵
- Modifies visibility of file extensions in Explorer
PID:2108

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
214⤵
PID:2508

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
214⤵
- UAC bypass
PID:2424

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OkcEQcQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
214⤵
PID:1656

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
215⤵
PID:2720

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
212⤵
- Modifies visibility of file extensions in Explorer
PID:1968

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
212⤵
PID:3048

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
212⤵
PID:1876

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sQswcwUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
212⤵
PID:684

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
213⤵
PID:2112

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
210⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2116

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
210⤵
PID:1796

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
210⤵
PID:1772

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\swcgQkMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
210⤵
PID:2288

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
211⤵
PID:1976

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
208⤵
- Modifies visibility of file extensions in Explorer
PID:2744

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
208⤵
PID:2064

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
208⤵
- UAC bypass
PID:1544

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PUAosgcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
208⤵
PID:760

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
209⤵
PID:2152

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
206⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2336

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
206⤵
PID:1300

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
206⤵
- UAC bypass
PID:1292

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BiMsIcQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
206⤵
PID:2588

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
207⤵
PID:2776

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
204⤵
- Modifies visibility of file extensions in Explorer
PID:1792

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
204⤵
PID:1736

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
204⤵
- UAC bypass
- Modifies registry key
PID:476

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pmEEEMIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
204⤵
PID:2964

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
205⤵
PID:2848

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
202⤵
- Modifies visibility of file extensions in Explorer
PID:2076

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
202⤵
PID:380

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
202⤵
- UAC bypass
PID:2540

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BKYEkYgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
202⤵
PID:1740

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
203⤵
PID:2008

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
200⤵
- Modifies visibility of file extensions in Explorer
PID:2168

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
200⤵
PID:1048

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
200⤵
PID:1868

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HMQksMcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
200⤵
PID:2084

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
201⤵
PID:1380

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
198⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1796

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
198⤵
PID:2548

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
198⤵
PID:1500

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CkQQcgYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
198⤵
PID:2760

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
199⤵
PID:2856

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
196⤵
- Modifies visibility of file extensions in Explorer
PID:1604

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
196⤵
- Modifies registry key
PID:2756

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
196⤵
PID:2064

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qMUssIYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
196⤵
PID:708

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
197⤵
PID:1872

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
194⤵
PID:1744

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
194⤵
PID:2416

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
194⤵
PID:2204

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IkMUsAgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
194⤵
PID:2656

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
195⤵
PID:2536

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
192⤵
- Modifies visibility of file extensions in Explorer
PID:704

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
192⤵
PID:1556

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
192⤵
- UAC bypass
PID:1736

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UeIQwAsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
192⤵
PID:2248

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
193⤵
PID:2884

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
190⤵
- Modifies visibility of file extensions in Explorer
PID:380

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
190⤵
PID:2872

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
190⤵
PID:2556

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UQYQQMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
190⤵
PID:1536

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
191⤵
PID:2104

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
188⤵
- Modifies registry key
PID:1316

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
188⤵
- Modifies registry key
PID:1668

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
188⤵
PID:2664

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZyogoYEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
188⤵
PID:3004

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
189⤵
PID:3048

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
186⤵
- Modifies visibility of file extensions in Explorer
PID:2432

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
186⤵
PID:2580

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
186⤵
PID:2832

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zEUQwAAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
186⤵
PID:2764

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
187⤵
PID:2640

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
184⤵
PID:1804

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
184⤵
PID:2032

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
184⤵
PID:2272

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pWUoUQIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
184⤵
PID:2532

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
185⤵
PID:1512

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
182⤵
PID:848

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
182⤵
- Modifies registry key
PID:2676

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
182⤵
- UAC bypass
- Modifies registry key
PID:1540

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PmcQowMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
182⤵
PID:2064

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
183⤵
PID:1604

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
180⤵
PID:3064

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
180⤵
PID:1668

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
180⤵
PID:1048

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sOkAMggo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
180⤵
PID:2112

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
181⤵
PID:1612

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
178⤵
PID:2476

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
178⤵
PID:2796

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
178⤵
- UAC bypass
- Modifies registry key
PID:2120

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KsMQcIsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
178⤵
PID:2300

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
179⤵
PID:2432

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
176⤵
PID:1820

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
176⤵
PID:1792

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
176⤵
PID:1996

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UmMMAUgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
176⤵
PID:2256

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
177⤵
PID:1788

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
174⤵
- Modifies visibility of file extensions in Explorer
PID:3048

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
174⤵
PID:2208

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
174⤵
- UAC bypass
PID:2772

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IWYgIYUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
174⤵
PID:1964

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
175⤵
PID:1780

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
172⤵
PID:2704

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
172⤵
PID:2568

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
172⤵
PID:1720

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eMYgUoUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
172⤵
PID:892

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
173⤵
PID:2540

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
170⤵
PID:3052

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
170⤵
PID:2944

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
170⤵
PID:1792

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZyIEEscU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
170⤵
PID:1628

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
171⤵
PID:2912

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
168⤵
- Modifies registry key
PID:1208

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
168⤵
- Modifies registry key
PID:1812

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
168⤵
PID:3048

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HmAcgUkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
168⤵
PID:1764

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
169⤵
PID:2816

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
166⤵
- Modifies visibility of file extensions in Explorer
PID:2300

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
166⤵
PID:2640

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
166⤵
- UAC bypass
PID:1700

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZIAUIMgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
166⤵
PID:3028

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
167⤵
PID:1864

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
164⤵
- Modifies visibility of file extensions in Explorer
PID:1756

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
164⤵
PID:3052

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
164⤵
- UAC bypass
PID:2508

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PIkgIAwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
164⤵
PID:2008

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
165⤵
PID:2724

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
162⤵
- Modifies visibility of file extensions in Explorer
PID:2856

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
162⤵
- Modifies registry key
PID:2548

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
162⤵
- UAC bypass
PID:1204

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GEMgMQUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
162⤵
PID:664

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
163⤵
PID:1968

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
160⤵
- Modifies visibility of file extensions in Explorer
PID:1700

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
160⤵
PID:2020

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
160⤵
- UAC bypass
PID:2796

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YaEUcIQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
160⤵
PID:1380

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
161⤵
PID:2872

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
158⤵
PID:2940

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
158⤵
- Modifies registry key
PID:3052

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
158⤵
- UAC bypass
PID:2216

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oYkgssog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
158⤵
PID:1736

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
159⤵
PID:2736

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
156⤵
PID:1600

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
156⤵
PID:2136

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
156⤵
- UAC bypass
PID:3020

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qGEwIYkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
156⤵
PID:2208

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
157⤵
PID:1876

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
154⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:912

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
154⤵
- Modifies registry key
PID:376

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
154⤵
PID:1108

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JyQccook.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
154⤵
PID:1708

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
155⤵
PID:320

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
152⤵
PID:1908

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
152⤵
- Modifies registry key
PID:2808

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
152⤵
PID:964

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nAcIoAIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
152⤵
PID:3040

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
153⤵
PID:2768

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
150⤵
PID:2280

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
150⤵
PID:2740

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
150⤵
- Modifies registry key
PID:2836

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vKgscUAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
150⤵
PID:2212

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
151⤵
PID:1316

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
148⤵
- Modifies registry key
PID:2628

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
148⤵
PID:1744

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
148⤵
- UAC bypass
PID:2892

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dCQgocMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
148⤵
PID:1988

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
149⤵
PID:2548

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
146⤵
- Modifies visibility of file extensions in Explorer
PID:2264

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
146⤵
PID:1312

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
146⤵
- UAC bypass
PID:2108

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oKEIQksQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
146⤵
PID:2560

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
147⤵
PID:1996

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
144⤵
PID:1964

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
144⤵
PID:2068

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
144⤵
- UAC bypass
PID:2616

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SgQYwIIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
144⤵
PID:1412

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
145⤵
PID:576

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
142⤵
- Modifies visibility of file extensions in Explorer
PID:2584

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
142⤵
PID:708

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
142⤵
- UAC bypass
PID:1488

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WGgkkAgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
142⤵
PID:2704

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
143⤵
PID:3024

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
140⤵
PID:2488

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
140⤵
PID:1908

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
140⤵
- Modifies registry key
PID:2888

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OekUQcwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
140⤵
PID:536

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
141⤵
PID:2628

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
138⤵
PID:2616

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
138⤵
PID:1544

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
138⤵
- UAC bypass
PID:1412

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xwYQUMQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
138⤵
PID:1780

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
139⤵
PID:1664

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
136⤵
PID:1860

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
136⤵
PID:1624

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
136⤵
- UAC bypass
PID:292

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\laEMoIoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
136⤵
PID:1172

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
137⤵
PID:2660

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
134⤵
PID:2560

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
134⤵
- Modifies registry key
PID:2332

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
134⤵
- UAC bypass
PID:2116

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DCkkwAUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
134⤵
PID:2644

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
135⤵
PID:1660

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
132⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:280

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
132⤵
PID:1968

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
132⤵
- UAC bypass
PID:2696

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pgEEsgMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
132⤵
PID:1168

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
133⤵
PID:2516

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
130⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2348

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
130⤵
PID:760

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
130⤵
PID:3004

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GgUAgYcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
130⤵
PID:2848

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
131⤵
PID:2568

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
128⤵
- Modifies visibility of file extensions in Explorer
PID:2020

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
128⤵
- Modifies registry key
PID:1164

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
128⤵
- UAC bypass
PID:1144

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mIooAkgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
128⤵
PID:2640

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
129⤵
PID:2140

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
126⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2432

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
126⤵
PID:3060

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
126⤵
- UAC bypass
PID:1484

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YUgoAoIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
126⤵
PID:408

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
127⤵
PID:2064

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
124⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1660

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
124⤵
PID:536

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
124⤵
PID:1492

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qkQkAYcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
124⤵
PID:2912

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
125⤵
PID:3040

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
122⤵
PID:1008

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
122⤵
PID:1192

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
122⤵
- UAC bypass
PID:1712

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BgUkcUQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
122⤵
PID:1500

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
123⤵
PID:2656

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
120⤵
PID:2688

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
120⤵
PID:1028

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
120⤵
PID:1812

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZAEIsUYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
120⤵
PID:1204

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
121⤵
PID:1964

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
118⤵
- Modifies visibility of file extensions in Explorer
PID:3004

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
118⤵
PID:944

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
118⤵
- UAC bypass
PID:2548

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zEcsgAwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
118⤵
PID:3024

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
119⤵
PID:1512

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
116⤵
PID:2852

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
116⤵
PID:1568

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
116⤵
PID:2672

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HQoYMAQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
116⤵
PID:2632

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
117⤵
PID:1332

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
114⤵
- Modifies visibility of file extensions in Explorer
PID:2556

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
114⤵
PID:1484

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
114⤵
- UAC bypass
PID:1448

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kgwEkgAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
114⤵
PID:476

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
115⤵
PID:1540

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
112⤵
PID:2644

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
112⤵
PID:1592

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
112⤵
PID:596

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OukggsoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
112⤵
PID:2720

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
113⤵
PID:3040

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
110⤵
- Modifies visibility of file extensions in Explorer
PID:3036

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
110⤵
PID:2540

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
110⤵
PID:2096

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AkAsIwsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
110⤵
PID:1772

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
111⤵
PID:1964

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
108⤵
- Modifies visibility of file extensions in Explorer
PID:848

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
108⤵
PID:1624

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
108⤵
- UAC bypass
- Modifies registry key
PID:1792

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\euIQgEsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
108⤵
PID:1644

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
109⤵
PID:2296

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
106⤵
PID:1512

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
106⤵
PID:2240

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
106⤵
- UAC bypass
PID:2364

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ceAlAIoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
106⤵
PID:2896

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
107⤵
PID:3008

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
104⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:536

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
104⤵
PID:3032

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
104⤵
PID:704

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HoUokkQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
104⤵
PID:2064

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
105⤵
PID:2880

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
102⤵
PID:2644

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
102⤵
PID:2412

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
102⤵
- Modifies registry key
PID:892

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rkIcAoEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
102⤵
PID:1620

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
103⤵
PID:2948

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
100⤵
- Modifies visibility of file extensions in Explorer
PID:2264

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
100⤵
- Modifies registry key
PID:2964

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
100⤵
PID:2508

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZuwYkQYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
100⤵
PID:1696

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
101⤵
PID:2120

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
98⤵
PID:1108

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
98⤵
- Modifies registry key
PID:2332

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
98⤵
- UAC bypass
PID:1284

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rAMIoIoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
98⤵
PID:1368

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
99⤵
PID:1048

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
96⤵
- Modifies visibility of file extensions in Explorer
PID:576

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
96⤵
PID:908

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
96⤵
PID:2536

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OycgscoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
96⤵
PID:2784

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
97⤵
PID:1736

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
94⤵
PID:2664

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
94⤵
PID:1248

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
94⤵
PID:280

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ocQUkkco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
94⤵
PID:2360

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
95⤵
PID:2012

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
92⤵
- Modifies visibility of file extensions in Explorer
PID:2852

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
92⤵
- Modifies registry key
PID:2096

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
92⤵
- UAC bypass
PID:1556

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\icAIIwUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
92⤵
PID:2548

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
93⤵
PID:2540

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
90⤵
- Modifies visibility of file extensions in Explorer
PID:1996

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
90⤵
- Modifies registry key
PID:2324

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
90⤵
- UAC bypass
PID:844

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iOIEgwgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
90⤵
PID:764

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
91⤵
PID:1708

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
88⤵
- Modifies visibility of file extensions in Explorer
PID:2508

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
88⤵
PID:2216

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
88⤵
- UAC bypass
PID:580

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LSQUMsoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
88⤵
PID:2020

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
89⤵
PID:2776

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
86⤵
- Modifies visibility of file extensions in Explorer
PID:3020

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
86⤵
PID:2736

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
86⤵
PID:1136

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jicUEsMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
86⤵
PID:2008

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
87⤵
PID:1860

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
84⤵
PID:1812

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
84⤵
PID:2988

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
84⤵
- UAC bypass
PID:2228

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tkYwIoMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
84⤵
PID:2740

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
85⤵
PID:1596

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
82⤵
PID:1248

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
82⤵
- Modifies registry key
PID:1772

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
82⤵
- Modifies registry key
PID:2636

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fWkkIUsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
82⤵
PID:1816

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
83⤵
PID:2576

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
80⤵
PID:2672

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
80⤵
- Modifies registry key
PID:2496

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
80⤵
- UAC bypass
- Modifies registry key
PID:708

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IGEEUwck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
80⤵
PID:2292

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
81⤵
PID:1080

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
78⤵
- Modifies visibility of file extensions in Explorer
PID:2224

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
78⤵
PID:1528

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
78⤵
- Modifies registry key
PID:2120

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eGAkMcYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
78⤵
PID:1756

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
79⤵
PID:968

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
76⤵
- Modifies visibility of file extensions in Explorer
PID:580

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
76⤵
PID:1612

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
76⤵
- UAC bypass
PID:1484

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UckgAckg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
76⤵
PID:2684

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
77⤵
PID:1924

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
74⤵
- Modifies visibility of file extensions in Explorer
PID:2336

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
74⤵
PID:2080

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
74⤵
PID:1688

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EaMkUwAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
74⤵
PID:2720

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
75⤵
PID:1944

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
72⤵
- Modifies registry key
PID:2696

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
72⤵
- Modifies registry key
PID:2944

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
72⤵
- UAC bypass
PID:888

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NyMMMkUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
72⤵
PID:380

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
73⤵
PID:1060

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
70⤵
PID:1816

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
70⤵
PID:1412

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
70⤵
- UAC bypass
PID:2644

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XcYYMUYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
70⤵
PID:2044

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
71⤵
PID:2832

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
68⤵
PID:896

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
68⤵
- Modifies registry key
PID:2288

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
68⤵
PID:892

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tYQkoQEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
68⤵
PID:2724

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
69⤵
PID:320

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
66⤵
PID:2488

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
66⤵
PID:2296

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
66⤵
PID:556

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tMkwskAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
66⤵
PID:1676

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
67⤵
PID:296

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
64⤵
- Modifies visibility of file extensions in Explorer
PID:2876

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
64⤵
PID:1164

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
64⤵
- UAC bypass
PID:1868

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MEUgAIIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
64⤵
PID:2640

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
65⤵
PID:3032

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
62⤵
PID:2240

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
62⤵
- Modifies registry key
PID:2864

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
62⤵
- UAC bypass
- Modifies registry key
PID:1292

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\weMwAosI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
62⤵
PID:1008

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
63⤵
PID:2272

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
60⤵
- Modifies registry key
PID:1812

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
60⤵
PID:3008

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
60⤵
- UAC bypass
- Modifies registry key
PID:2940

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aSYwsEsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
60⤵
PID:2740

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
61⤵
PID:2716

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
58⤵
- Modifies visibility of file extensions in Explorer
PID:2540

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
58⤵
PID:2588

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
58⤵
- UAC bypass
PID:944

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bIcUsYYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
58⤵
PID:2796

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
59⤵
PID:2208

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
56⤵
PID:1856

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
56⤵
PID:2852

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
56⤵
- UAC bypass
PID:2096

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vYYsAEcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
56⤵
PID:708

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
57⤵
PID:2276

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
54⤵
- Modifies visibility of file extensions in Explorer
PID:1528

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
54⤵
PID:2248

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
54⤵
PID:1644

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PEoQYYgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
54⤵
PID:920

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
55⤵
PID:968

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
52⤵
- Modifies visibility of file extensions in Explorer
PID:1868

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
52⤵
- Modifies registry key
PID:2876

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
52⤵
- Modifies registry key
PID:2408

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pigIEsww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
52⤵
PID:2428

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
53⤵
PID:2256

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
50⤵
- Modifies registry key
PID:1216

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
50⤵
PID:2508

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
50⤵
PID:1688

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LwQQAUYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
50⤵
PID:292

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
51⤵
PID:2212

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
48⤵
- Modifies visibility of file extensions in Explorer
PID:1792

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
48⤵
- Modifies registry key
PID:3016

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
48⤵
- UAC bypass
PID:2816

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UcwcAYwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
48⤵
PID:2016

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
49⤵
PID:760

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
46⤵
- Modifies visibility of file extensions in Explorer
PID:944

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
46⤵
PID:1412

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
46⤵
- UAC bypass
PID:2796

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uuMsMoMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
46⤵
PID:2208

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
47⤵
PID:2644

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
44⤵
- Modifies visibility of file extensions in Explorer
PID:2852

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
44⤵
PID:708

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
44⤵
PID:1668

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YosUcIAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
44⤵
PID:1804

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
45⤵
PID:2156

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
42⤵
- Modifies visibility of file extensions in Explorer
PID:1144

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
42⤵
PID:2488

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
42⤵
PID:1000

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kuIYkEks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
42⤵
PID:1628

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
43⤵
PID:2120

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
40⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2760

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
40⤵
PID:2768

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
40⤵
- UAC bypass
PID:2280

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HgsckUwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
40⤵
PID:2256

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
41⤵
PID:1164

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
38⤵
PID:2332

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
38⤵
PID:1216

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
38⤵
PID:1992

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NMwMoAcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
38⤵
PID:2964

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
39⤵
PID:1820

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
36⤵
PID:2660

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
36⤵
PID:2892

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
36⤵
- UAC bypass
PID:1792

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NUsQIMoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
36⤵
PID:2740

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
37⤵
PID:1812

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
34⤵
PID:2304

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
34⤵
PID:1080

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
34⤵
- UAC bypass
PID:2392

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JewMAowo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
34⤵
PID:2988

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
35⤵
PID:2592

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
32⤵
- Modifies visibility of file extensions in Explorer
PID:2296

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
32⤵
PID:968

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
32⤵
- Modifies registry key
PID:1768

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\magEkAgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
32⤵
PID:1664

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
33⤵
PID:2204

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
30⤵
- Modifies visibility of file extensions in Explorer
PID:2912

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
30⤵
PID:1436

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
30⤵
- UAC bypass
PID:2292

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sSgwkkcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
30⤵
PID:1000

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
31⤵
PID:1656

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
28⤵
- Modifies registry key
PID:1596

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
28⤵
- Modifies registry key
PID:2980

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
28⤵
- Modifies registry key
PID:2676

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wMgMEUgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
28⤵
PID:2256

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
29⤵
PID:1868

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
26⤵
- Modifies registry key
PID:2832

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
26⤵
PID:2008

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
26⤵
- UAC bypass
PID:1448

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ScQkwwkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
26⤵
PID:2336

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
27⤵
PID:2240

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
24⤵
- Modifies visibility of file extensions in Explorer
PID:2728

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
24⤵
PID:1312

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
24⤵
PID:1248

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DIwwkcIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
24⤵
PID:2580

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
25⤵
PID:1792

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
22⤵
PID:1668

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
22⤵
PID:3028

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
22⤵
PID:2044

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vUAQcUoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
22⤵
PID:1512

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
23⤵
PID:2088

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
20⤵
- Modifies visibility of file extensions in Explorer
PID:920

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
20⤵
PID:704

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
20⤵
- UAC bypass
PID:408

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BWYgQoIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
20⤵
PID:2412

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
21⤵
PID:1924

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
18⤵
PID:2272

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
18⤵
PID:2880

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
18⤵
PID:2876

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zcAQQAco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
18⤵
PID:2292

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
19⤵
PID:2408

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
16⤵
PID:376

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
16⤵
- Modifies registry key
PID:760

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
16⤵
- UAC bypass
PID:1996

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KQYsAoQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
16⤵
PID:1952

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
17⤵
PID:1688

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
14⤵
- Modifies registry key
PID:2568

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
14⤵
PID:2936

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
14⤵
- UAC bypass
- Modifies registry key
PID:2168

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mIkYEUIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
14⤵
PID:2504

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
15⤵
PID:1936

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
12⤵
- Modifies visibility of file extensions in Explorer
PID:1720

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
12⤵
PID:2848

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
12⤵
- UAC bypass
PID:1412

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YqEQAgIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
12⤵
PID:2588

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
13⤵
PID:3064

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
10⤵
- Modifies visibility of file extensions in Explorer
PID:1760

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
10⤵
PID:1568

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
10⤵
- UAC bypass
PID:2032

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oGcEgUEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
10⤵
PID:1652

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
11⤵
PID:708

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
8⤵
- Modifies visibility of file extensions in Explorer
PID:684

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
8⤵
PID:476

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
8⤵
- Modifies registry key
PID:1036

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rywssIYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
8⤵
PID:576

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
9⤵
PID:1380

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
6⤵
PID:2364

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
6⤵
PID:1964

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
6⤵
PID:1636

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vqMAooQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
6⤵
PID:1528

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
7⤵
PID:1256

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
4⤵
PID:2624

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
4⤵
PID:2760

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
4⤵
- UAC bypass
PID:2824

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HwMEcQcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
4⤵
- Suspicious use of WriteProcessMemory
PID:2836

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
5⤵
PID:2332

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
2⤵
PID:2792

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
2⤵
PID:2780

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
2⤵
PID:2784

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zSAQYUoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock.exe""
2⤵
- Suspicious use of WriteProcessMemory
PID:2608

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
3⤵
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
Filesize
237KB

MD5
0a09449f0ae3123bea52b1536bd221e2

SHA1
ccb215f0d60180690a502ada135378fc70d87e15

SHA256
9be44a9b64cdb798beb92d5016053e74bf8f02e0beb0aa4b9e1aac9e201d28d3

SHA512
9379ccc48bedb20f7005f0726b6e6d5b961c68dedf823e495ea1f75c36cf8fa129c7187c13f449c6c1912aa9ccd29f43e2d2cf7132da5fa5d64121211648864b

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.exe
Filesize
245KB

MD5
377382edb5540eaadc1f8a5a8f034340

SHA1
5bd8b730310d458423a33c55ce1edc2285aafdfd

SHA256
d6ffc48d8c17515b69b0f7094b3ee414ea958ab0e47f6cd9b4629f958b4ebaa3

SHA512
ba938520e920cbbef733a319fe87eeddadae874d77d7aa8010c18a2da2087c7334bc3ff5abe0c28de00569d6b3d4b68face483369b2151013e2d5cd9f5f2613f

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
Filesize
247KB

MD5
0ad77afb230294b59e5dc792f237706b

SHA1
14548b236aa24a924218ae54ada3b3f3b90b7eb5

SHA256
0b059bda6c05c4cca923983226f96cf06bbd4d20647595fafec0d5c72664cd58

SHA512
f08cc689e4ae811c9bae87e54cdac59ba1f17eaa1fe84121dd335c7017d86495a61fd081603439de98a2e844273e122c3a15377d8bade1af90e497181ff0d1c0

Download Submit
C:\ProgramData\aScoQAkA\niMUIAso.exe
Filesize
181KB

MD5
4f13c04de9d85b3e9c1989afd023c754

SHA1
024e5489a65db2e9dc9b9a2a70787d3d202e927c

SHA256
b6c1293c8df6bb44a4328cf93bf3cb3abbda7cf04d0086874317bea050ec4312

SHA512
0563786ae0fd77a94de58283081dd8a4efbc81f4752f3b6ee6264fc78b6767a14111b11665d81d93bddd297d5fdd2c3260b2a914f5df4d67c323122d2041fefa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\256.png.exe
Filesize
208KB

MD5
d25c0e53507dddd648f8fa78a68529dc

SHA1
dd1d4fda8f9b6dd930842846fc7e9775c6b69e1c

SHA256
ab5c44749e0b08d0b54b4a77a0f535cc729edad744b80681dc400a1097df9344

SHA512
ffd6bad0059408ab0941b269e781f13c03985e6400a3f341a9919a68bb8d464ba26a191b2a006e616883fa39ecc07f59d108579c2f4b21d6ac73a5b48d52426f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png.exe
Filesize
193KB

MD5
33d31a7d6ffc45c7b4ce40cccd60ac43

SHA1
a0ab55ca3e52b72c504f9cc5f202e30dd9b51406

SHA256
3e1e5c8dda585f326731a64d2f2bd9a2dfad4ecf95aa9d99e02ea1679400aa3d

SHA512
3ce238f9c9f0e54d84255f3f564800b3fb6df224461382307c84a80396529b5769c21e5579577d249636a2876ad46275a62ec13b5aa302c81b5402a07d5b0e75

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-05-25_133a8c1a28986426d2eb0ba6daf4756e_virlock
Filesize
5KB

MD5
ce1e5810d7c9f27a6b139b7bb5772198

SHA1
ec7dd31f242502ea55223a00c883044cba378ba4

SHA256
0ae29a2e9fb4ca75da5145ac86ab6dd9f12767cadb5bc6a9aa4b1036edc128e7

SHA512
44975121e40b3fa90d1c32ca56e53e2fcd5c768e64e22cc9f9ac73991b1ca79aa9745136b7dea10bac6c88c946af0155ba2abb91b14eb182dd1e69c2a718a63a

Download Submit
C:\Users\Admin\AppData\Local\Temp\AAcy.exe
Filesize
204KB

MD5
eadccc21141ba736b809e2124e5dd0f9

SHA1
1789c35a470b397131f0fb581d3a16506e4c22e1

SHA256
afd54a385f3ee503315a36b6ef71c7ea49225add002323a30dc4b2f42f3f77fc

SHA512
358df716b8104d3a726362b24f1552810dabd1528558083e3e9e1a2596124ce21c40cbca615608cadf4d7ea7d4e4ec3320a42af6e340834451d44b346b2a90b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\AIwC.exe
Filesize
226KB

MD5
228ddde3b222bf016ea8b09c6be6ca6c

SHA1
513c8b48906384d1300653a9925426833ddcbf5c

SHA256
57219bf81e4999568bc326ab70428635a0eae28953248111bb72a47310f914aa

SHA512
8a14da160cf285e2955f65d11509f0c0293846a27a14590701db5958a932079a39085233856088ebd8f06fea237cc0f78ca044e13a0c465f4f22ce27a2c87fb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Agwk.exe
Filesize
649KB

MD5
1366527b0800c5695877647a5c5dfbd7

SHA1
fd4419c2e90e0aff69ff39ad128d0b0ea1592701

SHA256
9d0ca1a7c08eb9b4de48cd582d249d83833a3172f599df7bc03e1e5a5c0056f6

SHA512
1c4e00404f8a33a1738375f14408b3b292b6dae32b7886c51e8012ea2b2b9e5dab505f22f96b625544251c18449c3a524b7716b3d21e14da4ba75f2697d07731

Download Submit
C:\Users\Admin\AppData\Local\Temp\Aksg.exe
Filesize
183KB

MD5
1ce7c1c59c39adf2e55a18a5220bf1cb

SHA1
b268d25df96ebcc36dc99209be1a11be61c30918

SHA256
14473268b98e0c7eb6624b00269472f86d3a6e9fdfb87f03c81c1133f6a128ff

SHA512
270f2ecba6e18193d2dd0999dbc88233c4f3a690086e6cf5f03505e1f494abeee6c5b3dd92fa45a088794b3ea86585d0812c1e2b3603e1f6d34332443bd576da

Download Submit
C:\Users\Admin\AppData\Local\Temp\AmcEAckE.bat
Filesize
4B

MD5
31725eefa1904d40a1cecccfb06fe218

SHA1
11bebbaff4e2ab4217617ccc50c297c212b826c8

SHA256
b4bc622c739d16360fd2cd004783448650df489f731f0ab3b4669ed4fde4635c

SHA512
891f56cd794105ce734fa65e14994118ce17d9734abfbea208d8d91c7de9a18dbc7df9a33ad316be86b0fb625ef9ce5f66266033df376de0b20a160c1117e9b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\AsIs.exe
Filesize
234KB

MD5
9e06486f5ebe29dce2525895ca63a7e1

SHA1
aefd8415c1e46360ea057216069f2afea3a0adc6

SHA256
099d1e3b8e8e1c0666fa0b47162eeaa9ee31dd1ccf1231313d40ba0d90f68d29

SHA512
4779f37337ba55c3acbd9794a597d42c32622b7e9e2b01617aaa9f64aa955dea4ac23660972e191db32da7210c4a73d9924c3728fd0ada71810e2dc14f7c50df

Download Submit
C:\Users\Admin\AppData\Local\Temp\BgYYUsYo.bat
Filesize
4B

MD5
d7cb4f5bf762a89d655fc5a656880a51

SHA1
3eee299c30faf961efce72ab56af0f98d840adb3

SHA256
72db74157c0e89a83e8e432c47fac470842d55f30385263b114c810bc8235c66

SHA512
4c2e893caab424b32c3c8eed4e60464393557abc756e72cb4430733c40e908c3ca782809465a3db57e613d7f54a7d6ca38156481c5fbf17accb7f01d09c285fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\CEsgoUMg.bat
Filesize
4B

MD5
b32c77099ead3b9e128c02212622d06e

SHA1
104169fea2375b19e462d880549ca6ca1e5f153a

SHA256
afb05091eb70f3bced50354be92210a9dd3b39f7b151c11ed7734c35782e7b9a

SHA512
d5e9446f4384fa07d5009f7a83fdf2a55502376408a0c22895a26a1f4853303a603ee38f498ec76ddf0e22ec30cd85181b3e0ddb43e4e1de8895572f647d9f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CMMm.exe
Filesize
241KB

MD5
b1de4d146065af1ece9737df9651f800

SHA1
fd98114d655ffd0018ade8798dd6888da5de48a9

SHA256
819272157bd03a4e9372b1f1266c9590e6b9f8e8c195260d10cec5ce2233ff8f

SHA512
999bcd50965aaca5097e7592af5af066ad831e9ca4735d97e6d8293621214ea85155ac3247449c3c0bf454880492b0a66132af4e1fc423b6187d77649dbcc726

Download Submit
C:\Users\Admin\AppData\Local\Temp\CQkE.exe
Filesize
198KB

MD5
9f76d82ef7058ab38d4c067d2a48b5e1

SHA1
44422df72e1e0cdf13807ca154d69df859e4f038

SHA256
38749baae256f36ea9960525fc04b345b7d6556a08fd7235fc3a4936510c30c7

SHA512
63d4f66bbfec7a49b1bf987177c4882918afa6af967fc6cf9f8d1268062457f71dc79e34929a2c4bfed7134cfef5b6bfa9e0fef88443bdb5fd9ed26df7cacf18

Download Submit
C:\Users\Admin\AppData\Local\Temp\CQky.exe
Filesize
238KB

MD5
51db86b77258e10a00951302cd81eddc

SHA1
b2f97407d4fa84246b743bc8c567d6f7cd045fe8

SHA256
8c8bfb3bce56bbee815c8da580cdbfdc7b78d7d411b85fca11acc61ca1c13695

SHA512
1b1762cfb99795587e6eb79bce2054d67dc619a419540adac2d35fe4ece0950c26d5b6e6d23151daaf760dba14a0c9c129a2505e8ebbd330bbef6b0b48663efb

Download Submit
C:\Users\Admin\AppData\Local\Temp\CsMG.exe
Filesize
234KB

MD5
9ef65b4dad917ab75b0e662c6cbc85c3

SHA1
311cad91e790cf7af5459034e7701b60a77db6f7

SHA256
522769fab0692cafcdf8d86a6087572a6b0a3bc99d8d030ca100988843e8c576

SHA512
4bbd55b16da755ade24825a92a89e6d0d546cf9cdb32b52828483c71756eb2b2c834715cb3727f1c6dd9aba1933ce116acd250081a095048d6b588916ee64c6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CwcU.exe
Filesize
230KB

MD5
28ec612db2ce1002f9cf0f64f0b9f365

SHA1
47ad1ab86cc5be7939d47c70a8cde6e81f5e2623

SHA256
06d9a3eb762fdb69930a60e05a76fdc7aac3711998552f07f681a114d45e7473

SHA512
1d2011e852685cde1980ad3377f54b924539562b20515c4aba21fdb86fcc411987d103c7c60fbd1dc5e095ee3a9e4b35495e38053fc96e84ca4b7eba4192802d

Download Submit
C:\Users\Admin\AppData\Local\Temp\DGkMkEAU.bat
Filesize
4B

MD5
71de06c82460c1f6112615c96262b433

SHA1
2be903dc8b7fa430bf7b9b7511964930650c81bb

SHA256
d4107c84a45e807a1a99a3f4a43ccadca0625b40d60818f64e301bdc56273f14

SHA512
00aba0339d758fbcb39c23784c112ebce0cc53b089266e0d4d447ec807c8fe933cfb9eafd7f02bf306554d5d4d957202685f9a715e000a928345db979c593161

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAom.exe
Filesize
249KB

MD5
7aa0ed0b95267c1091f2331a23f54755

SHA1
82eb0d29ed0254bc877ca066817fbbcfdbc16412

SHA256
200cc6c07b6d5691b9cf891c2f66201f5003688ecf698a0fcc41777b986243ee

SHA512
486eeae84d11dea621d946d31f84289d6934ad26ab91a5c498c3c66065c29c6952af032c2fc977987cae5b1596b50e3c49f93ccf928c6de1f49d079bf322609c

Download Submit
C:\Users\Admin\AppData\Local\Temp\EMYg.exe
Filesize
241KB

MD5
d94d4203e5ffafadf705318ab9cfbf40

SHA1
22a10b5106f63e775b017f8f17e2b717bda52cf8

SHA256
9b796c38cbd4267fa96fdffb7a2ce046817debb85d362fa0ab876d02190d7b69

SHA512
c4cf6643d168c7fb68f7aafb70db9889ae2f4650338bbe2a752f0eae3bb68265b93d4f2d6f7c0f38e41a52f4dd878461c9c18bda09007cecabdd95ec4075f751

Download Submit
C:\Users\Admin\AppData\Local\Temp\EUAe.exe
Filesize
247KB

MD5
2a73282c6eb1382a17ca02258c92e142

SHA1
70d76b4e8fb508252ae4eefd5ec895da35270d58

SHA256
8fe2427c158fbb50ec48bd9bc681651954c764c985edc329e6a073e3ceb771c2

SHA512
2aeeb20737fcb32517536923c8e41526d62da0e582ba61d3134921c0df67a69dadbd89c43c68ca76a636519dcf61bfe351b0ce9b2791e6ea77ebe835251171c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\EUQo.exe
Filesize
229KB

MD5
2a684306a82e5b5c09afa2ca130dc630

SHA1
1e5c01c0adf09771728b6bd631f5bec0bdd650a7

SHA256
12eb6bcf7a33051a64e93ae3cb25598128b8489a07cb1f224effd793582f4bbd

SHA512
6f154d3554b320f40a4715a8e8284541bfe22c17a707d06f025e6795268a82ad191c0fff6e5a3c595fd25c1ad0f15c3d827da831a123cb493b63a6adac10a58e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ekos.exe
Filesize
249KB

MD5
9117dadd92d263c9320edeb4386fad85

SHA1
1af9895f132cf8a40b339eb699f53c42b1b11d85

SHA256
f863186b47406c73f113e8dc44ed249b6ec4c6a4c7d6e68929ff58afe145f4c6

SHA512
8398ba54c83bb6771ae5a46e8aca481d524b50814f63b8502d7aca085cd11d4c7e3ffe5d23f5f3c632640cfce0f1d61e6c5bfa1a2fd850dd9bbe5aef0bee4da1

Download Submit
C:\Users\Admin\AppData\Local\Temp\GEcI.ico
Filesize
4KB

MD5
47a169535b738bd50344df196735e258

SHA1
23b4c8041b83f0374554191d543fdce6890f4723

SHA256
ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf

SHA512
ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\GEkQ.exe
Filesize
243KB

MD5
27c1d842ab64be958573a49dfb9f1a14

SHA1
9fa10e7b7d205ffe9681630da3fd09c5a127a2f3

SHA256
d11d057116680af6289bd9b901ac0f71f0d1684f83d3124629ce7bfc2314cbd8

SHA512
15945fb0e3b5c49f34cf1e0d759625897cc342ca9487b6510166c43f870cd7c4f44fe9eff557008b42f64d9e890af5092be72fe2c011db82625afc7e8b6a3e34

Download Submit
C:\Users\Admin\AppData\Local\Temp\GYMM.exe
Filesize
8.2MB

MD5
323bb3dbb3dce9f1b51db6eda06e20c2

SHA1
3c666efcc81f143765d703e7be845bbbf25be067

SHA256
366857f445698135cfa491a26d8dc0cb9ff6ee0844510426a4f25341a0480af3

SHA512
847741eb4f6534e9ca9b1dc616bcfc53c1d561c9c3a26f6c7b7ba97f1f07b0349c9d030f77ac441d8ee3aca41dca4c38ec1352d9b0f390cfb5ceceebd7d95ade

Download Submit
C:\Users\Admin\AppData\Local\Temp\GcAY.exe
Filesize
233KB

MD5
779a41879ea491da7bed503791775c15

SHA1
d2d1673dd19296aa945e3104db06cfdc3476ce3d

SHA256
901606cbdf34965d3ceffbbf4fb2b4c30b37a8dcae799db3fd178b55c15b1e2b

SHA512
95ed87d2b7fd5148cd76ebb1075334924fca078a3cd5f12f51c0611db57415d492af79c855c2436e8be7205e12132c545b52b0f2a48dc534e8038de6fb2f733d

Download Submit
C:\Users\Admin\AppData\Local\Temp\GgAE.exe
Filesize
780KB

MD5
51f63b64d1175ecda168e36e435efa28

SHA1
2de107cf875da1fd0d6c9c2b46c189388444a2aa

SHA256
0b7156eb7ac210f55afc5ffc72c0c3bb58016461016d4e33796d659b60443eef

SHA512
5efc9f022f6920743abb001e611273979b71016cc2c1f21e2fa4accb2c2774619314fb73417c59b7ce972c0e0ab4bf21a0121ac4dbb25d3bca310c400147a007

Download Submit
C:\Users\Admin\AppData\Local\Temp\GgIC.exe
Filesize
245KB

MD5
598a0a810bb147695761792efd35a6c0

SHA1
cd94382b3eab0352e5aa1de8060ce74ce175d0cb

SHA256
3063e0a47f5d95f61c5315313ef867bfd68941de40109747e01d8f2d390aa5ec

SHA512
eb01f3e42ae34b8f76d29e7a81dbb706f436c7a1e11d1c353aa2c3fc1a9d8f518951be041b6ddd532f90ec8d61bb55dc0bc1c80507ad63434ab6d02f6129870c

Download Submit
C:\Users\Admin\AppData\Local\Temp\HIIQAkIk.bat
Filesize
4B

MD5
517cb3b68988d149527f852a6a4748d7

SHA1
7b9fbe369fea83999e3e65e69b44fe4051f31c9c

SHA256
c9772a949ab383c93f26e7730246db0ed99113476df2374ae3dd0042a6b434e4

SHA512
262053e8fb8e155e1703dd980f5d06ec1782fc7bcbe961049750c9ad5efb272c60b3599e3c8e4d0b5d50cf3c9432890696bbd42d45cdcd20f32c0acecedce6d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\HIUQoMkE.bat
Filesize
4B

MD5
5a37fd40f4d8eff34036781968e798e1

SHA1
3fa9cbb9f2e717f4f166d3eb6b8905b0994d7f39

SHA256
149673d87b2b550f7a6e268cb5cb649e2774635bba9994d72c8b59de02c41732

SHA512
85c4529f8b3b963cd0cc469c594082e4b6ce5163cfcc8e49d56ee1d0ddfdca852c40b763506867c6b33924f6cc6e17121e9b5b32957e408d00ead0d93ba6200e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IAgQ.exe
Filesize
186KB

MD5
d61189dd312aa490f1f1bef7003034d7

SHA1
a3a5c4255cda3f09da88b4e35b67c7e835258870

SHA256
e4517f027c5886949fdf8380d71cd9281bd194186ceb46d15489f08005e4a761

SHA512
11bcf79e22ac86f612b434fc5e7acd130e98059b2a12b5d48fa45c14d1783c155a7a99ca486e40df8ca0461591bbd89bbeb2f3d6343fccb8468f2bff6b0afcaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\IGwQYcsc.bat
Filesize
4B

MD5
2a49601d0e21ddedbf895c6da6f95445

SHA1
335204873a11538021294c2c61d200bf7a887cfa

SHA256
0d6456d669b344a75fe9d996a33afac3b028b59c1d0b5f1b08ec198243dcf892

SHA512
53e95a322b7e1e489a369d2b1fe915fe4829a714282289669f596ff4883b1cda283fd3bb319f82022bfffd8b0c2216580367f122048c3d6cebf322fae9d4f2ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\IcUk.exe
Filesize
1.0MB

MD5
11bad8b031973dbd6303d18add0c586c

SHA1
fd7bfe34ed4cc94767077f4d784a3fca362f08f7

SHA256
3412c9385ad710de33694a426cb193f5be56e6558597db14ab149b7fd6e9a82f

SHA512
297bd67d1c81be0a3a92ed55477b44485f1f18e0e46273afa9178f0abe7499f7739b6d0ae8930d0f44b4aad3117be891112f15b3e0c814cc4188abb4223c3d62

Download Submit
C:\Users\Admin\AppData\Local\Temp\IiMQgsow.bat
Filesize
4B

MD5
44c54c8418ac8e4b18baba4f984192d9

SHA1
3b6ed56155c1d815df4abc3d625c9fa8e7371e41

SHA256
dce123716042f01ead8b3a3c042f68f8b5be4dff107407b0a50d10bdb843e98e

SHA512
edc45fe38c8b5f5187add0053157e00b6aa1fc597b20975d3f2ca62005ec2bbf2e0d706192ff33a3d97160ee954ad24eec3326e0b781d49d0e83c96f4df3a960

Download Submit
C:\Users\Admin\AppData\Local\Temp\ImwMYYsg.bat
Filesize
4B

MD5
fae1fc939f5d8b40f0be0262c43076d5

SHA1
54f53f7a68a8489f168bc4f1fb95f884c3454afe

SHA256
3671a1738f9b77f76f469ae8f83882f92dd0f161b7ff403130278dfad1ae6615

SHA512
59c562f9351190d606d089840c94969dd88d8845d505737d7f1c3a3c5ffb7e42b75b94cb8d0e4d60e512613002c62b0f82ae2b6cce9399f872fbcd1401ba5957

Download Submit
C:\Users\Admin\AppData\Local\Temp\IoAu.exe
Filesize
208KB

MD5
3aafd72f2336011dae63e64a4c283b71

SHA1
5a6cc26708ba8a15ad6ea19ac6268e1a6b6b9f97

SHA256
76660fb7979e3ea191a4c6397b753f811d92eaf01461ca67d85739337c4e35ce

SHA512
0cac72d039e25d45281d98c13f944b959a83dc1d67cf107ae0d3898680a854d8cf515956b0605fefa49a2e484ea690725bad191aecc90587a79268d9eccc97fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\JSMggYck.bat
Filesize
4B

MD5
044eb1255253001181154dc350f8777f

SHA1
f5f1963d056473ca5de51c5dbd3d3833a89799ea

SHA256
65908ed3f3bd2564f7050568b4f2453e0ffbeab63fa5b022884c68c50a994bce

SHA512
cfefa3f49573b0a13dcfeb132a7831d6e6c865b2963978ed1a7c2be03145f85e580fcb4aec738f1b6217ee4bc58f26216f2bab951387e57f21456ad8b999cb27

Download Submit
C:\Users\Admin\AppData\Local\Temp\JqAwUsgo.bat
Filesize
4B

MD5
aada0d9886256ce031f15bb97273ba5b

SHA1
cc44dc97e1622a47dc5b78151362e8c6723a493a

SHA256
e7e5a1656429fe58eb6f498e389af393d2341a6f6537b666228901fe0f22b269

SHA512
3eaae62b43b2cf799e5267586c13f5055f26ee261179bef8360ae834401929b7b419f61062588a56d4bb1d130b63c5de8b8170fff1a914457c66b5c2b5dda83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\JyYMkAUY.bat
Filesize
4B

MD5
c819d7ba3e892d0d98fbae21f346b4cb

SHA1
04e586e6335635b17b43b9f4c3de4a1e1aee6105

SHA256
f074533f7dcd39593ec8a4b3b2204ac7d25bacf8b1a9cb8bc82537b0bbead53c

SHA512
5ce81bcd94c4ba321b32568c596fc9db212792c88287056e9fe97adec5b46243174ee18edf4f09710f257ba657faed776d6038715d34713ee7b7a02baa1c9ab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\KAwm.exe
Filesize
241KB

MD5
7e90c431731ec50345d493cb167c14cf

SHA1
a5ca1dd495f9a6a3e1b5f3d3072cc12f4d7a9531

SHA256
f1a5a880259d790efb027a3519abbfe3b7a985c801783b14164fb84454cf9652

SHA512
a2390ffce327054a1cebdd059a170b26e1aa339206d13051b8c773139fb6b15b9ea3bd3957069710a1b8ab18217d6989dd87aa7bbbc3ed92ea8d39ad5ee08f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\KIUMMAQU.bat
Filesize
4B

MD5
afd41d76a2aced71b4497e60146f8738

SHA1
2faea84ad1e91e5a3c73d42f19acf5116b928a0a

SHA256
599c2ea643249b132c25fef4e1636c584e275436a3483f72e39a4ecf0e229967

SHA512
d5560efe610f3f59fb9bcdd00ac5372791e03a2f8b42a25c1a85e4849f97d4ba9477c5fa75b1cf7d40ee23e8829d8e572f21df71d5f298beb649d9b8a2c28fe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\KWcsQEoA.bat
Filesize
4B

MD5
6507e0ac1ea30e35f44f7252184b8cdc

SHA1
969eafc014a1be696c459713b921450ad02ec2c5

SHA256
aac201b10f9d9d3ea5887b377bacc106d9b3d299a4c44661c5cd2f39a99b4a2e

SHA512
703ef231e5d5b1870edfecb696a605f63e81a26bd6bb1ee3302906234509719b3b33bd58bf62ca11366e2945b6575ab56c5d7dec0d2d2b0ab7c0a460df8454bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kggq.exe
Filesize
243KB

MD5
c109f4a00a45595e108fc8c4b54b36ec

SHA1
0738f9141ac0c42f868a3a4480c31aac1c42109d

SHA256
00b6791e3a2367e5827271c40a8fc6bbd72e70174fd1b09c11cbdc92bb1566b5

SHA512
08d22ea1a987694616e9d65e86698b0e9e0a740d6a40b6fb8317efa5dba384f31a783dc9f75b731e06184bc616b6b95c7374c9a731c03c65fecbdf427bae6305

Download Submit
C:\Users\Admin\AppData\Local\Temp\KssS.exe
Filesize
198KB

MD5
57a1eb784d258a81e9673290c5d2a438

SHA1
933ed4b7466ff8aaa3ffe61f9707c67f7f56b46d

SHA256
daa3de8384d9348b904992e71b1e6518437313c2440cf3e0ab3f00ac182c4300

SHA512
1908704d333b54c2cd5d77683225031ea0d567e6dde8e973eccb0cb16099838f09765b66d75931510b738fdfeeee73587532774585cc3eba311f2f2b7b0b84e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\KwQa.exe
Filesize
197KB

MD5
34c6e9d98e0a08685bb6b96dbfa9eb02

SHA1
74ce80eb3bc907169ef4a3da7950193405dc1f9f

SHA256
f7fa475a96e85732af67f21e5da05449e482ee96e76711ebd372cee2ebba70d5

SHA512
e3d0b60b9b0827e418676e0cc71939489a82bb80fbd50d589e2b496a70cda5daa57d1d84672213b05fe845f19d6ddb10f3aa532a3f5fe0aa35acb0572992b67a

Download Submit
C:\Users\Admin\AppData\Local\Temp\KwgYYAoA.bat
Filesize
4B

MD5
42ec023971ea5b33330de36feee2fc58

SHA1
e1615e85d2e987896b2fa1dbfa74ef70a32634bf

SHA256
cf56e5f853a422651d498585efd26ab3a8cc0e9e3d312ef45cd20fdded7afb55

SHA512
f67f77190d8e65b06f119ef0adc602e836d423e31163a05707597490d5c20b6016ad070fdef36397d3c5dd3ff62f05b9f0d938b13111a7b3798c42a6d2c8a6e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kwkm.exe
Filesize
232KB

MD5
f14d0c30dd83d8dbb2c16037d895f98a

SHA1
7de35b113070bdc7d6b20012c491682868e69560

SHA256
0b4be3a5564e46d3ecdc6acf9440b171b73bde3878de58a7d85623b2f6a8de8a

SHA512
5118324b59689d1c7dc0899c765e54ba456c729c640fa3ba916f30274e62430efa40e06defe23782a18f70347cc50aaeeefe51b329f3447b88c81ca69b50d4b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\LgYQUkkk.bat
Filesize
4B

MD5
488d5409e965fa273e622aaf80f36bbc

SHA1
5607bed573c76e9cfe828b3d02a38de8f73c8601

SHA256
594c090e52d33f0247ee30c3d83d09812fd6ff80a4e46cc0add5c40d686efcf9

SHA512
79d58c949c7a216a3d055e79fe96e39d798cb64ee956a474623453786a6549813e592f0156d874d908ccabf67ce57183fc94ceed1f56ba0e6763e8c6d838ce02

Download Submit
C:\Users\Admin\AppData\Local\Temp\LoMkMYwk.bat
Filesize
4B

MD5
86fa46f555ec20bd6bb017091a203c99

SHA1
5a1c424c006fa8f9c3e4210d022158d372f93b35

SHA256
d72c4c228fa5388707b3f3472f47ca9093e62c43437a90e2872427aba52d73ed

SHA512
d4958c06d102e9f47f2d87a5a505fe14e2ed5bf9c2c135cf195bf76ca50e54b82bb675e863e91f440997abe53b9c4eccea175d5d2c0f16ecbce94b5c7dbce78b

Download Submit
C:\Users\Admin\AppData\Local\Temp\LwskoQAo.bat
Filesize
4B

MD5
9ac5a038a55b6f496d7aab7d2ad25574

SHA1
c65d29b21d36c9b2498ee8c31ec48db0bf6ce0fd

SHA256
0800f5738eaeba8ef3f7d38a5ce28e99a8ee5cbb4fc96109ab0cc36f38cbbe09

SHA512
6b061dcbb6f83050cdd4f4ec18458366bf6ceaf49880efbb6a802b274dac6fffd5a6545c0e1f95a969904d733226e0595898cde80c3681b6166b7c16684612dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\LyUkgwIM.bat
Filesize
4B

MD5
12243e022975a64517a66f8fb0d028fc

SHA1
87c291f50b01da35782036a4dae206df0ed7fc01

SHA256
a671e4e767fc256fb79583ab5796387fc20035b851816f0670f2b2fd74153575

SHA512
203faa7f9c2092ea44a021936f65f7900b4d84ac2d7b907702d2aa4af6751a035b6b3047fba4febc04da517e410a2917b96dd6e94b508d0ca3fe72c1f888dce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\LykUQEks.bat
Filesize
4B

MD5
149f309d1d5c1ce03a21c03a5a70dfd5

SHA1
6731a99277c2d5d88b07fe3bbddd82e56534b27e

SHA256
04e723c52787186aec1ace2ccecd3a64b3d6c5c43d8527b2f40893ac9c4a4b9a

SHA512
19106559ff8a4924915cd5b4846da2925db9598c7ba69cd1a22a5de02ddbf3dbd8fd8d969e90707b8583a862f57c8d5a30d3adb8dcc06cc9e3afc495a1a63d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\MIsMgUMA.bat
Filesize
4B

MD5
11f3d65b69a0f3bffa406cd94484c8d4

SHA1
9d5d97d5bc862955abd1c03615eb0221cc3e6888

SHA256
d25bb33ed43f24d0c9e6c324f9874699076c3856d6d8f65b7d3020698c13c2a5

SHA512
1559a721a3601c2d916711082015a1b46d58f1ea709e2a368580bb3604a72eef92553eb6f7c75610221d74d9627a34b80b9ff9efbd70448d52a8524307375e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MMQO.exe
Filesize
228KB

MD5
bf039d8e03cc7f6798bc47a30cee7ddf

SHA1
adbde81fbb24ace55f61d1a140c9bdf65fb4dcff

SHA256
2176a26b4d1abb216681fee5b404dd644a46fdc91cee066334afc75b3d7407f1

SHA512
d449ad203f10206c3a1bcffc4240c16d3710df8d2a9eb9f36a794b1d928b4cdb8c945862e7adf9efad9da30c712195d0a7e8caa8179a68ebe9c318f98e0686e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\MYQI.exe
Filesize
744KB

MD5
164a68b8bee12759d80bdaa64fcd4b67

SHA1
1187ddf0f125128b3130baaa2552ed5db178c74d

SHA256
995781147d2e99aa98a2564cf46e1f244994975a5d1ab865505f175ffdc33243

SHA512
fc68814b4a6adc78d0f00c0883d2bad85031ac9023a64054147f66a79dd999715acca95e290754ee3bb35971234f84f4f038199aefca01b594ab78fac66ec65c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MYQQ.exe
Filesize
244KB

MD5
6ce13ea4c4b908cb48daef4bdebc0c52

SHA1
e03f7e37facf4bca0a6236cea4b377ca84b5f7d4

SHA256
649dadb9feff4e2b9046f7dafaf79ae1e4973e9c3872dfbc94cd8e1936e2886d

SHA512
61c9b3c7caccec94f3855140b094b10d2250dc68e6dbc84851a2b276eed80ea8545d34be8499497778bcb1e05340e76ced57e9fd76fceae81300486412a32fe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MgIw.exe
Filesize
245KB

MD5
e73fe5f14601031e678c3e948d299c1f

SHA1
c03c68c140f6b7f87294ae52219aedaddd0dbc71

SHA256
c167179aa540de549b95ba92fb0dacaa2844106e0c6476e60c4aeda27ab8c4e8

SHA512
bd8b9726f5887d0bfb0adb5c4c98f0db03ce0221a71d311f7a3280d1d5c3bbe92bd80137ad245198d58826a4a26163a92c500aad27ae3c75cb214368c4b9b17c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MgQI.exe
Filesize
233KB

MD5
bc340fc8d27df19fcfaa97eb38a6f74d

SHA1
33cb18d9617118ff399bc6d3bc71af1f5fdb3fd2

SHA256
ddd0f3c9e74ad4ebbb63c947ccaa7cb666d060bedb72c22ec936d772b10275d4

SHA512
372d05c1c267dfcd62059caaed98a29be5a1cc7600ce145174fa4425be7a1a5d5c18300bc6144dec2dffb6e5645d41df72c57a7b492b024dd27a82beaca2fd81

Download Submit
C:\Users\Admin\AppData\Local\Temp\MmgUwIco.bat
Filesize
4B

MD5
e0975aa7959f6800775b95cf7b65afee

SHA1
5cfdc67a10a08fa7490dca7c6e94a943d7e65def

SHA256
05498c4aec1700a34a080367df7219264567fea13adefaa048352319902bfb1b

SHA512
7135c035b472c1cbcd06216123edcbdefcd7e045985f576e9b29f3b85f85aa29a587a05b67290e4675d6f22b59874bacdd31e6acd440f1a785ec5ec2b7af7cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\MsQG.exe
Filesize
247KB

MD5
e3f776f312272fa2931599b6e3c2e273

SHA1
35af12987e61471120e4d10e668b88d3a0ef42be

SHA256
ffa17f554df2a1acfd0e6391336fef4c841335509ca3b7ea000259cc4c269724

SHA512
4249c5756a614dd62829acba67b0f3144967ba9f5ed11dad519529a3897716ec69511f13eca4496e307dfdac74563aa253d64b1dd206268e1bcbb35c039f6205

Download Submit
C:\Users\Admin\AppData\Local\Temp\NSkMgEIw.bat
Filesize
4B

MD5
2abfbb47e89b6777176f6b0a48726119

SHA1
dacd11520436421345c4db830304ecd4d3b93486

SHA256
0e73a6b32325959d5f0e41e43daf6929ffa27bc4010fe0a3e8d6ed5171e9fec7

SHA512
49b6195b3609bb279d355f2f945134d0ef9c6adba3bf3229470bd7ba2a78e5525c4063ab72078cc92c6875985d03daa47c2b0a43b73d7981a570f531860cbb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\NcowcUks.bat
Filesize
4B

MD5
1abdb1e1af212bf0793a49c7d9138853

SHA1
66f019a430fe9fcecd4f4e47f785b65be6b90c1e

SHA256
a68c468e9788b29f6ad130fbc2c33484a74a550eaccd0acdb8076ba5aa837909

SHA512
d7837afcd4e1dbf53950ea8830aeb4d86b1421a1b3896dc2389ab82e4f8e86e3137144940d9d28f8286cc030f109ef940ae1d98a05f1d6cd55e4ae8eeaf76fa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\NuksMMIc.bat
Filesize
4B

MD5
ea12d8057b78caab23763fe440dbb61f

SHA1
faf4d64f71c52e6dac86187710d9943ca4924e65

SHA256
35fab67c61cdff703b89e57cc273ff8e4caaf9b76882d0cbb1d2173212bdfcc6

SHA512
e29cd68f9410f42202666836b87cc284398a8ef3092958f2c554a280d4b0365db3a3e04002ccf12114d35e7c42aeeb2cfa52997ffa7d41e5c5bb76d520cba157

Download Submit
C:\Users\Admin\AppData\Local\Temp\OIIe.exe
Filesize
1.0MB

MD5
432d136b19f1f1f4c76df2286b96e596

SHA1
afb9b1e236a774b8868b5007cd9f78e99b15ec62

SHA256
b5cf9bff69798fb3bd1f65c537d87dcead48aa6095f131830f301a1ae030bb45

SHA512
3b4018cc756e1fef3ab8fb902a5daa255c1cfdae8bebc9b5479c8951a73659bf991ba2b1f76a5e6fa2239a9510e83bcfd4f96c2d2948ae5c18f7ab5d7b2a42b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\OKUIMMYo.bat
Filesize
4B

MD5
50832a3b42efb0cb7b8c481d19bef651

SHA1
578451c60799688e10496e21a8be87140ed0acef

SHA256
c00411c443a5d5d6c7628d091056eb62ac6e572b88979eaba0c68f56d2bbd936

SHA512
d38a57d4c84f2182be3e5d0be7b381f9e50d6d7afc2774ea5d5f386f91e48209bfb5e48c44a7a5e06c69718b779b2389838511eb6ae62640c0595070c0462b41

Download Submit
C:\Users\Admin\AppData\Local\Temp\OggM.exe
Filesize
230KB

MD5
969fcbb528b98d5db3f05f67843e627d

SHA1
d2b26143a8f3af9a6191219f5741a69af6947568

SHA256
06b572d45fffca9ed72a225665f4bdfe515d09f984e5cebfca12838c099c9a49

SHA512
ebed6dd25ccb306f914e425b7bf85947c75c868b7dda31148663ea24446b51de978489b8b513a146a6f3ac739ef30330b6c38153baae53e570c4d7d3aa084679

Download Submit
C:\Users\Admin\AppData\Local\Temp\OwMW.exe
Filesize
761KB

MD5
823e90df4af0023ebbe1a295112fbcf6

SHA1
8848419fc2a51deae99f5e890061d7be8ff90fe2

SHA256
1f2c32b5c419bd5976cbd15f40b4b1f7025a4d13af7cbb90b0f54b7171846d00

SHA512
310726c0e362bd5b9907a5cb33a42ee2fe73717cd1f0ff195cdef05f1f52bddaf36473c0b3fbcf72a3e94532212a144475409b4f3af556b3677df41c08d34cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\PWkcAgQU.bat
Filesize
4B

MD5
a0ec4b6bfdc3ea482f2f830afeab18b1

SHA1
066d3ab5c4d75e817ef7be8cd470898e6cda617d

SHA256
87fd032b9f6f6650a50b66e463824c8c531eff19b6da6c51bcb5c098bc59067a

SHA512
21ab92762e1424a3fada6f21147337bf0dea3331feec05950d2a9d195bf1b81128fc8877cbeff5b5e14d7011a37b3b5b12ba8927ae902c8c4639375aa6f4290d

Download Submit
C:\Users\Admin\AppData\Local\Temp\QAUq.exe
Filesize
196KB

MD5
c5f68eb4f7a38d1d5cb3d82bc2a94851

SHA1
30a73d546352907cda998c18a9f9a9a06f254e7f

SHA256
83cd2435b17fcbfc8329a5ac9926c3c5ac711b251421e21698009c1f2f3ead9e

SHA512
b34a4c18481e7b5efc8662d4c0595c79238aa1f7493bcaa4b893f598fb39f92626a2f3c800ccce6f01d6d483a23df28f0b0049147442318068d0bd54863608b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\QIke.exe
Filesize
251KB

MD5
95d46528bf232218be0d645d00c240a9

SHA1
a29760c55c01f225f6d4b7a50a2d80fc972c5490

SHA256
5480c32a839ae281d99183a25ca743a2284e78cd7bc071cbf1b43614f0154bf5

SHA512
b01a4e406ca85aeeff8b2a66558950cf23e4d2a20374779df2f48d57f3aac92062c9cc5655bb1c185210dcf856a89d57b48a96d1944b5c00f7a1da0656c18ad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\QIoYMkII.bat
Filesize
4B

MD5
cea19081dd693847daad3f67155cea58

SHA1
4d7755c89629ccd11b3884cb2384bb874c50e86e

SHA256
855d5b6e07e1f4d620af1b6bc7e31d59ccd96aadb252b27f09380a2c65eb7b99

SHA512
b192c4535492b863e10c40fb11d416238c84df1720079984aa905df6daabc02b4a00daff9ce60a516848e74ae7db62d91f9f8966db80d63836c1eeb562db2d2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\QMkQ.exe
Filesize
798KB

MD5
3483b767621a8eb895f3cd955628ecee

SHA1
14b5f98ad5bb63d2c07210ac31d8c0572d297baf

SHA256
a5e2bcd5146eac2c2d694782b3280e05e714d5ddcc79cb5d9b9a9f2bd4df6bff

SHA512
8c5669d47230df4ba521f0c7b7f79c102a0cebcad8c332ba79b1359044f95c4bde145f947853d31fd615cf0becf643436fa913e4bb7b3e3b1f535f325d88701a

Download Submit
C:\Users\Admin\AppData\Local\Temp\QWAUcUws.bat
Filesize
4B

MD5
faae9cba81a2883f64cbb2c6ac99c71b

SHA1
78cd54c07afcd99c152431cf7def850c5ede0eea

SHA256
7f02704f160b65dd46b3e2c7588e839d69f9fd77e1b51c3fb1fae1cb70e4fdec

SHA512
0330d11ca2f0e7589000fedd4a837fb2a0b71dbed647a5f9c5e9ac1155da820d3c5960161757bc27dae9d96ef53624bd3ee3f6a931ad73834ebf483d21b00b87

Download Submit
C:\Users\Admin\AppData\Local\Temp\QaIQAAwU.bat
Filesize
4B

MD5
bbcd2d0dc5c08f0ed34d56a145da4af4

SHA1
ec4fd3ac3fcaf63c6cb64aa156e84d37f25a1f83

SHA256
fd365434e0e56ec322932e5b57c377f73eff4ce51dadaa1eaa5cfcbc4a52e51a

SHA512
2bc040614596b3fcfc80be3f896f17e9b5952d28347570f721c28f2155dbc65be5f66b9713291ce01b9d665b04ac25b2b09576b010de3a8fa69a05e64176465b

Download Submit
C:\Users\Admin\AppData\Local\Temp\QcMC.exe
Filesize
224KB

MD5
83388ef201299675a3e8a85951bc0628

SHA1
8eef83a70d186741d885e43e51e43cea8733a0ce

SHA256
da3552e447aec9e1d8a0b99f9fbcf8388d003ddc386ab7fe69e59cbc60dff771

SHA512
0a608e668b55131c061d21078a020cd5199899017e2a3179e885cead4aa7ca234711457043b3e89464260084195c12288c38461408ab6f289a7334f873d4b5a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Qkog.exe
Filesize
955KB

MD5
f70b55c4c34dbe50e0f52e658cf196a7

SHA1
1879599d368ecd375c25fb623768bbd587550f8c

SHA256
675c197dcc38474f20642a470b727b82bfd9642c224128d88ffba7af7282ffbf

SHA512
027dd9b2921d178046fb733730a275d9f75fe05be0bbcaacb8e02c1c2f828366305ce6d03f20d93fe0aaecb187c60782304d385a5fff86ea13d47bd8a005dd90

Download Submit
C:\Users\Admin\AppData\Local\Temp\QwgW.exe
Filesize
240KB

MD5
7f8084a2cde222811ae186cb4d020e66

SHA1
91200a98ed18ddd8b284d9bb22702ca0d66d91f9

SHA256
05d6938da1b15d0fb069bdf8f388d75e022aab59b1c1b34a21edd5ce955d3056

SHA512
2f678dadb5d1939e6a8a9298769a8c5620fa6ea3b4932c534b66b0990ecb81c9402c22e13d19eb58ed8a0a0a401147d40cdfc3df381600ef6fa6645898b8d6bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\REskYcIA.bat
Filesize
4B

MD5
d3986b0a6c667e778281f9c13a948c60

SHA1
85944aeae224e13b49f062e88eef93cba7c4cef1

SHA256
3e2f80485f3f2ebcc268aa72176344bfcf283676118ac6f417684dafccd81766

SHA512
a15ed92062207578052a08f6eba5c866ea808ae0575488449915bfe57597e57da65251b93646b29aeb265f3ba4a533b5a36348472725df991df4aad101e69646

Download Submit
C:\Users\Admin\AppData\Local\Temp\RiMAAYkM.bat
Filesize
4B

MD5
0f4f65476961fedda7279d6794de1be1

SHA1
a951b2f1089a4ec14b182578080b4844e97f5275

SHA256
7c4a5ff8a622982313fdd02cc92b69e1c3d35c67d167f461151599c4b14184b4

SHA512
f3a38695450ad81d23c4a485b313629cc5d52843dc9aa0975f700933924684df194af3d28b56a68b3c70d1ea8e796805b214a0573af0e07253675e7959ce30d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\SEAkoIko.bat
Filesize
4B

MD5
102f4d348787915456a2670d626c9c97

SHA1
b7d51fd4eec4d66478a8ed0019bef853e146ff34

SHA256
5d3df7494cf9811d487aca1dac3cec5ea9ca4c7a4893d50d3bb9aae7be9260f4

SHA512
84eb88d8fa9801ecff3a16d21ebacb34fb38ecee811bba7194045ff56f9372477df922fbb01ec8600914d25022a24fc06b01a2c49e550527e8d7b5dcd73493ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\SEYs.exe
Filesize
200KB

MD5
fe76b9c7dfc0c44c3150f37528f07b55

SHA1
6328951ee0fc9724dcc1ad3a303dcc8f0dd03752

SHA256
0e8397d89212f933970605b374cc4efa7e2783d0dbb0bcb0deb3f2bdc179554b

SHA512
76baa2dfafc9bf1d862f06f310cb504f88068aca3b1d394056eb2711c1bd26f697a9e3324dde1a49666f6489cd0487d1698ef45bd5f0cc596e4e4afc5dc593f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\SEoYwIMw.bat
Filesize
4B

MD5
2aca90b9c69bbb20cb7f8efb3afb6de5

SHA1
ce5e683ae04596d7254455f7abbd21f83b8e3c02

SHA256
e07cf9018049ee393bfd70e05669d5405739624ffed5bc8242c51a2708ebb057

SHA512
d99d7659bbdc7f0dd3ae7eea65353baaee7e5e5c28293cddc4589a9cac35c50320a122e04bba761c820315c3152e5312de32d8eca2aaff2e30d910d7cec870ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\SUwe.exe
Filesize
185KB

MD5
bcd300030647573bfd5d9bb7209b17c4

SHA1
56807a76ab12cf189fff3f5513eec97688104a86

SHA256
30b61ebcd31269eb8fc2f0ab6e7849724c2ed44c6004a1c4e89d273a92798530

SHA512
3b5fee71aaf664f8a05fbed92e2eb020d8005c1a02838033b976e65380e243d6f9deb8fa7c4c8d5419bf6cd1977db5525ccc69c9da2b82c3b95af7722639966f

Download Submit
C:\Users\Admin\AppData\Local\Temp\SoUu.exe
Filesize
1.1MB

MD5
2e5d340622876e1f9d6d5e9913d592e7

SHA1
ec0cba7cc79864f0778d8c6d035502fc4553baec

SHA256
4e3c1c830a7335964c4ac6ac272c48bc87195f60fdabed289a19c7aa55efed82

SHA512
076f37df2e740ac1e53ef709f1d7c857ea29401a5f86c9e01b2ec00310f87b35372f3f520713d5e3bd6f4e5b514275250b0b3600e0e09117bd70c01ee6c5394b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SoYs.exe
Filesize
236KB

MD5
843a307c98fd64157322c923d9b19a72

SHA1
bf6283cea98984591e242551d4d97975b94c6758

SHA256
ac24d90ed22bebc1dd9b4f93c72507d0704b2117e261ec1a2547878c70b69804

SHA512
ff0e76786992192d9a64d7ed5c5ec6d04f1ae65b749b49e02dc7e6db496160e1fcc9a34e93dd71df6884040642051df5e74a3f9e7ed1ed74d96c5b448f241dd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SqQgQgkw.bat
Filesize
4B

MD5
ace5860374dea48cf4dbd882f9176244

SHA1
22e87dbf829dd3335d1e148ff0d6bb66441837c6

SHA256
8cb82d9a3e6940d7551ca315f0f1d75a251d6fa1d7fe2b8f9c562c03a3c9723d

SHA512
fc9a9ce5c844b2ef5b3473bf069214bb2a6a05d5e1512aed9d5e6fdd62b52869ece07f4fcfa40698ea1a37077263704f3dd96726b7cde51add2cb0b6af586bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\SuIEgIEY.bat
Filesize
4B

MD5
2c3dba16446b7e8cb35aa5cc59e03fc5

SHA1
de8148186359cbbd15f701fc9fc535d1e6ae799f

SHA256
95232b82d6c5a5fce1c49677cafe8bbf7d4c0b42981f3bba4a382d46c1ec57e7

SHA512
a9e0380e15dc1e47d45e7261be596da9c96780dede1cb8f27913c3b4678cf6365cbccf4885b4dea8c624b3a49cc0691c2bdeade1917916b9a0d55dd8607aaaf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\SwMU.exe
Filesize
249KB

MD5
33b584e0693cc3bd977f1836c2a4d0f9

SHA1
2d1a0f639983ffe20788fe70e2b902c4eadd1eb1

SHA256
ca6d303f09ee51abd81874ef9c313b8548184fb854c7aca3b0defdecb37ee1e4

SHA512
e6832bf776efa704b9c3663b7c97c0f8f3b6e5e7ec98e5283e0e3a26084f7bff82d30beae6994140924e40753dc12ed1c64deb6a79046abfa0dfdb07d990b7a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\TOIcQsgo.bat
Filesize
4B

MD5
82237d25ced18bd295e9931a46015952

SHA1
10c4d89da19f0b91791b4460f731d2eeb0e4163d

SHA256
5cdfa243a3334428d2bb2f1cbc8174352b939beb8abccc9f3d2b7fc9ef0efc03

SHA512
3c23764540b1673c7a0b2f135f7aa2a5ea40f6c44312cec64ad678d27715255a93ce6d0fe5bbd9024686896825a6c5709ba3c447cb2db91f8b78879a9c605530

Download Submit
C:\Users\Admin\AppData\Local\Temp\TUUMIAoA.bat
Filesize
4B

MD5
1006156726b8eff47cf75db0daa566c3

SHA1
809ed18dbed603108604bfb79f39c26a2bf02bba

SHA256
647e8c79f4c4d4f14572446ac17e2cb022727924587704737849c1308abd8b80

SHA512
e338f5176c3b94664cb12766f99a106cd6f885c4a36990e8d4532d7ccf1c2f5838c9f256fef3d8404b17581d2c178ea0d3292cd1766a9bcfffaf5e161ca98f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\TWwUggcU.bat
Filesize
4B

MD5
c8449e7ceba0c7f00c8e3310698db12a

SHA1
a15899c630852e958d2c708f5c768aaec18e8fbd

SHA256
665ff2e49f4a0991a224046bf3e09fb90bab51df7b63616ac45b0da4183334af

SHA512
fc0210c825ecedda044b59798df9d81de0f597c39e41978285eb3a1030d4116e10ebbefe6f8b5df9a32c305392451d378eaae85a86b019abf4c54eac060ba9f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\UAMYsUow.bat
Filesize
4B

MD5
f55fb956c11a848dbc338a653660bb08

SHA1
085d1461a211f40b8c29886d0d917aec77d4f6c4

SHA256
f1aeed2c243050e90293a5fe38710aa7b6b58866d412bf99dc93816dfaca0688

SHA512
7bce2bd480181b1b3fa7256b4e18774c8c1fd28980c585425e6fcdadff9ab30102e0b0e59f19c4b8457de9b4f89f9295dc2b506cde644fa7941ad07d8a13aa35

Download Submit
C:\Users\Admin\AppData\Local\Temp\UIsi.exe
Filesize
228KB

MD5
5d29143ca5c005dd7c03d5e68d298f2c

SHA1
8eea0eebb8b626dd6b2d182ecaa85d48a98e2063

SHA256
0bab6fef46150294ce29e03d54fe6f76f31a26167d0d5d8504ca61a3ce75d0fb

SHA512
4b09e40794f4614e6c90d7cb3f15b5209174963fe9e10f0bc308c3ebbc8926930be7c51df822f527be2ef7f304c22823ff7d58f229379a793b504c424c2c5e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\USoAsssY.bat
Filesize
4B

MD5
c6f216ea106935eb5bc2cda0e9fe44e8

SHA1
db2f4c005eb16a747efc31d7879530b505e161e2

SHA256
33236e13565b1f4de33c4b06b08e944521effc7ebb34889ab7f90848f2a18028

SHA512
e4b63f74f81a278a457590718915fae519a3a36458795e08d119c9f3b5139e99dc3368cad5b8051fe6bd6cfff88f539ece715846b2207d8c6545c642d13f665e

Download Submit
C:\Users\Admin\AppData\Local\Temp\UcsUkMQc.bat
Filesize
4B

MD5
98134dca731e127df8fa26a02e96ce99

SHA1
b0f6c90668a2a4d29628f8704d6ee7e5df0de12f

SHA256
9f627bba666ab6e8ad6a43b330e8f876240b69db7378686f0b34399100dd1cde

SHA512
e3e70b57e7799ee9a4789dd9e99586636c66f4e9a5e75b49669fdfbaef45fb5155a4e85c49cb939aac845d91c7e18188c905f6523d228cfafe312a758dd35b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\UcsYIIgw.bat
Filesize
4B

MD5
d6c4ca0eae74a6fb4fd1c28fef8fd57c

SHA1
21d86ecf865e725f857778623dd9d4f00901734c

SHA256
925008cdd9e353fd9be266e33c06b55171906216c5b1b116666c52d1168fc8b7

SHA512
5d522a3cd75d9961c18552e2db5013ca8bfbb8e9ccd525cdd33f6cd294b24c210907e295a08753198a4a8f2cf12a576a164a553ffd04b62df65ba7754d3ccb51

Download Submit
C:\Users\Admin\AppData\Local\Temp\UgEG.exe
Filesize
233KB

MD5
799b5ee6a5b56d4aece46d9d60fba420

SHA1
5d24d68098284f75c7d72203715bf3e7b92f2611

SHA256
35ef4fe8e79d0d48f94343cac5efa8382b77cac40eab93fc888be47759edb072

SHA512
99b10054228561afd15185c4d06b0d1d95e42aaae741231130fec6c3d9ef4ea25eaac019b6d27eeba0e0938ff69bed60d90a243af0d0923a202d477ebf63a9dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\UgUW.exe
Filesize
956KB

MD5
1553990d00979577feda12e9a6515fff

SHA1
64d9e83764be225a71294c1b78096fd45ed1198d

SHA256
17c550b48d53b520bb6627f9d71e92ec78fcb032f0b03c77e57fbc84897a18e9

SHA512
b4acb1df778137fd9413f1e2940cd28070fba5e2806c121c92209673f534e839666b3a8383ba5abfd279d7eee8c6247ceea8f1155e60b3128146e104e5905bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\UgsO.exe
Filesize
241KB

MD5
12741fc3b630aa21400258f9bf278dc0

SHA1
6c534539b9a998a866068faa2d966f102952d6da

SHA256
288469275291ef50ac72be482f93eb1f7dcb50cdadac3704d8ec0cd950ac91a9

SHA512
affdcf55d05f75914838c7b3adeda5c5f163d349f98651ec3e50e9284ee1d5900ded6ed248db8802a386c1aa621188510c59e5b7394b13e9b4afb97a668cf044

Download Submit
C:\Users\Admin\AppData\Local\Temp\Uswk.exe
Filesize
835KB

MD5
2d21450ab03b86eacbf46ac473c41da1

SHA1
cb3a6129ca5ccae643b9b113a7ee52912f763763

SHA256
6ab166ee52505b8bb28fc9824e49ea83e68745eed5c64643e21c47e3c0e371dc

SHA512
f4155bc84e1b8725ec9fffcd44f87c599a9f5a383bd07eee99329608c68cf41fc4014d99e0dfebe4076d04591adb1860bd3429cbc0751bf568cce51a4180039c

Download Submit
C:\Users\Admin\AppData\Local\Temp\VggcogME.bat
Filesize
4B

MD5
31bf3d1f66f09beb44132e3234ae838a

SHA1
36e17186668a81bf157b5159a2c967f85e0ce8c1

SHA256
9e81987f4fd282be0d382985b7a5c7d56e91490729f6f7469ff378e17578cdf9

SHA512
3622f6c9d342985dd4619899b6d650b39e03562d6aa5660ee9d6da1d75fe26dabd7f6cde0af7331a9f852ea66f057c7d0a3511965ebe0b4ddedb6db46e4c719b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WAQUgkEM.bat
Filesize
4B

MD5
84a2efb706d87f73ed9afb0302de5ac0

SHA1
7a133140cc11c029a0586cb9b45e8c307a402f3b

SHA256
ae8588a53a3bb8dce00147029df7bdb9d6f7b89da0cda3ce7a894c264b7c46e8

SHA512
00c62f3513d1a696b9c9a971babbbec2ed209d2bb87debc918945f681ea1ab982cddc3f3f764c995db75e3fab95b578e53a639093c58653e247728dfe2092171

Download Submit
C:\Users\Admin\AppData\Local\Temp\WUgcUgoo.bat
Filesize
4B

MD5
c9f7a1576399abb88bd5faf2635bc0a7

SHA1
b5e65059c9999a9f2af82449643ed992be443308

SHA256
52ce2ca0d00b4fc5deb5762f393aa690561d78b74695983de0c7816268c53310

SHA512
a182b4962c2fe003454d5f7d09fdd20fff2feb8df66235c7df1141ecbd7a3232fbb798eebedce46d3c0c891fc5deccd8fc6edb069f1e972f7f825f4844697cc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\WYYk.exe
Filesize
229KB

MD5
308e49f23b4c92ab81f6252e7d49bdc0

SHA1
ca6d333c680ef5f70d05df87262e51ca6f370234

SHA256
5ec27052d5b28f999d9ae2d3f5dcf135b747742be7d2c5d1393ec69162a6a2b8

SHA512
ee0995800e7b31a7d3f27e573a5d83bf236bb5e836c82ee2a56d42fffbe950b2d19eef5e1efef1068b7f63cc8faf20f24ec0ab03388749e1c61eff9f2b28a578

Download Submit
C:\Users\Admin\AppData\Local\Temp\WgMo.exe
Filesize
761KB

MD5
cf006283746ee53352957ad7591e5574

SHA1
df6728ba61e4ed006ab3695fdb489fb40f96f3e6

SHA256
b3ea733f1b8150d9af43550a0bc960c736b46a9c1ae3bee36439d514a9df6d46

SHA512
c307f3c3f59c3f55d30b493e2d2b3f6d5b5c0a3bb925b169a2e7ce238bb6d1076f8d57f808150b705d4314b47ee6cf0a37192362ec75c4cd4c4b6653c950557c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WgsS.exe
Filesize
194KB

MD5
2a3fa4dfbe46831680e2dcf64c4dba8d

SHA1
3ed3d73cf0deb1a234e9ebaa4306bba69bfd322a

SHA256
b2a208d791528a03ce15ed8c578fb42e2deb5e8a88eda4398a0db787e362876b

SHA512
0abc07142a2f39fbe1f9fd08876c2fefb992341994ebffef8443d66bfc3cba08a1983801be9f11c744a7d4d6a64c51e7a25a7fbc6adf99413315840b7e32d773

Download Submit
C:\Users\Admin\AppData\Local\Temp\WkIm.exe
Filesize
246KB

MD5
b769e2ee01c475b0329fd277b0f97f64

SHA1
f46410e721eb5eeabb8d7c725f07d01a35fab8fd

SHA256
bd423516386a64ca2df0202b0092d7edf6cfeac5d25a59935e79bc7d99cdf9fb

SHA512
a4e26791480a127d75f9f4f9cdf20f5c542d3fed751455b07551b65d1f61c2fbfa28bf9c0d675e3886f7d042ffbbc6e6c443e5eca18541da7402c6fdf198e47b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WkgO.exe
Filesize
243KB

MD5
0f60a2339a465f1cce5856491611a834

SHA1
24a5d5466df1825b0e1b28e48cb0cc54929fea9a

SHA256
f69f56f4d3153e3dc3e1c810ec4bd08daefb8a3da1035f69010f0d1053952558

SHA512
f2d8c064ae1fe39c13d6d0ab10aa3969bfa7bdc1c91f8e3debc8b8e8868d8ef3079da06dc5f2e3c3712fcf1fefd77ab6447c1586e71c6aa1d58c219cce7efab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\WoQs.exe
Filesize
641KB

MD5
e9b5b44bc76f00fc036dfebcca7a8e09

SHA1
46e371b11702cf48600b3ad4329ead8763ae5727

SHA256
8644523ba0c28277fd82bee746d46c1d8703dfc8dccaf562c028b93afe779019

SHA512
d8edc0a9d77263400bf48dd6ea2d311bf9ec78d9d154eec24a913ca78e2cfc77d72044826ae9aeee0d9e2348241a9670e68fa51b46fd16d38d9ed149f6499203

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWIgcMwA.bat
Filesize
4B

MD5
e7199754b6968c5a23e30428f03649ee

SHA1
a3d18ebf2d83f46085c951fe2c688e5320c439ae

SHA256
3a27fa695f917e399a4ce0547c73f9d6bbf49fe72818c6dff334442fae3d1c14

SHA512
db6d0f2ed133ef2db53442f11f10d31e21b709c21c3f8ce552647faaf31fdc8c41faac16b13ef7053626ee44b517f4eaabecf1ebb8e8e8a1925e291d18591463

Download Submit
C:\Users\Admin\AppData\Local\Temp\XgkIkkEo.bat
Filesize
4B

MD5
2a1198536d47c695049a12080e30884b

SHA1
477119ca441ddd1ec3d4fb8c439b2044ad79f9f6

SHA256
7af2f8135ccc3e5e43333d6b3106f904f98d10ee3b4a10622fc38c4bf7306d13

SHA512
95f993265621600d02d8a0e9dcd604761ddbeefe76108eb1b3aa9e6233f8e8585d4d2b3cb50f48c009016cfac9837b86d5fa33deca6aacf007f1e282988f90c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\XwIQcYEg.bat
Filesize
4B

MD5
6b0174a3a364af245676ca39e7ce28d5

SHA1
2a3fb57bc43fe909f8da5b11b5f7f61cbd490a0d

SHA256
8e67ab88f6fce3cd14f005909b89c161119fe739922e322ec80ae46a8297162d

SHA512
823431e5020174dbf7cc3d58e8d66f3e1933df95ecaee653ed4210c458947810decf162bb5abe9d650fe12ffc247c7a3266bc36428c2e2e3bff0edf3d49adbb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\YIAI.exe
Filesize
247KB

MD5
f04a19a8e70a700db92ef783877aacdf

SHA1
5f1ade94c2ff3de1097ee01cb113afdce3ec8002

SHA256
141c0fb7dbdad530722f8b0435b1d0303559e88e7542abf5e88fd74a48f62dc2

SHA512
1cb8f809f17fd9d8eb6d8f39e8566377d8dd36e6bebe9f3576309e7dec7853dab0368b612da036a687a4321f26fc43a1dc534af370366f8479c09d8654ff6601

Download Submit
C:\Users\Admin\AppData\Local\Temp\YIck.exe
Filesize
239KB

MD5
aec953d0786f3aa8862f2872ed954307

SHA1
5bea2efd12cdcee03a2e69651019c903d414442c

SHA256
1a901c028ea86db3d04669778024e7d16a174d17290f4dfa0158beda5fae86ae

SHA512
b7ca5c3924d4f006d51fa9f593964464d1682654f337e6af203677e9fdcbbae7decd017f59edc090c0da34e5220a06ddb04c8bae631f3b5073ce01d50d3dee2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\YMcm.exe
Filesize
244KB

MD5
9fd555f625af66e3628f93ede3b61276

SHA1
5193ddb7fb46bb6c915c4103765d1102fca64735

SHA256
a9e25393b210e1027cdc3b7e5b03b6e60c307ad88d0e85a2a2165597d50b8630

SHA512
37100b56d77a8a2587b96149e2d1e196eecdcc08405696f1bffb012152d3711dce5125780b0cbc948c2d697f3ee4523f4176ca64f12d39b7b3ecba63e62ad2cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\YMkM.exe
Filesize
792KB

MD5
c322419f14675e118168adb87a9b765d

SHA1
5547c5e73ab7100fc3a545d1b84204797629aeb0

SHA256
371fe7f3983e570db3fdf41a7a95c78801acf3ff5ddae64346c6bcdbb033bbd0

SHA512
9d705cba87761dfbb42d7496370271d79fd60a9ef9e793f6667f34843b6585e891cc1b4f45535641bb77e001e6de06e0497756f57f3235c4ea63de9e4ef3e6c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\YMwg.exe
Filesize
1.1MB

MD5
ce7a1b33c980d3ede53c02b3b041d91d

SHA1
abfb4ffb70aa778bee2ef61018b73a39e89a0882

SHA256
68e10fcd943d41091362d24c92b6537aeeef4f231bf5884c11e14c0528dc86c6

SHA512
d9cb0c8ec6bef2105f5d6ceeafdb0f52de33eef5437172518a18f77f7b05bae549aa73fdd938e988fee72587da182cf4228a04c5a6dc4b39f8105355c362aa60

Download Submit
C:\Users\Admin\AppData\Local\Temp\YOwQoAYo.bat
Filesize
4B

MD5
fd3ff61e865b49a902a4d8babb99fca0

SHA1
a25bd174953973c45f4561fb5052677ad9d80b78

SHA256
d36923e39177126e3e76ef539857f11d3ddc94bc7632a1381a7635c1392454f8

SHA512
fa732cb785e8c9ff109f08448f472be8be7937cab3b886b44d1855d447b7b70649c8d758087efb4fc5604603a0aed0d596e1f28e323c954dc2c30661e44d2549

Download Submit
C:\Users\Admin\AppData\Local\Temp\YQQI.exe
Filesize
1015KB

MD5
90fb0b9dd13d79d992c04ce26780fc2a

SHA1
e91260de3e2e006d9f4ea352a046f081d28aec59

SHA256
5932fb8ffe61b966a03ea6aeccb714471c0120557b9d53270a02091fa42a44c1

SHA512
69a17a65a1a68302ee6e91f374ea11516657f35b8cf3801de2387a2222fe47a8058e17418dc27e0157c3b894cb7327bc358011b4b7e7f1fe153154938cabf824

Download Submit
C:\Users\Admin\AppData\Local\Temp\YYQy.exe
Filesize
702KB

MD5
f938fe7502923d8ca1900b104467345a

SHA1
0dfaa39553cbf43a81a059468e66e609d0a63707

SHA256
af8463836e260f8e59d488a405e6a3ac2adcc2f641bfd7c063fb9be206e85802

SHA512
c7492f8898ae30b45369ea6a43290be57c0afdcaf131d6f56d5250579c86512d1aa743e551c6ebb61f9c60da9f41a58953138cd5699009537a47aead5afe2ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\YicgMYEk.bat
Filesize
4B

MD5
48817c800926ff11876ced338880a575

SHA1
0a51f40dc466b2549ce4d2079368a3340a750892

SHA256
26c7b7a7067e3d05ec0bceff3f604524d0eba0af4437a609e9cd3afda166d081

SHA512
81fa255c04f1ba4128dcf4732c68c2e20f5d82b9ce7b3a6c225ce81a25dcd7b0c41fb44ef58f7180a6f1afe5507ae38a04c8856efcbad04236d13bfaf7aa21e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZEYoUAYY.bat
Filesize
4B

MD5
0656d3ced218b41655ae255801942438

SHA1
b3d3060571f9ceb8ba7bb8a30473e3efd2cac04d

SHA256
018ef970acda829e875ae3403f7be67e7f3995670a2e8e9276eac6101d56815d

SHA512
9f696744909776945a930ae120674d948d203b87a3694ee9e208eb1ceddabc0fb5e32104111bfc8f54df4556ffd03f2516a80bf927d34ef3cd015b26ed753b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\aEIK.exe
Filesize
308KB

MD5
4bc2d6684c31547fa5edb77067efb2e9

SHA1
e094c2e4d3156bffce63763fc35f86a43ed72045

SHA256
fd671a503638c7997f728f16bbf99d0ef438ae8caf838bcfbb36b01e88c49982

SHA512
0f366d8dd1fd915a355eb66f4e3801cec722e5dd2110096a26c75cbd6530a6ca26634e25a3c8aca6237d7749dde030f0b5c016ccdbe16db8db96c670bee6207e

Download Submit
C:\Users\Admin\AppData\Local\Temp\aIse.exe
Filesize
1.2MB

MD5
85a01f4fa61ccc5913a0718bda9bca26

SHA1
bcfbbb64977332d215ab4636c614c8e629b7ff8f

SHA256
7aa200b81425162062c1105902ca2b8979edb0e183d124d0c80d1e44b40c095f

SHA512
af6a4adcb4920d69dbb88298fc7bdbb80ded9798f8d9f33b1807b6548f3f82b9ed278a21c461349b228b6847e686e6c53447a6e28a750e3f8d3648285de59a35

Download Submit
C:\Users\Admin\AppData\Local\Temp\aQQA.exe
Filesize
639KB

MD5
a4ab1e8a9d7361c61cc9ffa42da64e36

SHA1
9774629b8ccdf58084d415e99cb34d923035016b

SHA256
4378262e2d1089f630713188c7339a520644b35532ef2babb6eb89b6440f70ba

SHA512
18710ccf5c8b3a3272d3aeed155487c6dbbb84ba18d3a47634a507593267f0dffd136401b7065d613f463a719e50daa58d51acc21390961c627bea347f6c333b

Download Submit
C:\Users\Admin\AppData\Local\Temp\aYkc.exe
Filesize
186KB

MD5
bb5f00b9e3c322912a8ac968c79b12dd

SHA1
4bf2e7f6c2eae53d26fc88d7e17b077ddad01e26

SHA256
112310dd5e6d62a5fa35ed4fd5e79328da994b3267efb2b83c42085088c2e5dd

SHA512
25083dd43a359cfc7770b165371e847e07f14697f573df72c99cd8891e0f36c447c339caf03676c3a5590467f5bac60d2ad143e67fd3e27aedd24fb1bdc519aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\agsM.exe
Filesize
197KB

MD5
fff6389303dd74d9944300c7b5dc2b62

SHA1
ef32cfcbe0d0cbd1cfd45b32daf9e41c61125c9d

SHA256
a475ddea882e2129eeb3fbe7528404a7a0c70e51b23087d9c16478f15c90a1ef

SHA512
f621b8b9d68ff3ba3102a73c4d6eb1f891e258ca330e65a3d1b239be57d0c9997c65aca42bd846e25fad17c8b7b79ec0d5ae2e39faa4c55d4105c1581b412572

Download Submit
C:\Users\Admin\AppData\Local\Temp\akkQYYcM.bat
Filesize
4B

MD5
e76b178963631b65003565bc0c06aad4

SHA1
0983bf41936e396d1f51e6b520e7344a4db68c1b

SHA256
e15a2ebf6ac247629519c167ee682f0867823a622a923148f39d119d6ab4d523

SHA512
05119e12c5ea9aac9171939cf256b6fc2c73e5e3415c83bd51b07b37ff590a85fed2279528cff4305cfdf22cf6339a8d476957866bb46a75bcaf767103e09b4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\aoww.ico
Filesize
4KB

MD5
6edd371bd7a23ec01c6a00d53f8723d1

SHA1
7b649ce267a19686d2d07a6c3ee2ca852a549ee6

SHA256
0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7

SHA512
65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\awEMgsog.bat
Filesize
4B

MD5
f00991ae2a36a61662c8ce4047bce535

SHA1
e91a7c335c32acd29fdd90f0ba7d8b4d14bb66f3

SHA256
e7f4049bb05148301e3f198e36d177e37f7084b11e92ed5ae558667d50a4ae03

SHA512
e42f4a3999a2ba888babd129cb07c7daa08a164b83936338cecdbf71854df7dddab431594d8a0e342e18dae17c4621ef2e903da2c7155663499ac6610fd3c76f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cEEA.exe
Filesize
229KB

MD5
42b63661704f4c1d3bc7a9644139d737

SHA1
c8a0b4ebb408e7378841b53d8b588ad87c20ff03

SHA256
d18fb1c6f6486d990f636be36b13a238dd9ebe195f42c867f4a434a90109075d

SHA512
365e04bdab5135b7eda554da56124e19a097209319a5cb76593ea92d359ca17d4788d15fd5e5504cd8cfa0b0b6cac60e714754107d775274673a025058c49139

Download Submit
C:\Users\Admin\AppData\Local\Temp\cIYwsQkw.bat
Filesize
4B

MD5
5ac7b2ad89c8a929746ea0b0b8e7dfda

SHA1
9aa87fd936c6b39c9e4755d335d2953f49239140

SHA256
15bd4cd746d8ad17947098a81a88d456db3a526b8afc69a6eb4ffed0a95fafb5

SHA512
07b5c4e96aee81059d864df9d32733d7025c67cb9ba646fde29c1a8876083013afc65ee9aa05129b2c6b8778242dc4111fb090a82b7ce1a4bb048a31f8f2f111

Download Submit
C:\Users\Admin\AppData\Local\Temp\cMYwgAMA.bat
Filesize
4B

MD5
62b8b7f2be207241ac7e98a662999ad6

SHA1
04f83c26c4bfcd0262212c59b4b6b03b160514c3

SHA256
896663756ec9835e9bbffffd8246efb66de4861b1f8c8104b03d17c997c399c1

SHA512
44a46d0188fbb31f07a0e1be113320f23876c2ced2d268a00ab6c503b47dda9c63db02a176f3e3ccc92d21829bc086c3c254cf18544c927faf06ffda8fd0e65f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cUIS.ico
Filesize
4KB

MD5
ac4b56cc5c5e71c3bb226181418fd891

SHA1
e62149df7a7d31a7777cae68822e4d0eaba2199d

SHA256
701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3

SHA512
a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

Download Submit
C:\Users\Admin\AppData\Local\Temp\ciQMYwsw.bat
Filesize
4B

MD5
c4609bb4f344c4aa09b82e28fefa228c

SHA1
dc3ca2b9e9e92beedaf71f796fa4a5cb62c06e74

SHA256
7f7e0f28cc580d1611f6943eb38f93d55f00d08d5da0fa821f6dc4bf779f85ec

SHA512
07712e722457a3c01de62309e35d5b090c61558880bf5fb3c0f11efd80e587abca93fae64b3995f8287a4e8d23b7c1e6bcada518e8abad69890f18fd9328373b

Download Submit
C:\Users\Admin\AppData\Local\Temp\coEC.exe
Filesize
1000KB

MD5
7d00aed3be7acaec042dfb1e9289256f

SHA1
2c2d658dfbfcf708688c7642b9f49b6c7636d074

SHA256
8ec702bca0a60c5326ded2780b1a504abbb10cecae86d9be6dccedf40d9340f7

SHA512
231a2ee8879f2abf25c39ede786e080b85a32a84df96d69a0601afdd49bb0654dbebfba0b0d5b13e187de3860c545f2c4639f15cbec605e2f3f5a55bfc12409d

Download Submit
C:\Users\Admin\AppData\Local\Temp\coMk.exe
Filesize
248KB

MD5
38711d550f7cb4068147499a1c877fd9

SHA1
a60011d56c6b7017122e83f9703b211d9aeae20d

SHA256
01f14d83cdfed80c584a4432e13896cb0b731cf68a00c749f5ea0aa913690b3c

SHA512
d233bab399bb7a07b8f8761a51a54bc3efd814d5d3d1ab5d12125b1c8e86e9a8b066524bbb60dad57f861ca51533acb70f80789e0badc4552ab194c5e77a2a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\cqwUUgAE.bat
Filesize
4B

MD5
f3336f63f050624e3cb438d751fd08fc

SHA1
54fe3e64084d3e47a8375615011b8b992af01f49

SHA256
56d0d3aa80f55990be960e6006e17afc5a0753cdc13b0136ba344aa2d8d9e893

SHA512
1cc6e27cfcd13f06abeebb9ed3cf30b0a904529d9b95f24771333bf387301a7c182d4de1057373fe4c9bccdb661c02add35330a207b7b21d260a427a6a2893ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\cwEC.exe
Filesize
195KB

MD5
fc75044b0c25761f53376ee0016cd972

SHA1
47a2d263b83cae75515c1a8e027e4414c7a1aefd

SHA256
281567c42da1fc8bbc9e6b0a87a61ddf52977c276edad6a69b5c2607a30d87a5

SHA512
2ab3ba5bafdeb7b78d599a9ff6b97b726bbfc23e53c5e5a9ed67cc4981448a14d79639534b55a5365f1d75aad67cbd1ffcff2c4e8301a33bdeda6bf0b680defc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cwcEcssA.bat
Filesize
4B

MD5
2e703a4be4d21d0bbbaf67bfa0cabb03

SHA1
caf65ec8dc6e26b0eb85d3f584dbd3dd865a9152

SHA256
461d28ff6f676924be2fbaaafd128042444ba5779d00636404df2b9ef612b511

SHA512
34709bfc3e6e008a651682690d028e0dcaf3142e2b6ae65870ba11be871e601a4a9390cb4cbd2ce8f304830a536032434d8dd64988c00e80e53e816a612b7a89

Download Submit
C:\Users\Admin\AppData\Local\Temp\doQEEMoA.bat
Filesize
4B

MD5
701b2b33983604c35d9106ddbb84f9b4

SHA1
accfddd9265d3ef60cb20fe00746fa3d118c50b7

SHA256
87dd591373c01b449452b4b33152e660654d2fc5b3873dc28a160385877102bd

SHA512
4cbe35cf7f1cfd8fcc24283237b8f516bc6c58aa712aeae6a5e3bd443ec24ab62b030ef4b0428270ad37cc75e37b2325eac6389528b946801c09ef04d9b06392

Download Submit
C:\Users\Admin\AppData\Local\Temp\dswcswko.bat
Filesize
4B

MD5
2bbb19cdce4ba1d9db668d45f7729bc0

SHA1
6be225e6111c6cc773b6ca259d47946861ac5baf

SHA256
026a59c12da7ce194048a0b98296967a7abfcc86af15d12708f6ac4189b2f6c2

SHA512
34552417f541dad08dd95546da5106b713e4af9afdd0efd4af08a27c48a6b4f52a06de5e518e20c6853791e66796e4faef24736197e11807ff4cccf7ce4fb55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\eIgkQkMU.bat
Filesize
4B

MD5
ac2b9153dd9cb07ffbd0499729a9807f

SHA1
c9b5674b331226bfe857895908ce3bcf455fee90

SHA256
df632d2917b11b940161c698d1b7901520205b5a897ea0ef5c849d10d5c29467

SHA512
0e5670196e3e485c5417ba329006d360afc58b26d1c298ca06dedd5327184e180995dbebf2a151898c939d2d38240e9a7d2cea8f1c73d83c68712216758ff491

Download Submit
C:\Users\Admin\AppData\Local\Temp\eQQi.exe
Filesize
251KB

MD5
7fa36b1499fb513367b0b89b222f7898

SHA1
149a892411cf1a2e335cfebb3e9cb4525612a50b

SHA256
e90b75672bf9c5d729f481dcaba7b46c9114393cf33aef0420d143cec72385e0

SHA512
2687d4bb44ae8d28dd2dc223227ab7a31f8fa656aa74010c38e5c43b1dda702c5f45a93d8177087925151b903494406f787deeee80781ffece5ed3594a9a7197

Download Submit
C:\Users\Admin\AppData\Local\Temp\eWYkAUYc.bat
Filesize
4B

MD5
7918f9f584fecfa47547b028c6e5e14e

SHA1
9e5f1cd953e99c2eaa5ddee2cefef8215f939888

SHA256
c5602a44c8d0e309af519a4fcb04195d9f1d61df202a583d29bd49c8bff20998

SHA512
eaa6c7867d33716310cbae78908e3e930e2627a43ebba45f1b23ef28b7c13fb268d83f7f8a030701d7794ed974d38e09337ba3092957693abc2ed74ac84204f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\eYUQ.exe
Filesize
784KB

MD5
0ecb9fdb4acc43715b4b75768fd93f47

SHA1
f9078f0c0a38f29a42b37cef2aa98647405a92ba

SHA256
f330bd10012882c5e45cf7015de49203fa2b4afb7a2d3f9c35f3005d28ea475e

SHA512
97868b8d94e9a65fc268b0382edc09d2df6a31cbe7444a2621bd6d7bec39f240ae06e73701fd56324e585499e874ccec96b7e4e7af3df8414fbe657d1755b02c

Download Submit
C:\Users\Admin\AppData\Local\Temp\esoq.exe
Filesize
248KB

MD5
f2bbaa0cdc52b96a312b20bfa1a89760

SHA1
8741ce5ca9e96f7a08d273e49cbcd396461dbb4c

SHA256
41a37815b235e6b924ddfba8cdfeadeacb72080e1570a9db7032b32dc0d2fea9

SHA512
d1757b0e0a9d09a962c5a92dadf51c5ee9008bcda15cfee5a6a2f51826452a99d3cd990a46b5a1127d1941dac68e29a47df4bc65f0bd8b6be1db759632bb0fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ewEU.exe
Filesize
232KB

MD5
9e0d5adc78426c64cf949dfd10e33804

SHA1
7c48516ae0450a7c65d2c8923de418faa5aa5822

SHA256
09cdb8751bddfb8769fa1c815de9c02238d28584745cc42dc33922f286b2eedd

SHA512
ae9d10678cce5e4de2b8048066e2e974fba86e0880e85333d361d095b86a4ed8b0ffbbf6e43eeca7a1eb18f1f35d4052233c8f12d660364f9dbd22c890cb7cd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ewwQAoUk.bat
Filesize
4B

MD5
21206b7650ee2219922e7cd9e6b9fd72

SHA1
50bab9aef110a594803b8dbb66ff54f59032c26a

SHA256
98961c9fceaa89e52de1e16f2820340f2db0113df322b126819f3ae95455f89e

SHA512
5e1ebce423119cd19c64916badb44ddb03db0f85665cf0ab494d3f907d01ddb53c138808480d0f5fe8f83e0810046d5cc016f2609b5cdb8a8b4abd743acd59b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\fEoEQsgY.bat
Filesize
4B

MD5
0bda0d6f0e67da6ae66be9fc53a157a7

SHA1
2d4aef49e390558d713a08f6633bf4e9deb1272e

SHA256
48666a040e6a5d2772cf356ffe0ee09dc781d8f3ebe74549d672153b85ab304b

SHA512
4b2aeddc590b08867cb62614d209ba333d6590a1059b334ffd08251b0aaef2b13cb94e339f7f45eb31429b7ba1ecea552051e7a53dc27f285f8297283082f441

Download Submit
C:\Users\Admin\AppData\Local\Temp\fGMgcgAI.bat
Filesize
4B

MD5
a5263ada402fd3ab09ba2199f55557e1

SHA1
e2d0e89fc1a4f2ef3f56f4583a8823e16066b015

SHA256
c6c9daeeb4c928315bcb0d14ff4ae9898f4d2c24251087c86b96ad552e4491af

SHA512
c5defcfa194148a517592382f60f75cb64d397e52d0cb457be490c47543cfbc6626a35b42a20ee9d84ecba2af47539f01da54098e1546cc222ea56ce1f08a12c

Download Submit
C:\Users\Admin\AppData\Local\Temp\fWwUoIUM.bat
Filesize
4B

MD5
297c5c05a45983b71512c9d6fd14f0ff

SHA1
38498d680c25583df2af11308a0be96ea94ddab1

SHA256
6467639488a5bcb0c1fa12e555e2db4efc1cd4dc23085bc3e7de8b9b87a9810c

SHA512
e50a3aec4e34bf23116c726840aecc6a0111842ae2b9d6276f47ee0c5a647d5f97d8d3ea982b76e98783071550f780fe8d886dd57e9fcf74594e5030055267c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.vbs
Filesize
19B

MD5
4afb5c4527091738faf9cd4addf9d34e

SHA1
170ba9d866894c1b109b62649b1893eb90350459

SHA256
59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc

SHA512
16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\fuEcogww.bat
Filesize
4B

MD5
2b24d130bbb3b91d9311409ba5f47f9c

SHA1
d9df3725359ca624701adc9b199f6ab9f6d0dda5

SHA256
a1b0b2a2cf1a98c97b45ae81526af4ef905837a5e6aac2d0ba38eb1528f4fef9

SHA512
4739f967e655d9b45a1354b55812aba71cf7164f220deccfcb4d2925ed82402c5ce95450a229e2dff0b5566fd8a95ad1976b8c733418787085ec5f92f1742717

Download Submit
C:\Users\Admin\AppData\Local\Temp\fukAYEAA.bat
Filesize
4B

MD5
8cb370b5ccabca026652b82871898dbe

SHA1
060d2b6114a9fbfcf79e5b17047a9a8ecbae0048

SHA256
87ab0fff94c49bcd73d09f32c494eef1ee925dcc2496b8cc3643a818502c32fe

SHA512
e7017eb95ff69f9f82331cd5882e92cbf2fa1d1265016fcd7162026f74c2baa4d067aa1a4e5958ce6e2a53312adf86061850aacf8e44a33d10a4037605455cd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\gAIK.exe
Filesize
235KB

MD5
c66b9f2bd2e6142e339fad71f027485a

SHA1
f2d89f56c4c2de6583fbd0f1f8dc391a037964b4

SHA256
889734546f3380b212862df71843cba9b06d64236b34699e25a08d07f28cc719

SHA512
c2120ed3c81f705c01589cb2c5c1a35e37a33fcd3c3f8f2e35ef3e7f5184fc073764691ca409110e2f7fdef2f57352d1876f711cd2e031f418d9fbe342205950

Download Submit
C:\Users\Admin\AppData\Local\Temp\gGwgQQIM.bat
Filesize
4B

MD5
4e79940801917e7f206863d9ffe3790b

SHA1
7837bb90e6391ef88c3d0aa3c41e638ad15d1fb9

SHA256
086fdd509a8ff7bbb923ce8bcedf0c388b67d9bf5ca3cc8f7bf113436abe8dc6

SHA512
3230495ef7fc7450b5c7ac6f50a5d047d77c1f57e58646bd45f7d109324ae187e82b088d45410b4ad8aac40be31fe53b62977f9f7f93ec91f7438f02399f0fd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\gIMK.exe
Filesize
332KB

MD5
a759e0d9cb20cd383296c1a4b359903b

SHA1
c3e5fb6f1c97af70f129b7d9a2bea52d2cbfcb35

SHA256
03db240138186fb9be8c02e46c8bfea23e2740ae9f569f9d567be68e4d42c484

SHA512
18fbf339c11e2916ad515f901c2bad0e0571fd5c8de690de895e1093ac5f165fec57d47550581201237197acbc995dbb4ea8295f0594c0d0aaaf86c089d8c7c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcAK.exe
Filesize
240KB

MD5
f36c425a166dd9c2b1ad940b1798aa7d

SHA1
088a360f7da99418e71d46ad0eb1d31c9dc6b1e5

SHA256
318eae24218bc014dbaf5a9cd16f54fba339d4ebb99c282ff3b68c1579b27a6f

SHA512
675b93c1c18f6843e73ebe3931dc79112170f7dad38a3308e4801dc4ea2c4a7edf72d562863fd8e87c4dad78860d87ab0bdf71e12b4afd8cd755258f77faa85d

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcAcIQYk.bat
Filesize
4B

MD5
1b601f7d729593a30a42c3c33c32c1b2

SHA1
870674a9c9aa4d702e5d1ab55164c5e9a8048175

SHA256
f0dc28e3aeea216aba7bbad9e0cb9ebca1e2e65e17ea2e18d6f0b37ae98f7041

SHA512
57a25b4c96a85c419332c6261fc8311f6a2013b1be86e5cee5898ff1008ee3737b5a995f3e646f176ee7dfb1dfcffe342bae8001c5f82c1f7e717c9af7e307c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcoO.exe
Filesize
248KB

MD5
cef1693e33abe03bdd67799219100205

SHA1
42fd5892234cb8f2cf27f67b02ae44ccd39d268c

SHA256
46640ff0ec9b14ef2b885f96ed5f834b1f29b1b87d85771e8898ecefbe1dbffc

SHA512
a87a78cccca488bc6f73317f1f37f031f407306352b188b3fc689a2d96efe06eb9802bdd363e5b0a7331061fed9e804240a13e6d99cfa578e4888515992efde5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ggMckwkY.bat
Filesize
4B

MD5
fdc6031c3c2b542027653e05c4603f59

SHA1
7d3c746932ad9b949b17c43b7e0d7028b6161583

SHA256
60abba543d5b59f4ea89fea624f4bdff461fac5953bf28587cbd66adc0b2f41e

SHA512
085d9814d3dc615442774bb9d6ddf8eb828ef924f5e070db62fe0f9f41a251a47d580542df16e0ccd4c12f91ae9c43e003f1843747e84a0d5b8dc5e0a7fe32e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\giAUwgck.bat
Filesize
4B

MD5
3050bb4718931834e3d65b631610dc0e

SHA1
1d0d10129f2404bba06c8ddd4ce420337d25c038

SHA256
fc4cf9eadb8b7880f262e816f5796c59e4cf5a2be03ecacfa46dedb2013fcf24

SHA512
c4d91165e6092dfc0323236f797a1ddbb35566e857b40569d37bcfc5d63b2cb59f2c75a3e827f6aa5276b48ac68cb3d2ffe97e3b3854558f4612c2e9e50b3095

Download Submit
C:\Users\Admin\AppData\Local\Temp\gkMG.exe
Filesize
248KB

MD5
e1bac4accb98c1808d3014b3f6f5b50c

SHA1
eec13ee18a1b445882b4f40e70548f98cb5c2d95

SHA256
8fef8e899d87c501109e6641b1141fc05bc96d86fab6108e8834cba34f2e0fd3

SHA512
70bf448a8589606eeefcd8f2d741407711e72202da9935dbb194b3a958322f51842ec63e4187f4c0a1f0825bfaa93c8e5a87c4883e561eb1801042bc87ba47c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\gkQc.exe
Filesize
198KB

MD5
964e9b64877e34121c85efaefd282a56

SHA1
a9928de9fdb27e18e6594c1eea79a9ecf94715cb

SHA256
6ec94dde5082fb61e2720f6cf386ec7d24f18f2a9b37b96991b53b6b87e76bb7

SHA512
5dbab598327a9f155c023ddd0b06453d65e08a29899152bcc27c79a4dd6caa5e81eaf99bf8176d04b68ed6806afc6dc20269c3e8cf8f4019186c3cbdc8827246

Download Submit
C:\Users\Admin\AppData\Local\Temp\gkUc.exe
Filesize
194KB

MD5
841621f0481a7cc868eadeff0ba86abe

SHA1
3b97802c79b0b2578c09d0f373726bc0b5913969

SHA256
6655758692de7d6d555facfce644348e8238134d9161c3a6178ca3ce5e9da188

SHA512
1e574af9aafe7ea53d77bc436aa2722a58cfda7def2e4d120a3344b9fee30b10062655ab9c5a1a0fc48d43d553cfd01119281a7be2bbf6881c7e1ba80ae3392a

Download Submit
C:\Users\Admin\AppData\Local\Temp\goky.exe
Filesize
998KB

MD5
71722e5c83690bf0e03c5bde917f3291

SHA1
e811c2fb7dc3157e275a4d41f2ee6aba884e6ad0

SHA256
57626f6ab4f9d83b2e8948d65882527f3dd4826f25dc08e0f6ad892a3a531d45

SHA512
228817addf3d83f7947b2bba1a42e4a3450266b7c6ba6da39a9ee3a9a1aca37e956bdfe69b07ee4c96c3a4f816a7615abade25329034c8222519ffa2d62f49ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\gooQskok.bat
Filesize
4B

MD5
927a852bf4ef114bcda15694bcb9bba6

SHA1
34cc69a7a4ca301896c56e2408f4286d16d97df5

SHA256
13941d53e8547708f0bb72d7e9d3f37f835dc547b2d1a2f2a8bb2c939eb467ed

SHA512
e2963b3ddda3c7ded8b0d88f4c67bb00ef55eb73197110a50e219d78b2da250342c60beba42739b2adb1b4099e8b1160c53463b8b4657325262a66bd3c8280ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\hCIQwkAw.bat
Filesize
4B

MD5
cad74a6224a80dcd4db2b5b3bdaa4b9f

SHA1
30b43b02009b8c3b87e5abf65bb927799aa910ad

SHA256
be1056c36f5d7934be67a0295351ee433b3582c9af2de12312afd72033f6a0d6

SHA512
5195ca1f433c2f9d78226372dc43aebdeb383144a0a3dab194ee2806edf7983bead123328b7df541fe0d5d4caae9d4fbdfb596b6581e7a6527b38ff1dd11b8a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\hYskUMUI.bat
Filesize
4B

MD5
1dc75957a7d983ea86e9135586b321bb

SHA1
be6103e00f54d34a1bc142eb426dcbaa87fd551c

SHA256
7e3898efbab96b18471705cf235fe56ef2a2acee8a87c9b06d36923cb9187163

SHA512
c570596e3b0ae7f642a493f4b4c894a30451aa9e9ae755f775551fd1d6b7cde929d05a8a3d808f6753f81ee38c6b8f3b656672018561daf72b6e2aaa82280fbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\hogEIMQs.bat
Filesize
4B

MD5
aa279244e89372a35607d9fb42604609

SHA1
bc26ed9ec6d43d10df87e4521a3e6ee53d5b6a04

SHA256
e9710d263e70552759ab922fe454e30393ab1f0aa6d3a596d4b25ff30276b3dc

SHA512
5d7a4b6635b30304cbad9071501280736c5f059c8f7f0ac86761d7d8497a58e62347ed999dc26d6165043aa652b2bc675d9150d4ebf11ecc9f0ac04f86b16f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\iGoYMoAE.bat
Filesize
4B

MD5
8254beb77d73e09f12c8da6c1543f356

SHA1
cb95e5fddc328357e41146a811ee717f51d1483f

SHA256
f6088a7d9fb206662e9567ac3fd24f447cbd3e299b57d18a28d9b314ea9e2f8d

SHA512
3d8cf83b32ca205ab9efd6035c253c03a75719a27280389e8fae7c497559bb64dd1fabb3b80d6befcabf5a0e60b5981d1fbb97f7e0ed6ff985b0378991df6e38

Download Submit
C:\Users\Admin\AppData\Local\Temp\iIAm.exe
Filesize
555KB

MD5
2a4b753cfdaed77a217b93b8dea21760

SHA1
b935a0c9eb0e0360dcdf1dda6c0ea1fb32ffefee

SHA256
969618ae102b0ad2b232831a2aafc38f4039a4ced9abeb1ba47a36b30421aec8

SHA512
5628ae592be9f81a88e24ada3ce0a0d58638b939fd7795727a187002c465b214d151dc4c69a4d0dc1bfd7bf003e33757dc8868cf393477e55197c929155aea5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\iIoW.exe
Filesize
244KB

MD5
7ef2ab79ad5b380dfe96562189e3d840

SHA1
e4b2126d3f2c133fc1d2f26cc55f225872b04b1a

SHA256
01d8f254e6dd738f89b6c236f0503ef418b152f820a3afaa3d686b0239ba9b70

SHA512
126d9dabdcd71077d2102655e80a6361088d5c92ed71b516859d29becd1cf9c88c346a595e1edd41914c523fa3f48f437ba1cde4d3fa1ad5bf0272c7b5f5fa17

Download Submit
C:\Users\Admin\AppData\Local\Temp\ikoa.exe
Filesize
646KB

MD5
f9351ce215e36c5f389f3a48eff9f5a6

SHA1
7cdcb84b98ae5488263efd7b4a34311bd7db53f6

SHA256
7d5e0ccd311ebb168fd87608fe36733a89b1db18b9254f3026c802116e6a02b6

SHA512
2e81731cdbacba6f61a7e9df322c96a8d3ce38683d847bc007d418c9288947a6411c946bc827da12a73f82372d0c6420d357ac90869dc7e65c492a941feee9c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\iwgS.exe
Filesize
248KB

MD5
b2aee5f11b9749d49f8a11039e3610eb

SHA1
ca1a781b8e96050b40b34b92b01cda21766f85b7

SHA256
a851e3abe4ad7fff16dd71198a65168919f0743707d00b8789946f0cf59fbd73

SHA512
c0446091cd742f586d048dec60927dd43fc095df4d7624648e2596ca4623de392d013e81c143bd369bc91b3cbf5e78ab8c412d2ddf65bbf90887a729f47d0adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\jKsggwws.bat
Filesize
4B

MD5
04d312584efb9b5513e126c1891359c4

SHA1
ab38741dd6d02bdcd4fb15e1c6aae33762b8f408

SHA256
2efec36227069b89b1f5dfcd47772b369c9e2781576db1383668f46e2c514910

SHA512
009fe77fc33fb5287eca7f4ef7878dfef79f354944c5956e568e675d6f41218e241479674f881f4d26be8343b6c86419c09ab8a67695ff4e4b3de5562d298d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\jUMkMgQk.bat
Filesize
4B

MD5
b4535b376a59d680267cd8ffcfb30624

SHA1
8b39d6dd1f493da4429f26ac842b0656d93b7bd8

SHA256
5c48670e3354609b3959fecdf1a35c647f7b1bcf319da4ee4e54ca1a5df22669

SHA512
3f9742318689c5206a615a2942af5fa53580f88e1fa7978704fd419146ba33d580b512aa2df4f4e30fa8cb3a199131469d2349d219db6a3e33c65f5c7cf8b821

Download Submit
C:\Users\Admin\AppData\Local\Temp\jykMMMAE.bat
Filesize
4B

MD5
bd3438b91622023b3bca1d82671173b3

SHA1
f52e5923f400f8730851c350f31773e6f8d78798

SHA256
993b4d29424e69d2ab1539b65d3dadcf73a58b9bba084fc90c08ef1d52b80774

SHA512
4cb30764d800f30c3585274337fed4f226051e89ea3a18c2629fdceb12e17071aa7b49955b00b6c713cfd1e6fce9f5d980086159f59e6f66eb876de04c9a4a06

Download Submit
C:\Users\Admin\AppData\Local\Temp\kIMA.exe
Filesize
245KB

MD5
c4b8b0f8ace90aafff39cc3ff90df4cf

SHA1
f472a6f4120df08c1cec72f30a36edc2f1488f9b

SHA256
0bdcfad475fcbb0ad5fa22ee41e3b966692a2b9faaf4d377e61c968dd778a602

SHA512
c6836eafadab0e773ee73d242d15d4de333a012ba2ebc4ad57ef7368b7e73292fcfb5a6a78578128f7537edb0ded3b20dc352127341b3fd4a5caef33830d8a27

Download Submit
C:\Users\Admin\AppData\Local\Temp\kIoO.exe
Filesize
230KB

MD5
64cd2966f1e5fa5807f2f836e7d4f3b1

SHA1
893a170d6907e3236bb1fa2513c059861524729d

SHA256
cd2c92e851c568fa00cf4bb56ed6da32d56082d93bd584413301090cb289a7a0

SHA512
b04f3caec214382c0bd4cab65ee378a27eb7543a87d55468c43f8af0e8090f44636baa7f6718661d977d135efb16e2080b9ca21d681656a87e996141e9df188f

Download Submit
C:\Users\Admin\AppData\Local\Temp\kMcY.exe
Filesize
210KB

MD5
4aa249e54ea3c84601842f9a183a3a1c

SHA1
3c3ac5a3896dca2fd0c34593469b4d80af43ed7c

SHA256
6532b7b5ed7516be49a34234cb34f2b6614d6ce65d2f5894aebf3ddf091d108f

SHA512
b7e068daa5458644070757483d26487f01bf7ff265b34d9393700ec8a3e714f64d12c1e6761359779943538cb77b5f77ab88e0fc3ac956f68b9ffc351a200d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\kMoy.exe
Filesize
230KB

MD5
a041391708289131b58c2078a2af7a22

SHA1
b18ecc40d5ecc87866e3401c992feca04758161e

SHA256
72c12b10ad44075c75ad70fbcacea112c4903c1d7c48d2c7ddeaaee20b199ef2

SHA512
86b7ec1e839b7270c39a02e4720bad0eb51c320da477d9492efb289cdf4268f304b547d71c641054af7529622711b9dd38e822102dede249213f105dabad7b50

Download Submit
C:\Users\Admin\AppData\Local\Temp\kQoU.exe
Filesize
232KB

MD5
4818fe08b557d17f4675b4a064fc3e97

SHA1
a77b2868b63071a7438aef6d89231b346cad9293

SHA256
1954a96c98875da9927ed863cee2c49bf598c1958269740d98c88f73f3f3a947

SHA512
3f1b686deb1ef8d32475c3f0783aeddfadf5c3f523aae3db841bb269ac51fb21ef40520a692e133ee404294476a95ebf2731611a395a6fbb2700d275f51008a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\kSoIsAsQ.bat
Filesize
4B

MD5
7fd3710d0225c7deeb4b2cda9b38430a

SHA1
5f8a2b5afb96f6b8ef921c3f99f6a4d2eca6d280

SHA256
83e06792bf6ff366d1f458d00a5e0b8c74d28e7c2e022601189342fed1ef31a2

SHA512
28e58b587393100ba520d1c436c21e87005ebd6dcd29dfa0c630d45bed02d61b73260770b15ef613e880ff36d87ddc5e5a33539f9c026cb6f0712c41a93c8aa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\kYou.exe
Filesize
249KB

MD5
748b1fbc49f501e509160710cdc753f2

SHA1
ae11de51fc169f0df2e6ca4f6bf271501551e533

SHA256
d8e3894b16ec3fc988b6299e929ab8103fd78b5222e3cc5d042109ad9790c734

SHA512
2349c9db7e49dd05ea812e31db301d01265db91ca5d52b755e6f77af6e0a4dbae359771aaac482a4a8efe5b0ebda601634b33095d4fec7de70568ea7477a99b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\kcgE.exe
Filesize
239KB

MD5
2ee874e5c006394d914bcaaa1c989b2e

SHA1
3e9a0f3c964f6ce765554eacf82ff89e147b5f74

SHA256
0ba6d51cdc7b81e1ccdfb071bfbf60ac78368d74139458d521e832bd140da531

SHA512
3824a1133b85df96a6bfc5d6d4bf9145279b70e43b86da8372e6c8b98659c5be26f5b7db1e9fd56afc6196ffec6427583a7641e592dbc7684a30a606e1fe2563

Download Submit
C:\Users\Admin\AppData\Local\Temp\kgwG.exe
Filesize
205KB

MD5
73d86c336d03fc0e81e51026c16e3f22

SHA1
c2ee043ef1ab3d3f1e3ebf4960938fd74b1fc6d0

SHA256
ea91f6691653758935ad857428345fd3372607f7e74a63b77fea361e40a418ef

SHA512
b067466ef4423edf7076a86b3de961033c6449c276e7dd4fcc9e65858f5b036a054f29cf4aa228298ed8098300f7b1d65f9f4814a6f727d80272fe4255e23c34

Download Submit
C:\Users\Admin\AppData\Local\Temp\koMg.exe
Filesize
185KB

MD5
b5277aee0165d76ec6eca2ecac6fd4ec

SHA1
d48cb6032d2b6193afbcf01fa4b63287c3101787

SHA256
a15bad96f2e37ea75e7b55449ba289247f7ea181a9f4f768f867f71bd65abd5a

SHA512
70e6ee84dd4631363dcb5e20596944beda971b4de77e50caa880f32ec957306cb41f9ebfa0f6c093f4719e3fa4ac15262f44334ef09c93f5d9938d5272e81087

Download Submit
C:\Users\Admin\AppData\Local\Temp\kowEwAcI.bat
Filesize
4B

MD5
32d0cfb51109f3b877dd83ee954cf53d

SHA1
d726c92c182f86bdbf2abcec99af41665a3ae4fb

SHA256
8d9b3a53166bd725f83637e1e8ea6e28c3bf3c9658028167bc5f9f68dbc8a7ee

SHA512
df96d090235894632a48704ae9dfd0ccb0f0c06baece94af62bc678041960a38c4008c81ddbaa765fde1e176a05434585faaea05a83f7b59b0e61fc0dc255609

Download Submit
C:\Users\Admin\AppData\Local\Temp\kwEY.exe
Filesize
249KB

MD5
771216598d5c2efefec6b8eaf131845c

SHA1
4f2222135d671e6c1798911e4a7990699d9433d9

SHA256
8fc92e55a0a1bc8df5a2f474d5145eda020b7382324ebfb26f68199412dbc9e5

SHA512
245ed75f1f695e732a9f8e8ccf6749e4111b1b3584fd5c581e73226f8922d978c3d2715cb39c1f6860e8047e55afaaa3dd2cc6a55f70d669e53460e2093f75d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\lCAMoUYE.bat
Filesize
4B

MD5
22d4b50220a60d3ed6fe7f6f08025d04

SHA1
99ae0760e08df7a257fc82a9b56500757b047024

SHA256
9079489a714291cb2037cec286f485dd888f4aa395dfd63f0f5a3a97ffe3c30a

SHA512
05a954c8e357602fa25fab09f9047cf8fd95eaed394184cfa655684214a7f0ec35b847421b97e558c3f09c3cba2df00342d60c4ce333ccdef909d29c43b103f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\lEUQYsUY.bat
Filesize
4B

MD5
296df23cec1b4a4bd9aa4ad80658b610

SHA1
cf9101b1c691678dad449a70374d23208bbd5a33

SHA256
7b433c33496fbac601334d53075a47dee5e7241e1022fda16a2f2e4ec47b9280

SHA512
ee681c626d911068ca9ba2c71de0fd897d41fe0ab246f2956cef19203a3f3998e6a003f88ad354c51b4eef95cda76461e8cfbbd0b164a0654f73ccab1f725616

Download Submit
C:\Users\Admin\AppData\Local\Temp\lUggwMwM.bat
Filesize
4B

MD5
82e67f6801684d79040f24266cc3fc9e

SHA1
766ca067074ae93b2124b5c50535323aaa3ea6f4

SHA256
93db694ba13b1af5aefb9e7feb59c66a0fa3b3eff7d1cc6343a66ab71740e413

SHA512
5c891196df90a46663ddd743fcb8d2048916e9549aaf671629809327ff64c045b9e038e69347dd9fb5e1094920a2f12c1f15bd43509994798b3369dc5191c3c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mIYy.ico
Filesize
4KB

MD5
f461866875e8a7fc5c0e5bcdb48c67f6

SHA1
c6831938e249f1edaa968321f00141e6d791ca56

SHA256
0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7

SHA512
d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mMEMkEII.bat
Filesize
4B

MD5
d6d7a92db265bec27b2b841998f4ea55

SHA1
00083832737b61786549857f9aed0d3980713e05

SHA256
4741f734bfa168ed7dc49d17d613366a25e0f1f1ac627b4bd023b8064145d849

SHA512
3924e5721e3b9f83e5ba2ffb482aeeb0bf588f6d2c5960b9ce70e0130ef440817172a4e238d329325070a5ab347c12cc9dbfa2b227d3e7a9330e0f30b31c5669

Download Submit
C:\Users\Admin\AppData\Local\Temp\mQAk.exe
Filesize
230KB

MD5
4db63acae9045e695a60d28a14501759

SHA1
75303a8a78622518b58fb491c4ed9aad369d8045

SHA256
ea45a961b85fa4686688f1f1777b79a0b9ee2b219161fac1de91b69c17cf4fae

SHA512
e9dac60ea95f28b9a1a30e84695ec0957d209c3e2dee39d8c6d9476a3012742887c74c10ab41187d3a6570c4bc2f2a8ecfea1c7c9f7d4ac8f71fed70eccd82c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\mUUq.exe
Filesize
4.1MB

MD5
4f7d12926eb6fef134f29882ab13558e

SHA1
fac8a01d5b855a60bdb3e187bfaa900cb45634dc

SHA256
eb4910d7a221cc9a25d3816b7fa74ed5445935a78833d3fe96613bc472b0534f

SHA512
68789a0188a60fb4219da154384cbd9548651a7ba932ba5c2dae63ac6cb4d3a20897c43896d30481a5c37c317fc4b62bd44a6b28b85e264ccfd64a228d9dfaee

Download Submit
C:\Users\Admin\AppData\Local\Temp\mcUY.exe
Filesize
234KB

MD5
fcad99976c8e0af27bb341c102e1c7cf

SHA1
9808f6468864486333c205182f7e4e9c88036b05

SHA256
7a8d63371b93d49e4deece50d606455824e1ee024ec9925f64130259c488e7fb

SHA512
415643ccb0aa8616b67c8e799fbab6efe86b84615a2d9d66d902d112b31f8611c0f71e0790673c980f0e4fb0cf77ae272cd38602e40a9c5335e9ee3cd51e9e5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mowk.exe
Filesize
227KB

MD5
788229274daf0a55d18536d2d1b61760

SHA1
6c0cada7399033344b6f18200980e4c64e90c518

SHA256
1fa80e0285b9f9d828a2382d7b5bbef58ef3babb451b31576c40e34c5a11c34d

SHA512
01c9297c798038ffd5a8d2f244117e7eae56c8d010663796fcd06438044de1eb40a56ae3a0c5604a69eeaccd76eb7a0db3a81b7a15173bfd7e91635358850a40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nSccQoYg.bat
Filesize
4B

MD5
6bbd291ff76bd50ba018eaeed694c573

SHA1
e76b813379274b021a4c0adefbc958b028014c68

SHA256
da6b0c103b1ac60ceab62de8f8fd2e6513f8e3b043c89ce1142821082dafdcd3

SHA512
5a019da15318eaed8f424acc4e671a739eb50ded5cc99d610f2920ad517595db55999fc36531a3428990f93d6d622ed361d7edc9454c5918a1810d9e753c6989

Download Submit
C:\Users\Admin\AppData\Local\Temp\nYIAUMcE.bat
Filesize
4B

MD5
cb757195f5c8eb5b12e161eb152423d1

SHA1
516ea7b64462fa1a7af06e40f1d8475729999f78

SHA256
8bd58d8d40905fbaaf48c05facab6f1c6a7a45f47a352714f5069d544c58ecf2

SHA512
1e1bc160298ae512056f13aaafa9b844127ce530f6bda067ddb56e3f9288ce3acfc15e03dc72729d4c58409f231e23f5596eab1189ddb819307680224ae47de8

Download Submit
C:\Users\Admin\AppData\Local\Temp\niwIMowo.bat
Filesize
4B

MD5
96a9bb3245c73b1f8990b8f78cd35ca0

SHA1
3dedaf2cd83935458ee6c04e96a1dd207cd31c57

SHA256
fcfbd4839bf58028ebfe2455d256dd564756799c004abe0c8d98824b5b1c4f72

SHA512
7ab0b36e8a7acbde93e501a200f4c29c6e1bd008c8c227ff84dd51411317f7427680d00c4b6694e72bd36c8bf7177bfb5c144741ae9d7656eef4f3dec4287ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nwwMwUoU.bat
Filesize
4B

MD5
7195d1c10bde3cb694171aac68f365b5

SHA1
708510dbd4c86bfebb9e4221dab193a784546497

SHA256
46d850eaf7b56474b8fd404742a5e300d2527e4fb00746f22c63518aa23a2cf9

SHA512
98cac18e9bd41b1fce97613fab58ac4f714bc4ab4e008b5cbeff00069079bb810cf377123e027b969cb4270e05ac0335896250c181536492f2b0c1581b66b261

Download Submit
C:\Users\Admin\AppData\Local\Temp\oEwC.exe
Filesize
318KB

MD5
0d68f03cb7e3b86710cf8f08e789fdd0

SHA1
3b547ad5b52a71e2655056c40ddb5ee13736ce10

SHA256
4fce64a32399b2dfb949d77985d8952632454aa07ddb5906d743fdc5f8eb0dd9

SHA512
21a474e58571ea8155474732a1691524912c825a6094c74fb14c1d70788a80b1a70f2d353712e9a6f7e1e7755792aa54ca59b7205b68e609214b427880236c5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\oMMw.exe
Filesize
327KB

MD5
beee2b31efd8f12afcf7104b814d6ca2

SHA1
a7648e89eff28d4d8b7b107ba03a4738f4728efe

SHA256
44da35df9cbd2b739763c68ac29b2471379f55a321bac5c91a51a419754676fa

SHA512
da210beece69188ec77e2f7f47e869b39cd6aea65b9d272d69456a77a8f9a977e77fa61f9957bd6611b7523c88944cc09c535c405110d9d5fb736401852e54a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\oYAS.exe
Filesize
228KB

MD5
6fb4d08ac2e6a0301f8b97c3fe558374

SHA1
4d5103a7144f1059c277656eddda6da0ed49f85b

SHA256
fee55f324f581929b32476b2d4b25ee88a9e8173f5c81962d9a8d2c512a1d833

SHA512
942920ced51070b17cafa5b2c068b130b53edb2485471f2154e0f851b80e426974eac4c8011039707cc6e7436e99cd5bcac0910b660812a1f36d5dcecb418914

Download Submit
C:\Users\Admin\AppData\Local\Temp\occcoQAU.bat
Filesize
4B

MD5
75be75f2b285b43d50c2175d3b81e166

SHA1
1cc760a880537af151b96e03617b6965e123b843

SHA256
8c45f5d3f32c4ea91dea5b6979cc3de21bb88340e15efd5f3a2f1d6a2287bca8

SHA512
4fd03c1d1171af2a737bf8ff76513b9aac3df74b92d69f0c398271f292a1dda14cd43073629f32a120425a0200bbb459fbbffe4c2becf41328075c7f076fce34

Download Submit
C:\Users\Admin\AppData\Local\Temp\ooQA.exe
Filesize
244KB

MD5
b4acd9cf54c9311a0a3401735e79b094

SHA1
b97877d834183737c3935e02a3fb1683b71c66bf

SHA256
5fe7c474a29f09a3b0bee34b413c6f3560e69c2a082773b14f64a57b17acca37

SHA512
6b4f0187d531b6791f4f6ff8b230440aa86afe687236e063bbd52b7bf473d4c13911455e5cbbbbfb82566b76fc78fa9154298f38fef54c9dc2d67bc80af122e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ossA.exe
Filesize
240KB

MD5
39fb21013e54a72b10ffb53c720c5796

SHA1
a8b9b3cea19118435f5aa98c03e8dc326df68d82

SHA256
7ef5fc909f8c004a2c5ed118087f72ce2e139c2f46def2e449b8dfbb41c4cc94

SHA512
bd69ada757b646476846ef27dd0ddbcdf27aff50c6e90f6a092df2423f67bfe0299a8732d45a4df2e6f34d08a0213bfd779e9a335b22c1b695c9e8e14039b20d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ouQoEoIQ.bat
Filesize
4B

MD5
14912f67ef508409835bf1cdfa407a15

SHA1
920ff13ddd1cbdc9175f9605f46af3570bdff0d8

SHA256
417be5af72e61a62bbfc6c6327e988f324e87782e9ae3d69f925979120be1354

SHA512
7857a69bf76884ab5b14db8acf927aac4dae7327c07ed25c9e87b7d1c96572d3fd4bdec9c2f0323eaebc35bebc88f91db80543ab7e27219141388e88b0e6f6f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\owwY.exe
Filesize
196KB

MD5
41c46a54c54da663a61ee42f67fe1552

SHA1
3bb061799f0fd2ba417c6db6a2119c0e40779e71

SHA256
221110ce11413fd91b09ee80bb5859c4edbe883aa605bf8984d4838a99f1df18

SHA512
82a8410301e7ee9d99daaaaa5a16ab11a5e26e9d40288eec65347e8247be208fbe1a514f07642d0c51997355d96120954f6de190053e4baadeb59f0b946a6622

Download Submit
C:\Users\Admin\AppData\Local\Temp\pIcIUQkg.bat
Filesize
4B

MD5
7c5e52dd86bf1a31311ba504807f7f31

SHA1
7cbc7f2621b72b996727c0fea4f075438e23db9e

SHA256
0a38848b255dc4b886cf73868e67ac79a5a2dd3b7cc8b73697f5e28239a08a96

SHA512
4e3ed32550c1faaa14d0e90ba6e93a84484301e37e142b375d8a42b45db244740db891409156f0613f2ea811cc16ce007f1cffd3e1683efe2dd6754c0362bfd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\qEEEoscM.bat
Filesize
4B

MD5
abf3497c76695ba23b110f257321a822

SHA1
be16ade627631e8351cc892d623c2faaa323733a

SHA256
2563b13b9248f6e41767d795d1f1f70089e63e1e22e77b77845abc1d23532c40

SHA512
e3397646a6d7138df53cc6b43a813a0624ef46c4df216b4142a46f6e4371eed658d4244711fb84b6c56adfd5e605ab3f2c22bd739f403004fabbf3b74c2a589b

Download Submit
C:\Users\Admin\AppData\Local\Temp\qQMgggos.bat
Filesize
4B

MD5
2a7d104b17fd4d59cb89944f8617bb95

SHA1
47d599e1d61e3e28c61af2fde9804e259cb514de

SHA256
c686a6df093c4eaba0c054e087e1db5bd4afd7bb13a9631ee357988f536b5c0d

SHA512
89d1ae7849307bc694695a4859a23d4fd74e50273c826b6398a8976419ab4f107eb9d5f4b2e2beff8b6b346899c88f320621b5ac192f949e38c0f987dcb72f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\qQUY.exe
Filesize
229KB

MD5
816f27ae8e5040c4b502480edb33548c

SHA1
16a5b05144ac90371f1b8fba6fe818d56585caed

SHA256
863794fac9857372897e54537a61adf5aecb1b84c2daa2af395bb5fb90714e40

SHA512
b2b127f7520d8ccc4835e6a71654000658b5bbd2c9047eb1c9c29168ac57ef25f7b324fa28420b3b922e0d0ef80b92bad8383219a2a7f7dee3b70aefb8c49046

Download Submit
C:\Users\Admin\AppData\Local\Temp\qYAW.exe
Filesize
182KB

MD5
baee7ba8beee0487b87ed432504c1526

SHA1
9dbf84f478685c524bddd2746ef6e15877829c79

SHA256
c7c2767028f47e1b99fce7be7b8fd1b212fb2b31490e9465f6cc6ea2a3731c13

SHA512
b2a83229f69e0d236ae673d9b82fc7ba72be55f1fa8b119b589ee47738df8a38472b6c86dba6b24de536b32631bf6fe24f7d1af6fb14effe28469404c8967a47

Download Submit
C:\Users\Admin\AppData\Local\Temp\qcMU.exe
Filesize
816KB

MD5
adeec485d96e8d3161072dd6ea480765

SHA1
138d92948a587a57f4899b656565eee8c9270742

SHA256
3e6c029d59b88d94671657037b8c3f9d377a984710e4cdf9e3e624c310a15873

SHA512
79dedc0dce6c06edfe5a1383c886b9868c1f61cac961ddae3f214422fa4a0dbf212ed016039f64fbb7198184106ad1f3974444ea33a0f55a3804ccac327d23c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\qgUW.exe
Filesize
232KB

MD5
410d6c3abea1b5bb085ff3ce1c7849a1

SHA1
7c5de203701d313f5c881bd49e7ac3dd47150d8e

SHA256
91e10305af491706f00b0e20836ac1274261290dec8ffd51b5998a9827a89578

SHA512
2ca3f785ba770656ce58be08ed8c3a6b86966fd7a0cfdd2ccd60ac63f08edeb2f920edbc4488b753076f569b159ff63a348ccdc30c14bafa89e89a96cae5e21e

Download Submit
C:\Users\Admin\AppData\Local\Temp\qkse.exe
Filesize
234KB

MD5
0b49f4ecf5c97b44373801c72f1bb1ac

SHA1
0a71c84565acd752e619e8bdc739d1a58bb37d16

SHA256
e6ef745d10441c4fc8f09e738916240187fb757f60233beccdcc22e598455f65

SHA512
65abd085d9bce89e561defe5aa8a29e578bf9e33bc52431668d33efe18be2ed617b9cb35e4ad0013ef3cb48a1f282f0c67f3bbb40e077dcc57b2b4a4b7201041

Download Submit
C:\Users\Admin\AppData\Local\Temp\qokq.exe
Filesize
210KB

MD5
d8ec229b45c5cf2730bd5bff79b89a09

SHA1
85f4104bfec66cd275c4a851ab126074f7849b4c

SHA256
a5dcfc92ae06b705884986d14684e1b1ad46c42983c366292c5e725a88bea987

SHA512
48612f35444d0897a8a36121ab9f770b7e6e535875afe1c45ec62fe00c9be9383f4dfd1d70272b40934a534b8278611b477f2021b940fbdeb5d30057a4e244c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\qqQEIIAM.bat
Filesize
4B

MD5
f85f4c32e3180b4fcf419457a0d36d06

SHA1
01abe6bb12a26d840f2756bd97a65ece4c164c87

SHA256
fdbc13c6bddda3526593d77a3300420e4cfb239e6a61d49f609b3a524fac47df

SHA512
e9c77e091957cddbd39605a879dc378f248a3bfbebf482bfe6d41a0a150f35b018f84a47b1a13ff951d925b12a2ec601dc44f45d200a81a2b9cfc3ff6cceb09e

Download Submit
C:\Users\Admin\AppData\Local\Temp\qsUS.exe
Filesize
236KB

MD5
aee30175c7ca25eb47e0d1ebf1f21add

SHA1
0239e40bbbbd1c2cbffa8e6cb9a19d2b56efdda1

SHA256
63afc018fb58603636ab24652d303886357daceae95df1ccb4429f0b63e8613f

SHA512
ee91dbd4a5728193a44e0ede6f2ade8c0850ea7a6518dcaa89f91372c89bc851ce6fc7a4ffd7ba691be06d62f2f8150c38514fd80cbac9ee0a56b6ead0c76183

Download Submit
C:\Users\Admin\AppData\Local\Temp\qswE.exe
Filesize
1015KB

MD5
4f69dfcd0e9ac4a0026f673e9e49c96e

SHA1
d5e896cc7b27c296435561af82f1d04165acba79

SHA256
5b50bbe99f905d5c873ec402ed033fae4290576ff3981cbc6642903d126b353c

SHA512
c7a440a4542b5e910178ea135bd3cc6630a7081fc818cfbc0d1f28976d4dda92487017c964bca63fa57667a3db722e5aa6c959471333103ea108930b1ce094e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\rgsYkgos.bat
Filesize
4B

MD5
d60bccd17b89e701714fbf844480d4fe

SHA1
e970ca2907056988b81a918d59f7d0b4668a5fdf

SHA256
e5da86781d88814207cc23b34fd800d6126c73bd6b472942a9acf2561a81d454

SHA512
591f2ecd87bb1a7ca52a7bfce25c80a5015134bc8204f25bfea722392f12c80ff1ce7bd13e082cb886d682edd73006081fb0fc3541b1e838794fadcb123b139f

Download Submit
C:\Users\Admin\AppData\Local\Temp\rukMsQEc.bat
Filesize
4B

MD5
166981d626399d1169cc2fc06c4e45bc

SHA1
a7b87502f3e34f92d3d9a766f8699a3ed711739f

SHA256
2d7987c5fa7800c401bb7642ecfb87b4b5a70056f0a505be9c189aa8eca6321c

SHA512
3ca37353933d5ed8ec858a969c54b8b0113650f97e789cf72c480497abfe05097a9d3add74fb19295630e6916faba98665e2921425e7575005c420040c8e703d

Download Submit
C:\Users\Admin\AppData\Local\Temp\sMkcMEIU.bat
Filesize
4B

MD5
39d660704272cf16e26b8a66a2950f6b

SHA1
70d0268c929c7d27130b54d101d3f26c50b27f4a

SHA256
9cc64b5dd2fcd76bc129558706cac3a965adb140df6aa3bf7caacdc1f0c93891

SHA512
4e9cf6484368181889ec0bdeca59eecb1d95495000eb1090cabc58b598f6c8236160c2fd6b07b2b8afaedf79b494e9d808602e603626775a5c40b805e835f6c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\sMsIQAYs.bat
Filesize
4B

MD5
aeaf284de1358c492893602865902337

SHA1
0106ac1204d73967f81c1893126f42ce429354ef

SHA256
adedc76dcbcc5bd762f4169c708b19c269e764d36ba48e7998822c94a2c83d6c

SHA512
0eb2342e70f9831c6c7d674b0e2a5ba3c81f800ba343bd689bf4efc2ca7bed2c8dd6109265a7b70f8a3207f1d389d67dc54ccab17e58d4ff770717c52ef3232a

Download Submit
C:\Users\Admin\AppData\Local\Temp\sUoMcgsA.bat
Filesize
4B

MD5
06a595fe9449cca3e3a488bc915f80d2

SHA1
e3f7474a019cff28b791f8b542f9064f9ea4daa1

SHA256
f2cf5889ee9a2106bb66034a1ed828c38fadf59ffda10b35e37da53fe54061a0

SHA512
c39264ec9ed31c3a2cea18d9696b9ec30a761c0499d80851a2a46b59162e8499abf1dd1e0ad3fcd38c5feb37bedb36f324a22a27190bbb862760e7b039833b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\scMk.exe
Filesize
251KB

MD5
448d0e33fca5b58e96b4dea1eb227502

SHA1
f2f278d3cd59c44241e8220a018d01772aab1de6

SHA256
7f013fec413ca50d9dc13fa0d83de118231d603398a7e907516ac2e5650ea9bc

SHA512
f8a0a217a1ce18e05f184e6b03501abae4de1dccc5dbcc379feef29387f7a634703947811cc10159d75900dc3418de4be74ab06dd3bdd1a16ffefe94bd2b24b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scUE.exe
Filesize
224KB

MD5
159f406c4cb9ba298bda7718f63646af

SHA1
4622746b08180df0eaf036f1a0e7009eda41822e

SHA256
27d2c7438549b68383ca248943f6d6c4932e2545b3bdfa81338d1d23d0038491

SHA512
d5d9b128da30ce2ee422f4af55750726aa17fef58f7b7631ca015fcadfcdaf5b41074ee82a3455ceacb6e55da9256d0b693d8476780bcbedf19c2e4b10a434fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\sowC.exe
Filesize
240KB

MD5
3460fbadf79a1231fa5a693d136384f8

SHA1
0b1523c8632eaf97c60a83e14807fdc5cae1b5eb

SHA256
d98872ca151788cf480c8c136e60f218329acc4ba57f19476dfe577f007fd4bb

SHA512
62d9c91d85989491929512cebfb61d871f47ddd6eb145d8f35210d3ea98b6d792ebbf96a4ec82f1bfae88d1eaa6af0c47198de394babb7cdd1ca45b269041951

Download Submit
C:\Users\Admin\AppData\Local\Temp\sqAogQYo.bat
Filesize
4B

MD5
b60ae61f7cf21db799570466fabce981

SHA1
7b32dbeec67fa0da076aff690f8fdd25341fe332

SHA256
6c17eb4e700f8bdd9da5853d423454e92b6afb41f2ec236e43603d5f14d7d79f

SHA512
a9f297f7818086f51011ba7dd333434d38fdc2c3e40f2341d85207ae79488596fec524d6a1a0f7a592aa7498b3be5f9f04ce03446e3d50c64d729fcad572c806

Download Submit
C:\Users\Admin\AppData\Local\Temp\ugks.exe
Filesize
702KB

MD5
a669a56e338abf85aacd056f72b336fa

SHA1
fcec27f1d6f5237e9a4c8a9008ef6769ba48833b

SHA256
5b07247540a5e618c02f34bb823ea5b15c1ed9c7ded8733677b41ebf51548215

SHA512
8e624bbb3dfc99de45f6b7668db94558284d9d5c8844a2ae635f6212615fdb108df4d918feafa4e0014c30ac05b6ec2fcc4e4c3fae8a42333b8266d88f3df2b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\uiMMwQcw.bat
Filesize
4B

MD5
a5b4b05af50d084351b06689fe297a77

SHA1
118f4e3c82aaf76feaa728712a7309f54c55aad1

SHA256
c2173591f9c619317a1e7f594ff18fe4f2b0b0a77f5e5370330388b5deef5a6a

SHA512
d58a3f2d1fe1a4218ed1192aefb77c5861d523dcaef75a8d801f62d6a2851fe0aeff248753869b6bb4cf3c3723298bca6d36ea66303430e91b0cc12b3ec6d969

Download Submit
C:\Users\Admin\AppData\Local\Temp\ukYe.exe
Filesize
239KB

MD5
32d4ee181944deeba1b88b926a73da14

SHA1
be2d90833f6fc05b84fe75c3e5c726c5a85d45b4

SHA256
77aa97d7378b021d37f7df5e3b76e4196ffbb22b54998ff308bb31adddd6863c

SHA512
f7e99b6a99ff2e8bdf52df482f658599fa61cc9927c7e670786b232a94b9e8636555aa6875ef55b1bf3b2d2ec3569fa2464f75abb414b1344f90b76a471a2d7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\umgoIwwA.bat
Filesize
4B

MD5
695da451d3de60cba4f82c60dd2a60be

SHA1
5ac0bbd5c3ac70d11f13324f010bb46c5e71812f

SHA256
63e42a19bb9e548fe12a63aee1f7b5f5504c6d8023ddcbf43e7d2e21447183b3

SHA512
c341c9c1905c1677e504e9309f703f41bd2d51980649b90e180041324d704f09a19fe238ef701c99639edb9c5339dc9789d53f272a35d0772dfb98dc790bfad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\uoYoQwEA.bat
Filesize
4B

MD5
fe81e1d92a1235f2c3bd29d8ff4d42e1

SHA1
44352e6df4c925f7337a9d91bf391ff3b35ef196

SHA256
0a9c77024ee397c22c5b2a570819e405d9e31dd279e98fe1a5e42d1770a698ab

SHA512
ca924326fc8a5a2fe743367e89e902cbadbaa6f399f07341b63e7f87676822937932a70da8453691e500aaf71d66fa65d1cb0f0ea81c6249b1b001e26138ec1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\uwwW.exe
Filesize
195KB

MD5
b909f3cc435548f75b4505f2f26c7352

SHA1
214a5ebc8667dc8ad085f51e243d0ade0af83811

SHA256
4a716f1c9e57758a414b90444229467b210d8fd92f6057ad305527f70023ab79

SHA512
fcd2eb4b6b8cbd1a7fbff42b5a2214d24adfdf394fc5ae60944482b4e62725f1cee01f0130d2c254e9b62c3844161761c1de0fb68402a08f894aabd5e7f2dc48

Download Submit
C:\Users\Admin\AppData\Local\Temp\vAogkwYw.bat
Filesize
4B

MD5
b54f1cc63f94634fe7b42c391114257e

SHA1
f23f8395e1adc22c1b98c3b0a22fecd7ee9fb4de

SHA256
a821805afb341529d84833fd87ed176a0c6e690aa99c1b37d62595efbebcf695

SHA512
a0c2e54f292cc40aa443bb6ad5e9a72c3e7085d55b5c80d27a5465cb628aceeeb15774eb65cb66a809700a11d5d140e94239a3868b2253babda92118fce2323f

Download Submit
C:\Users\Admin\AppData\Local\Temp\veMMAQAk.bat
Filesize
4B

MD5
6abbe7ec24857a88d0a3a9cb70f7fa5a

SHA1
3b453c7037811155a591c7ac8d06c1ae3adddb27

SHA256
0fdcf58309334be6b3d1e0278aabeb358bc6dde7161837aa8fe659c455dae015

SHA512
4a624ff61895fd9b256601e9f311a13d010695eb135b89af47bddd038aad119f58ff33620e356f7fd61526ce82189209c74ab67c67a8a1a85c450af2faa5d3d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\vgQYMIEs.bat
Filesize
4B

MD5
e8a34547143b66919d7f65b01bac2fbb

SHA1
07079215685779d44549c8c0040bb2672a12b199

SHA256
9fafd737338abb09abc0419a27272e80e32ad058e7e74f9b3f7d047840489cc5

SHA512
08cab438ba89c2199a8d702a1346072b8dde695bae2da7b72b91f8d37a8229c94686a8f0e64302de74380260c24ed06e43ecb42926599e457ff6d91c7f928b2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\vqIUwcsA.bat
Filesize
4B

MD5
72792d541df4c5af36e4e1d96f17a12c

SHA1
4d450adae0dd2b0799806aba313e8e6d1851410d

SHA256
41ea130459eb5047201bedb16ff628ce09b5f723d902516394b0ac26add60b82

SHA512
2a9de056555828d362df552bff735a04e50f890ea98d52a622d14b56e5ed76c2d7c695e897c57fb5e92eb017313d3bda0c2b2e33777e8641fed6a9a1b6949627

Download Submit
C:\Users\Admin\AppData\Local\Temp\wAwM.exe
Filesize
235KB

MD5
a6c4a8db622750f0149a5e1eee5e0f8b

SHA1
43bbe1d5f96bd38a9b94ed290766fe079b541674

SHA256
dcb4c372fb343b93725b17382448b0f1bc619c599a7741569141cc3c9145f67b

SHA512
8573ff699ce97925283dddad946dae334cc5cbeede922800f4d02cc4eeafeb19e0ab4661c72809f2f9cc4e62919492b59c54e41655e97f803241562f13e359e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\wQoa.exe
Filesize
237KB

MD5
ac11111152f9488e2b7f04bd7cbd0544

SHA1
3ad5b7784ba24060deefd2a989d945be1f788485

SHA256
6b22928a307b9123f64c1b42d94d1f175144b084624564e0266a91a972a4a6f1

SHA512
42d84ba48512996efc382c20228f82d7754e5b662a5e552ca9f14cf7b4ba7124887d6aab90478ed5832210538c8e6b4da91d48314f4b1142c82523b509f5448a

Download Submit
C:\Users\Admin\AppData\Local\Temp\wUog.exe
Filesize
250KB

MD5
51106e2bf61b96c27ee0a45b5c0a745c

SHA1
c849c2c9a2ee9a5052c2789e272f99d235382e49

SHA256
249a7a4aed49a533bcb94d7b6eec5a061495aea04490f6b2d9a1486d1352599c

SHA512
a39f819a755f37b263fed2b97dfc0f8b23823bab4ab468aa9d5ed96fca5fb099864ad5be02c420f684b8cb039a0e0e3fba8d3dd9579a4c8010fea24bc3c44adf

Download Submit
C:\Users\Admin\AppData\Local\Temp\woIsIYIU.bat
Filesize
4B

MD5
3f5d04fe19bfaa5763739479b16cf9d3

SHA1
3274e887c02c54aed65f796070f7d6149b27d2ce

SHA256
d803476b58413c6065af577671d360efa4ecf4e7e3b2996bd0ee7cb24165c1ae

SHA512
93ebefe054ff90835a3b194027250a43a6471df83be743d3f606f58db339d29aded6a6d5997be198081603c24be9eb2ae17cebb9aaaef4bfc1e4b6fbd86d4033

Download Submit
C:\Users\Admin\AppData\Local\Temp\xCMcIcow.bat
Filesize
4B

MD5
462620756cd651358181090d725ea9f5

SHA1
5d0a8f327a9507a3ae2ccbe0513614c1e67ad860

SHA256
57aa3bf9e270c7298bf1638e1f4f1e73a31d24ab6e85ca4feb2a83f7e67e9c42

SHA512
8811f9c307ca63a9bc4b61dde4e855e6742d0192fbddd046bcb464f18cf3bb009b36028b12a8b228fe4f33d9ba9c21344c9e3e35816335732b38cd199adb85b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\xaYYAMgw.bat
Filesize
4B

MD5
5ab60ca1c719b66ef2ea0034165cff1e

SHA1
be0914bd54f23a1da953280791063ca0b3dad958

SHA256
6f06b91ad4ccff704cca2c2b5f990d508fe469ac01b7fde2949ee1f36e765e1c

SHA512
c227e237d35a7d8998e1ffd045c54b51e4a58da6c5340845bc9074eb679bf1eda18f426d27420974757eff5e9390f8aab6decfd5aaf21bfb28e3b7570411330c

Download Submit
C:\Users\Admin\AppData\Local\Temp\yEQe.exe
Filesize
234KB

MD5
b04fc04014e53873924bc2f28b430f07

SHA1
612b98a9e5310e6f0d9d7bff9b98aa04b17d3891

SHA256
506a669a4225ad55e1c7c5529bfe6d4b5153f85cb423cf9e71874fde159c2569

SHA512
67937fdc1cec736a467726325c70ad890a5cb85520bb7a46dbd29c71051a0101e03cb5c5f10d1588215ec4671bf8d45c6bbd8a4d597f5bfe2d69914a36b99c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\yEYS.exe
Filesize
205KB

MD5
8e87dd6f9bd3d44295f2968665878ed8

SHA1
0902d55ffbae5b114bdff80e9395d340e4438270

SHA256
451a4d63eb14fc1ef2db6578f8512d56c055c93dc49063578ae22c1a4e4633e5

SHA512
603b403ade015e39c6a90a42196f17062d25b48fa1890189497d7efe9a1406d3b490ac288633a62a9e499b2829a571ed46f474489be67ba7c5748c6c28c0f7ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\yQQo.exe
Filesize
248KB

MD5
6db46d69173cb797ddf954d64c97c26b

SHA1
b331bc35de8656e4143ca02cba96c554117bce55

SHA256
0c743d4a8d850aa45a5a69c6f5591350cfce85efb2760221da294212f64af224

SHA512
00a52b903256e379ea9a7e37b9f46d2e075dfef07d088b49b3094509d17172239e9a04213f8004338670fe6f0631f0a6b086edea8ce79d85830d179e21e29e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\yQoM.exe
Filesize
4.8MB

MD5
e28da8d9a84f0708add878c5c753f72d

SHA1
d9bd9f179485025aefa07b2469b94bbf3af07c99

SHA256
eca5ceb92b7bd31dc7346c07de10a686cec7e679b6fd6dddc089c057fe948f8f

SHA512
e7822eaa553086d43500dd239b669be11468c45c34a54b48dd1fdfede30dea32270b7314e3a23ce3fc0b3055789f85cc46b7017e0ee428816b93d58ff54b7a27

Download Submit
C:\Users\Admin\AppData\Local\Temp\yYEU.exe
Filesize
242KB

MD5
47fe78e3dba79a6d967dd981c1030094

SHA1
67bb9c617ad7f5910e5f7c2e517880061a8c4597

SHA256
a1a0d9bed00915c20b76885dd2bf3e15beee252440439c6d8dba4e98db03129a

SHA512
2788b3eeb2f55a9e6fc0d44b03b2d5b97a004005aa22de4f98d5877e7f04dafb730306a23ab4908e28180178f459bb64f477cdd10bfff549158d73a1f8794c5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\yYYkIAIM.bat
Filesize
4B

MD5
910135ba790a078df105f045d1f0c9c1

SHA1
ea17531fc97215f9f22f83cfa43446c1c5b53309

SHA256
0346de1979f1f069689fd4f968ea180534247478c73dedbe0621790a8e7928f2

SHA512
be22cfa813a5d135e3e9e5af94e790f8e33a144c06f620fbc3b843bcb4e9b73f6f94a8ad3b55f2b74acedbd5acd3c625f4c5c8a8536f880916840e065d96bac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ygQIAQgs.bat
Filesize
4B

MD5
19e6cf08fa581dc61bf8e3344f02e3e7

SHA1
b5126202b29d4b675acfc3a4254ac4a527b51ac1

SHA256
17afe272157e9fe5689360407d02afd3a54185e5f07e6f040103cec9f61b2bfc

SHA512
89346b0ad2ba7cdc4abe0bb6a885b7b49e9edf5ed7b76fbd5501bf4ffe6c96eeb574b281fefc5819260e222ce23779d31c97d531c9900fc00ec293846348a84f

Download Submit
C:\Users\Admin\AppData\Local\Temp\yokC.exe
Filesize
940KB

MD5
3f4df4d7bb9c73a27a0b0d5ffe884728

SHA1
a42006144968138be8970a17f46ecb3f66e6119d

SHA256
42638c396a217d517e4ac1753c99966e3b36cb202961dbacf0b4b4565cc43837

SHA512
bfd03edc2a7449400a4a877e7a053b885d0916af2c4704be7a3081868057050d3c1e7adea47fcca5bc6477debd79b51e535b9b075f2abe49e5e832064fc09cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ysMI.exe
Filesize
217KB

MD5
df157dfd0fb300e35ebfaf015882bdd9

SHA1
80702bfa109fbd37010f4c6a36818e72cb5e6e7f

SHA256
74ca357e479095bdd11d0c608d76e793946a064909ea76ef007fd10e00472ffa

SHA512
de41296e81e008eb87c1a8a7e133a922450008dbd1d5663bf48768f8aa9cb665bd419f879a6d20c3e3ec083dde2213586afaf67b424689c5209c19923cbace52

Download Submit
C:\Users\Admin\AppData\Local\Temp\ywEcQwYs.bat
Filesize
4B

MD5
46207a17ee47078ecf6aad882d1752d3

SHA1
ce5c2e738571ea7ce86fe5bf605c74715bb14cae

SHA256
b670c914784a8042cf18ea94f875624ac1c9cc0068ddab9b79f953d231a438e0

SHA512
bbb489a2e01f143e5c5edfefcd94c117b134f3b1c943285d180a8806647f9a9b38289b70df86c425f37e708340c72ceb833fa68f230701414577c4c5d05ce27a

Download Submit
C:\Users\Admin\AppData\Local\Temp\zQwsAwoY.bat
Filesize
4B

MD5
1d7a1bb9299d045d44b88c229594d94d

SHA1
c00fc78af9a517ca4964a14411b1fdd704f741c1

SHA256
fced1a41bd30a851e20eb3f35cb888e612821f6b973bb81bd24c1958cdf2e525

SHA512
054cdeeca1ab349e23b1e88ff46d837c7c453f271ccdc80093512dbe0689f7c52972a1673a376db37bd51271fdab4bc36b77c2fac3786d48fe5eed80b4ca6058

Download Submit
C:\Users\Admin\AppData\Local\Temp\zSAQYUoQ.bat
Filesize
112B

MD5
bae1095f340720d965898063fede1273

SHA1
455d8a81818a7e82b1490c949b32fa7ff98d5210

SHA256
ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a

SHA512
4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

Download Submit
C:\Users\Admin\AppData\Local\Temp\zwEIIcoU.bat
Filesize
4B

MD5
61e1d651b316456a18fdbcfce0f7f308

SHA1
a4742bf682bdffa3a267e4a98804dfaaa7c98ef8

SHA256
3098a18ec1ab3b4f286f62390aa2afe9e00a25c1cb0603f60a9ea81ecc6b8d3c

SHA512
b5c37b3fe2853b66e827f5cd867b3e27b508d6c099c14678e7a79dea99bd4eb4001ef90babb93e7c9618b806975dc5e6bd6e95955224ae2fc253f87aca718b55

Download Submit
C:\Users\Admin\Pictures\DebugPush.png.exe
Filesize
1.0MB

MD5
e13a30bc555b9ad769f14c01fc9b363b

SHA1
cdbfbdd40e14ac8691c8e07a015c76a36ecbf5eb

SHA256
590ffff7ac8f6f7d4dc0e213fd45f2d5d6f06fa0fa5d41c51dd9f36e94be0377

SHA512
9ccff9f889369ba54749ab93adb0ea7af4d70907255213588ce8b3a3327b55697025091314ce1fe221e1f4bc4cf120db20ce63887dd0bf1d50cec224d934f91c

Download Submit
C:\Users\Admin\xGMQwoAk\mUYIIoQU.inf
Filesize
4B

MD5
4e1b950196e551ece9c49e2b2bf428e8

SHA1
93e388e7a115b200b2303c8afbc5b412546cd2a9

SHA256
c974d5c2f3d25ab28a23954c81f32642c556d4958d967da34b01c4035de3a352

SHA512
7957de0b487b72bbbd170231350b75187b97d41e1fbc4ee03c873e049a8f205165d1dcf8d6cd36396bcb382c207ace288d1def66e9bd8b7de11482750bad0c5b

Download Submit
\Users\Admin\xGMQwoAk\mUYIIoQU.exe
Filesize
183KB

MD5
35d93ef0f059c715456dcadb38728929

SHA1
3606fbe82cc4d07c48b3fb7919b64f26bc13dba1

SHA256
1305476a42e53d6b86951d7fd0edca71937e33f65e57f6aa499c5c32039e3fdf

SHA512
8ec1ae2c261e674dfba672d0ff78a516e45e77d989777179dc0b9322bb88df752a6a725219d123309b23f5e12c23589e893605b455940204d0caff9d96dc8207

Download Submit
memory/268-274-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/268-241-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/400-603-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/408-383-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/408-415-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/576-623-0x00000000001E0000-0x0000000000212000-memory.dmp

Filesize
200KB

Download
memory/576-624-0x00000000001E0000-0x0000000000212000-memory.dmp

Filesize
200KB

Download
memory/688-500-0x00000000002B0000-0x00000000002E2000-memory.dmp

Filesize
200KB

Download
memory/688-501-0x00000000002B0000-0x00000000002E2000-memory.dmp

Filesize
200KB

Download
memory/1104-360-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1104-392-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1312-431-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1312-464-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1332-195-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1332-226-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1408-288-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1408-323-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1440-81-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1440-114-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1448-584-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1448-613-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1508-14-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1528-478-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1528-513-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1536-338-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1536-369-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1556-297-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1556-265-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1560-250-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1620-541-0x00000000002F0000-0x0000000000322000-memory.dmp

Filesize
200KB

Download
memory/1736-169-0x0000000000470000-0x000000000049F000-memory.dmp

Filesize
188KB

Download
memory/1736-4226-0x0000000077780000-0x000000007789F000-memory.dmp

Filesize
1.1MB

Download
memory/1736-181-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1736-171-0x0000000000470000-0x00000000004A1000-memory.dmp

Filesize
196KB

Download
memory/1736-172-0x0000000000470000-0x00000000004A1000-memory.dmp

Filesize
196KB

Download
memory/1736-3096-0x0000000077680000-0x000000007777A000-memory.dmp

Filesize
1000KB

Download
memory/1736-168-0x0000000000470000-0x000000000049F000-memory.dmp

Filesize
188KB

Download
memory/1736-3095-0x0000000077780000-0x000000007789F000-memory.dmp

Filesize
1.1MB

Download
memory/1736-155-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1736-4103-0x0000000077780000-0x000000007789F000-memory.dmp

Filesize
1.1MB

Download
memory/1768-551-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1856-240-0x00000000002A0000-0x00000000002D2000-memory.dmp

Filesize
200KB

Download
memory/1872-264-0x0000000000120000-0x0000000000152000-memory.dmp

Filesize
200KB

Download
memory/1872-263-0x0000000000120000-0x0000000000152000-memory.dmp

Filesize
200KB

Download
memory/1924-139-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1924-105-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1944-312-0x0000000000120000-0x0000000000152000-memory.dmp

Filesize
200KB

Download
memory/1944-311-0x0000000000120000-0x0000000000152000-memory.dmp

Filesize
200KB

Download
memory/1952-477-0x0000000000180000-0x00000000001B2000-memory.dmp

Filesize
200KB

Download
memory/1956-170-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2020-337-0x0000000000320000-0x0000000000352000-memory.dmp

Filesize
200KB

Download
memory/2020-336-0x0000000000320000-0x0000000000352000-memory.dmp

Filesize
200KB

Download
memory/2044-440-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2096-502-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2096-531-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2104-127-0x00000000001B0000-0x00000000001E2000-memory.dmp

Filesize
200KB

Download
memory/2104-128-0x00000000001B0000-0x00000000001E2000-memory.dmp

Filesize
200KB

Download
memory/2128-593-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2128-562-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2156-129-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2156-164-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2168-561-0x0000000000270000-0x00000000002A2000-memory.dmp

Filesize
200KB

Download
memory/2176-487-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2176-455-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2216-347-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2216-314-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2264-604-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2276-382-0x0000000000120000-0x0000000000152000-memory.dmp

Filesize
200KB

Download
memory/2360-543-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2360-12-0x0000000000460000-0x000000000048F000-memory.dmp

Filesize
188KB

Download
memory/2360-13-0x0000000000460000-0x000000000048F000-memory.dmp

Filesize
188KB

Download
memory/2360-571-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2360-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2360-42-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2408-80-0x00000000001F0000-0x0000000000222000-memory.dmp

Filesize
200KB

Download
memory/2536-430-0x0000000000770000-0x00000000007A2000-memory.dmp

Filesize
200KB

Download
memory/2564-173-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2596-175-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2596-204-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2624-194-0x00000000005F0000-0x0000000000622000-memory.dmp

Filesize
200KB

Download
memory/2624-193-0x00000000005F0000-0x0000000000622000-memory.dmp

Filesize
200KB

Download
memory/2648-90-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2648-58-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2684-57-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2704-33-0x00000000001F0000-0x0000000000222000-memory.dmp

Filesize
200KB

Download
memory/2704-32-0x00000000001F0000-0x0000000000222000-memory.dmp

Filesize
200KB

Download
memory/2720-34-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2720-67-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2752-453-0x0000000000420000-0x0000000000452000-memory.dmp

Filesize
200KB

Download
memory/2752-454-0x0000000000420000-0x0000000000452000-memory.dmp

Filesize
200KB

Download
memory/2808-583-0x0000000000120000-0x0000000000152000-memory.dmp

Filesize
200KB

Download
memory/2848-287-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2872-104-0x0000000000420000-0x0000000000452000-memory.dmp

Filesize
200KB

Download
memory/2872-103-0x0000000000420000-0x0000000000452000-memory.dmp

Filesize
200KB

Download
memory/2892-153-0x0000000000260000-0x0000000000292000-memory.dmp

Filesize
200KB

Download
memory/2892-154-0x0000000000260000-0x0000000000292000-memory.dmp

Filesize
200KB

Download
memory/2964-174-0x0000000000260000-0x0000000000292000-memory.dmp

Filesize
200KB

Download
memory/2996-30-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3028-405-0x0000000000370000-0x00000000003A2000-memory.dmp

Filesize
200KB

Download
memory/3028-406-0x0000000000370000-0x00000000003A2000-memory.dmp

Filesize
200KB

Download