41b2e1b3bf6631b760c9a750fefc44e71d9dcbf90d333f7c04a9ebdd38c4485a

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
Size

187KB
MD5

7a8c3761bddf48493b1c70a2c7c0edf8
SHA1

4dbc881e89776f6673c0fafbb09793cc85aaf4f3
SHA256

41b2e1b3bf6631b760c9a750fefc44e71d9dcbf90d333f7c04a9ebdd38c4485a
SHA512

3524cb3525ef3d0881256065c4035ff200b0b4e9f12d183078beeccc584eaec24d69db4ad1e9d1086b7e0a490311a7cde7a02c076e5d77b48a3f822044facca7
SSDEEP

3072:cJRmXoYlhBOxAbektPNIWlNW1i4V7LdWXxY2C0UErEOtlV2UmDWAkVSKLlk43QbW:c7slhBOxAbekYWTWlL9UKPztbsF

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Processes:

reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

UAC bypass 3 TTPs 64 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Renames multiple (61) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

buwQYUwk.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation	buwQYUwk.exe

Executes dropped EXE 2 IoCs

Processes:

buwQYUwk.exeEgwkIoIc.exe

pid process

2180 buwQYUwk.exe
2736 EgwkIoIc.exe

Loads dropped DLL 20 IoCs

Processes:

2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exebuwQYUwk.exe

pid	process
2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

buwQYUwk.exeEgwkIoIc.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\buwQYUwk.exe = "C:\\Users\\Admin\\Cqwowoss\\buwQYUwk.exe"	buwQYUwk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\EgwkIoIc.exe = "C:\\ProgramData\\JYYwwokc\\EgwkIoIc.exe"	EgwkIoIc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\aGUMkUAk.exe = "C:\\Users\\Admin\\AOoYUUMs\\aGUMkUAk.exe"	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AccEEUkI.exe = "C:\\ProgramData\\QcsoIoUo\\AccEEUkI.exe"	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\buwQYUwk.exe = "C:\\Users\\Admin\\Cqwowoss\\buwQYUwk.exe"	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\EgwkIoIc.exe = "C:\\ProgramData\\JYYwwokc\\EgwkIoIc.exe"	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2744 2000 WerFault.exe AccEEUkI.exe
2200 2204 WerFault.exe aGUMkUAk.exe

pid	pid_target	process	target process
2744	2000	WerFault.exe	AccEEUkI.exe
2200	2204	WerFault.exe	aGUMkUAk.exe

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

Processes:

pid	process
2728	reg.exe
1112	reg.exe
1100	reg.exe
2632	reg.exe
1448	reg.exe
280	reg.exe
2016	reg.exe
2732	reg.exe
2032	reg.exe
2252	reg.exe
872	reg.exe
2596	reg.exe
1040	reg.exe
1808	reg.exe
772	reg.exe
1740	reg.exe
2456	reg.exe
2004	reg.exe
2020	reg.exe
2672	reg.exe
1936	reg.exe
2584	reg.exe
2372	reg.exe
1400	reg.exe
2568	reg.exe
792	reg.exe
496	reg.exe
1388	reg.exe
2712	reg.exe
2796	reg.exe
1888	reg.exe
2828	reg.exe
2812	reg.exe
1936	reg.exe
1936	reg.exe
3000	reg.exe
1564	reg.exe
1320	reg.exe
2248	reg.exe
1284	reg.exe
1672	reg.exe
1484	reg.exe
1496	reg.exe
2940	reg.exe
2024	reg.exe
2280	reg.exe
1984	reg.exe
1672	reg.exe
2928	reg.exe
2160	reg.exe
2716	reg.exe
580	reg.exe
1980	reg.exe
2804	reg.exe
844	reg.exe
1324	reg.exe
2952	reg.exe
588	reg.exe
1292	reg.exe
2692	reg.exe
1032	reg.exe
900	reg.exe
1732	reg.exe
2412	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe

pid	process
2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2776	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2776	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2520	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2520	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
392	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
392	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
908	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
908	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1032	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1032	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2456	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2456	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2652	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2652	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2296	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2296	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
772	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
772	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2300	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2300	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
632	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
632	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1832	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1832	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2172	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2172	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2644	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2644	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
324	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
324	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
592	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
592	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2716	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2716	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2028	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2028	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2396	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2396	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2096	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2096	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1628	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1628	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
592	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
592	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2472	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2472	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1820	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1820	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2756	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2756	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1316	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1316	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
844	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
844	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1004	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1004	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2592	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
2592	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1824	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
1824	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

buwQYUwk.exe

pid process

2180 buwQYUwk.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

buwQYUwk.exe

pid	process
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe
2180	buwQYUwk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.execmd.execmd.exe2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.execmd.execmd.exe

description	pid	process	target process
PID 2740 wrote to memory of 2180	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	buwQYUwk.exe
PID 2740 wrote to memory of 2180	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	buwQYUwk.exe
PID 2740 wrote to memory of 2180	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	buwQYUwk.exe
PID 2740 wrote to memory of 2180	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	buwQYUwk.exe
PID 2740 wrote to memory of 2736	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	EgwkIoIc.exe
PID 2740 wrote to memory of 2736	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	EgwkIoIc.exe
PID 2740 wrote to memory of 2736	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	EgwkIoIc.exe
PID 2740 wrote to memory of 2736	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	EgwkIoIc.exe
PID 2740 wrote to memory of 2692	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2740 wrote to memory of 2692	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2740 wrote to memory of 2692	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2740 wrote to memory of 2692	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2692 wrote to memory of 2576	2692	cmd.exe	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
PID 2692 wrote to memory of 2576	2692	cmd.exe	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
PID 2692 wrote to memory of 2576	2692	cmd.exe	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
PID 2692 wrote to memory of 2576	2692	cmd.exe	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
PID 2740 wrote to memory of 1248	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2740 wrote to memory of 1248	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2740 wrote to memory of 1248	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2740 wrote to memory of 1248	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2740 wrote to memory of 2952	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2740 wrote to memory of 2952	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2740 wrote to memory of 2952	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2740 wrote to memory of 2952	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2740 wrote to memory of 2612	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2740 wrote to memory of 2612	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2740 wrote to memory of 2612	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2740 wrote to memory of 2612	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2740 wrote to memory of 2724	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2740 wrote to memory of 2724	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2740 wrote to memory of 2724	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2740 wrote to memory of 2724	2740	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2724 wrote to memory of 2524	2724	cmd.exe	cscript.exe
PID 2724 wrote to memory of 2524	2724	cmd.exe	cscript.exe
PID 2724 wrote to memory of 2524	2724	cmd.exe	cscript.exe
PID 2724 wrote to memory of 2524	2724	cmd.exe	cscript.exe
PID 2576 wrote to memory of 2644	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2576 wrote to memory of 2644	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2576 wrote to memory of 2644	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2576 wrote to memory of 2644	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2644 wrote to memory of 2776	2644	cmd.exe	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
PID 2644 wrote to memory of 2776	2644	cmd.exe	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
PID 2644 wrote to memory of 2776	2644	cmd.exe	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
PID 2644 wrote to memory of 2776	2644	cmd.exe	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
PID 2576 wrote to memory of 3044	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2576 wrote to memory of 3044	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2576 wrote to memory of 3044	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2576 wrote to memory of 3044	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2576 wrote to memory of 1812	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2576 wrote to memory of 1812	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2576 wrote to memory of 1812	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2576 wrote to memory of 1812	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2576 wrote to memory of 2768	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2576 wrote to memory of 2768	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2576 wrote to memory of 2768	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2576 wrote to memory of 2768	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	reg.exe
PID 2576 wrote to memory of 1308	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2576 wrote to memory of 1308	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2576 wrote to memory of 1308	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 2576 wrote to memory of 1308	2576	2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe	cmd.exe
PID 1308 wrote to memory of 2028	1308	cmd.exe	cscript.exe
PID 1308 wrote to memory of 2028	1308	cmd.exe	cscript.exe
PID 1308 wrote to memory of 2028	1308	cmd.exe	cscript.exe
PID 1308 wrote to memory of 2028	1308	cmd.exe	cscript.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2740

C:\Users\Admin\Cqwowoss\buwQYUwk.exe
"C:\Users\Admin\Cqwowoss\buwQYUwk.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2180

C:\ProgramData\JYYwwokc\EgwkIoIc.exe
"C:\ProgramData\JYYwwokc\EgwkIoIc.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2736

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
2⤵
- Suspicious use of WriteProcessMemory
PID:2692

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2576

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
4⤵
- Suspicious use of WriteProcessMemory
PID:2644

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2776

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
6⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
7⤵
- Suspicious behavior: EnumeratesProcesses
PID:2520

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
8⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
9⤵
- Suspicious behavior: EnumeratesProcesses
PID:392

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
10⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
11⤵
- Suspicious behavior: EnumeratesProcesses
PID:908

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
12⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
13⤵
- Suspicious behavior: EnumeratesProcesses
PID:1032

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
14⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2456

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
16⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
17⤵
- Suspicious behavior: EnumeratesProcesses
PID:2652

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
18⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
19⤵
- Suspicious behavior: EnumeratesProcesses
PID:2296

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
20⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
21⤵
- Suspicious behavior: EnumeratesProcesses
PID:772

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
22⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
23⤵
- Suspicious behavior: EnumeratesProcesses
PID:2300

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
24⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
25⤵
- Suspicious behavior: EnumeratesProcesses
PID:632

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
26⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
27⤵
- Suspicious behavior: EnumeratesProcesses
PID:1832

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
28⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
29⤵
- Suspicious behavior: EnumeratesProcesses
PID:2172

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
30⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
31⤵
- Suspicious behavior: EnumeratesProcesses
PID:2644

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
32⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
33⤵
- Suspicious behavior: EnumeratesProcesses
PID:324

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
34⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
35⤵
- Suspicious behavior: EnumeratesProcesses
PID:592

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
36⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
37⤵
- Adds Run key to start application
PID:2160

C:\Users\Admin\AOoYUUMs\aGUMkUAk.exe
"C:\Users\Admin\AOoYUUMs\aGUMkUAk.exe"
38⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 36
39⤵
- Program crash
PID:2200

C:\ProgramData\QcsoIoUo\AccEEUkI.exe
"C:\ProgramData\QcsoIoUo\AccEEUkI.exe"
38⤵
PID:2000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 36
39⤵
- Program crash
PID:2744

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
38⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
39⤵
- Suspicious behavior: EnumeratesProcesses
PID:2716

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
40⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
41⤵
- Suspicious behavior: EnumeratesProcesses
PID:2028

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
42⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
43⤵
- Suspicious behavior: EnumeratesProcesses
PID:2396

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
44⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
45⤵
- Suspicious behavior: EnumeratesProcesses
PID:2096

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
46⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
47⤵
- Suspicious behavior: EnumeratesProcesses
PID:1628

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
48⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
49⤵
- Suspicious behavior: EnumeratesProcesses
PID:592

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
50⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
51⤵
- Suspicious behavior: EnumeratesProcesses
PID:2472

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
52⤵
PID:272

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
53⤵
- Suspicious behavior: EnumeratesProcesses
PID:1820

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
54⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
55⤵
- Suspicious behavior: EnumeratesProcesses
PID:2756

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
56⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
57⤵
- Suspicious behavior: EnumeratesProcesses
PID:1316

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
58⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
59⤵
- Suspicious behavior: EnumeratesProcesses
PID:844

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
60⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
61⤵
- Suspicious behavior: EnumeratesProcesses
PID:1004

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
62⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
63⤵
- Suspicious behavior: EnumeratesProcesses
PID:2592

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
64⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
65⤵
- Suspicious behavior: EnumeratesProcesses
PID:1824

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
66⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
67⤵
PID:2172

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
68⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
69⤵
PID:2756

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
70⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
71⤵
PID:2104

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
72⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
73⤵
PID:2940

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
74⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
75⤵
PID:1612

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
76⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
77⤵
PID:2372

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
78⤵
PID:644

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
79⤵
PID:2364

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
80⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
81⤵
PID:2488

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
82⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
83⤵
PID:1400

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
84⤵
PID:588

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
85⤵
PID:536

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
86⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
87⤵
PID:2996

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
88⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
89⤵
PID:2908

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
90⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
91⤵
PID:2432

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
92⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
93⤵
PID:2116

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
94⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
95⤵
PID:1480

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
96⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
97⤵
PID:1512

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
98⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
99⤵
PID:2476

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
100⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
101⤵
PID:908

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
102⤵
PID:548

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
103⤵
PID:788

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
104⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
105⤵
PID:1952

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
106⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
107⤵
PID:1592

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
108⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
109⤵
PID:2172

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
110⤵
PID:284

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
111⤵
PID:2400

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
112⤵
PID:564

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
113⤵
PID:2416

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
114⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
115⤵
PID:2716

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
116⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
117⤵
PID:780

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
118⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
119⤵
PID:1060

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
120⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
121⤵
PID:240

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
122⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
123⤵
PID:924

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
124⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
125⤵
PID:2596

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
126⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
127⤵
PID:600

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
128⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
129⤵
PID:1480

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
130⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
131⤵
PID:2320

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
132⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
133⤵
PID:284

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
134⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
135⤵
PID:2824

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
136⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
137⤵
PID:1552

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
138⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
139⤵
PID:2800

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
140⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
141⤵
PID:812

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
142⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
143⤵
PID:1620

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
144⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
145⤵
PID:2612

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
146⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
147⤵
PID:1068

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
148⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
149⤵
PID:2108

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
150⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
151⤵
PID:2348

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
152⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
153⤵
PID:2976

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
154⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
155⤵
PID:1032

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
156⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
157⤵
PID:1632

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
158⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
159⤵
PID:2088

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
160⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
161⤵
PID:2856

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
162⤵
PID:556

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
163⤵
PID:688

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
164⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
165⤵
PID:2648

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
166⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
167⤵
PID:2908

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
168⤵
PID:284

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
169⤵
PID:1984

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
170⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
171⤵
PID:1660

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
172⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
173⤵
PID:2124

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
174⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
175⤵
PID:2692

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
176⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
177⤵
PID:2884

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
178⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
179⤵
PID:1508

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
180⤵
PID:1400

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
181⤵
PID:2428

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
182⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
183⤵
PID:1952

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
184⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
185⤵
PID:1040

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
186⤵
PID:1372

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
187⤵
PID:1564

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
188⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
189⤵
PID:1704

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
190⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
191⤵
PID:2992

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
192⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
193⤵
PID:580

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
194⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
195⤵
PID:1568

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
196⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
197⤵
PID:652

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
198⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
199⤵
PID:2488

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
200⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
201⤵
PID:1952

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
202⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
203⤵
PID:2576

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
204⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
205⤵
PID:2928

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
206⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
207⤵
PID:1956

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
208⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
209⤵
PID:1876

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
210⤵
PID:272

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
211⤵
PID:2260

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
212⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
213⤵
PID:2320

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
214⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
215⤵
PID:2496

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
216⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
217⤵
PID:2840

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
218⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
219⤵
PID:2268

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
220⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
221⤵
PID:596

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
222⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
223⤵
PID:3004

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
224⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
225⤵
PID:2260

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
226⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
227⤵
PID:3064

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
228⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
229⤵
PID:2100

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
230⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
231⤵
PID:644

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
232⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
233⤵
PID:2852

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
234⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
235⤵
PID:900

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
236⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
237⤵
PID:2412

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
238⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
239⤵
PID:2488

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
240⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
241⤵
PID:1508

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
242⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
243⤵
PID:3024

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
244⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
245⤵
PID:1200

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
246⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
247⤵
PID:596

C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock"
248⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
249⤵
PID:272

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
250⤵
PID:448

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
250⤵
PID:1680

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
250⤵
PID:1308

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
248⤵
- Modifies registry key
PID:2252

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
248⤵
PID:496

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
248⤵
- UAC bypass
PID:2764

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FygYEsEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
248⤵
PID:2288

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
249⤵
PID:2232

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
246⤵
PID:2116

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
246⤵
PID:960

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
246⤵
PID:2992

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TaUAMUgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
246⤵
PID:2632

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
247⤵
PID:540

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
244⤵
PID:2576

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
244⤵
PID:2712

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
244⤵
PID:1632

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nYoMwkIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
244⤵
PID:1560

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
245⤵
PID:1316

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
242⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:844

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
242⤵
PID:2100

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
242⤵
- UAC bypass
PID:1664

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XuwYkUAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
242⤵
PID:1880

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
243⤵
PID:2740

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
240⤵
- Modifies visibility of file extensions in Explorer
PID:1636

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
240⤵
PID:2376

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
240⤵
- Modifies registry key
PID:2804

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ogMUYEcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
240⤵
PID:2276

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
241⤵
PID:1800

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
238⤵
- Modifies visibility of file extensions in Explorer
PID:2244

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
238⤵
PID:2260

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
238⤵
PID:2972

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uAkwAgoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
238⤵
PID:2660

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
239⤵
PID:1040

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
236⤵
- Modifies visibility of file extensions in Explorer
PID:2288

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
236⤵
PID:2688

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
236⤵
PID:2784

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ioIoscws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
236⤵
PID:2232

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
237⤵
PID:1740

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
234⤵
PID:2812

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
234⤵
PID:2748

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
234⤵
PID:1784

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mkAksUkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
234⤵
PID:1708

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
235⤵
PID:2624

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
232⤵
- Modifies visibility of file extensions in Explorer
PID:1768

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
232⤵
PID:2160

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
232⤵
- UAC bypass
PID:688

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GUEkYMAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
232⤵
PID:324

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
233⤵
PID:1736

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
230⤵
- Modifies visibility of file extensions in Explorer
PID:2424

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
230⤵
PID:1564

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
230⤵
PID:1160

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LQckocwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
230⤵
PID:1292

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
231⤵
PID:2328

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
228⤵
PID:1728

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
228⤵
PID:548

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
228⤵
PID:2832

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZekMkMso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
228⤵
PID:2552

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
229⤵
PID:1388

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
226⤵
PID:2952

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
226⤵
PID:2128

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
226⤵
- Modifies registry key
PID:3000

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hqUMgkkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
226⤵
PID:2104

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
227⤵
PID:2520

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
224⤵
PID:272

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
224⤵
PID:1656

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
224⤵
PID:2764

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VUkEwkIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
224⤵
PID:448

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
225⤵
PID:1680

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
222⤵
- Modifies registry key
PID:900

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
222⤵
PID:1568

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
222⤵
- UAC bypass
PID:1320

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vQYQAkcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
222⤵
PID:1032

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
223⤵
PID:284

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
220⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2160

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
220⤵
PID:2528

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
220⤵
- UAC bypass
PID:1956

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\skcUgsco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
220⤵
PID:788

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
221⤵
PID:2800

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
218⤵
- Modifies registry key
PID:2928

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
218⤵
PID:604

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
218⤵
PID:2396

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iakAAgcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
218⤵
PID:2944

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
219⤵
PID:1880

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
216⤵
- Modifies visibility of file extensions in Explorer
PID:1552

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
216⤵
PID:2552

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
216⤵
PID:1280

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ysEwcIoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
216⤵
PID:924

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
217⤵
PID:1872

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
214⤵
PID:3064

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
214⤵
PID:1864

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
214⤵
PID:2660

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IwscMgkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
214⤵
PID:1596

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
215⤵
PID:2172

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
212⤵
PID:2728

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
212⤵
PID:2288

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
212⤵
- UAC bypass
PID:2684

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PywAUQYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
212⤵
PID:1676

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
213⤵
PID:1164

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
210⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1032

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
210⤵
PID:1004

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
210⤵
PID:2220

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\paEIYgUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
210⤵
PID:2196

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
211⤵
PID:2012

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
208⤵
PID:2160

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
208⤵
PID:1808

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
208⤵
PID:2164

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZmEEooQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
208⤵
PID:1036

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
209⤵
PID:1832

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
206⤵
- Modifies visibility of file extensions in Explorer
PID:1836

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
206⤵
PID:412

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
206⤵
PID:644

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TgUcosss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
206⤵
PID:2280

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
207⤵
PID:1052

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
204⤵
PID:3024

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
204⤵
PID:2348

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
204⤵
- UAC bypass
PID:2512

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EYcUcIEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
204⤵
PID:1248

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
205⤵
PID:1828

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
202⤵
PID:2804

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
202⤵
PID:1980

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
202⤵
PID:1640

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wUwYUsUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
202⤵
PID:2052

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
203⤵
PID:564

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
200⤵
PID:480

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
200⤵
PID:2288

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
200⤵
- Modifies registry key
PID:1672

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CocskYYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
200⤵
PID:1608

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
201⤵
PID:2688

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
198⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2032

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
198⤵
PID:2748

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
198⤵
- UAC bypass
PID:2784

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WsgMUAEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
198⤵
PID:1708

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
199⤵
PID:2108

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
196⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2632

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
196⤵
PID:904

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
196⤵
PID:2164

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vQIggocE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
196⤵
PID:2712

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
197⤵
PID:944

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
194⤵
PID:2332

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
194⤵
PID:1836

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
194⤵
- UAC bypass
- Modifies registry key
PID:1984

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tsgUUEcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
194⤵
PID:1880

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
195⤵
PID:1592

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
192⤵
- Modifies visibility of file extensions in Explorer
PID:2908

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
192⤵
PID:2804

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
192⤵
- UAC bypass
PID:1284

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\reMwMIEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
192⤵
PID:2928

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
193⤵
PID:2088

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
190⤵
PID:2488

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
190⤵
PID:496

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
190⤵
PID:588

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kioAgccw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
190⤵
PID:2644

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
191⤵
PID:872

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
188⤵
- Modifies visibility of file extensions in Explorer
PID:2280

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
188⤵
PID:2608

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
188⤵
- UAC bypass
- Modifies registry key
PID:1732

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wyksMQkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
188⤵
PID:2152

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
189⤵
PID:944

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
186⤵
- Modifies visibility of file extensions in Explorer
PID:2308

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
186⤵
PID:2272

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
186⤵
PID:1588

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wAMYkoMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
186⤵
PID:868

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
187⤵
PID:1636

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
184⤵
PID:2012

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
184⤵
PID:2640

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
184⤵
- UAC bypass
- Modifies registry key
PID:2372

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QkEAYQUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
184⤵
PID:704

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
185⤵
PID:1044

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
182⤵
PID:904

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
182⤵
PID:2812

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
182⤵
- UAC bypass
- Modifies registry key
PID:1808

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zIIMsUUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
182⤵
PID:2800

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
183⤵
PID:496

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
180⤵
- Modifies visibility of file extensions in Explorer
PID:2096

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
180⤵
PID:1280

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
180⤵
PID:1388

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tgcEcsIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
180⤵
PID:2516

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
181⤵
PID:2380

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
178⤵
PID:872

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
178⤵
PID:2480

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
178⤵
- UAC bypass
PID:2760

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hAIAIEgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
178⤵
PID:2624

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
179⤵
PID:3012

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
176⤵
- Modifies visibility of file extensions in Explorer
PID:2596

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
176⤵
PID:1728

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
176⤵
- UAC bypass
PID:1884

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VQYoEcsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
176⤵
PID:1808

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
177⤵
PID:1028

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
174⤵
- Modifies visibility of file extensions in Explorer
PID:1700

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
174⤵
PID:2184

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
174⤵
PID:1692

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mmYUgUMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
174⤵
PID:2128

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
175⤵
PID:2380

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
172⤵
PID:2788

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
172⤵
PID:2016

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
172⤵
PID:1708

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cukcAsAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
172⤵
PID:1480

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
173⤵
PID:2860

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
170⤵
PID:800

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
170⤵
- Modifies registry key
PID:1936

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
170⤵
PID:2536

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GeMQwgMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
170⤵
PID:1100

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
171⤵
PID:2528

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
168⤵
PID:1692

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
168⤵
PID:1680

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
168⤵
- UAC bypass
PID:2804

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dIMcowww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
168⤵
PID:1612

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
169⤵
PID:1588

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
166⤵
PID:1740

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
166⤵
PID:2404

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
166⤵
PID:2992

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PGMIEAAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
166⤵
PID:1876

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
167⤵
PID:604

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
164⤵
PID:1992

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
164⤵
PID:2164

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
164⤵
- UAC bypass
- Modifies registry key
PID:1100

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zmIUoQYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
164⤵
PID:2632

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
165⤵
PID:2780

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
162⤵
- Modifies visibility of file extensions in Explorer
PID:2688

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
162⤵
PID:1628

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
162⤵
- UAC bypass
- Modifies registry key
PID:2020

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TIswUAAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
162⤵
PID:2784

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
163⤵
PID:1804

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
160⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2004

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
160⤵
PID:2432

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
160⤵
PID:2404

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LkMMMUgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
160⤵
PID:812

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
161⤵
PID:1068

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
158⤵
PID:2308

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
158⤵
PID:2480

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
158⤵
- UAC bypass
PID:924

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ayEEEUwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
158⤵
PID:1664

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
159⤵
PID:1952

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
156⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1672

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
156⤵
PID:1756

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
156⤵
PID:1776

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EMcokUMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
156⤵
PID:1372

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
157⤵
PID:1288

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
154⤵
- Modifies visibility of file extensions in Explorer
PID:1788

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
154⤵
PID:2604

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
154⤵
PID:1096

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QKoAMgoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
154⤵
PID:780

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
155⤵
PID:2644

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
152⤵
PID:2700

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
152⤵
PID:2832

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
152⤵
PID:1844

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IiUAYgsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
152⤵
PID:2672

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
153⤵
PID:1656

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
150⤵
- Modifies visibility of file extensions in Explorer
PID:2128

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
150⤵
PID:448

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
150⤵
- UAC bypass
- Modifies registry key
PID:1388

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DssUQssU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
150⤵
PID:1808

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
151⤵
PID:1992

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
148⤵
PID:2584

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
148⤵
PID:1448

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
148⤵
- UAC bypass
- Modifies registry key
PID:1324

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZMwkEQoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
148⤵
PID:1288

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
149⤵
PID:1644

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
146⤵
PID:2172

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
146⤵
PID:2520

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
146⤵
- UAC bypass
PID:2268

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TWAIEQMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
146⤵
PID:2644

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
147⤵
PID:1168

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
144⤵
PID:2400

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
144⤵
PID:1564

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
144⤵
- UAC bypass
PID:1100

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nWUokgQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
144⤵
PID:1160

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
145⤵
PID:1560

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
142⤵
PID:272

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
142⤵
PID:2032

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
142⤵
- UAC bypass
PID:2768

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UsgIgAgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
142⤵
PID:2348

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
143⤵
PID:2552

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
140⤵
PID:1720

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
140⤵
PID:1696

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
140⤵
PID:2412

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CQEQgowI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
140⤵
PID:1824

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
141⤵
PID:2456

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
138⤵
- Modifies registry key
PID:792

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
138⤵
PID:2596

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
138⤵
- UAC bypass
PID:2672

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qSYIYgUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
138⤵
PID:872

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
139⤵
PID:1800

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
136⤵
- Modifies visibility of file extensions in Explorer
PID:2940

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
136⤵
- Modifies registry key
PID:2732

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
136⤵
PID:776

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AeMEoMUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
136⤵
PID:2812

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
137⤵
PID:2832

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
134⤵
- Modifies visibility of file extensions in Explorer
PID:2400

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
134⤵
PID:240

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
134⤵
- UAC bypass
PID:2420

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FqUIgwAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
134⤵
PID:1604

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
135⤵
PID:2928

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
132⤵
PID:2136

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
132⤵
PID:2296

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
132⤵
PID:1756

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zCswMcAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
132⤵
PID:3048

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
133⤵
PID:448

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
130⤵
- Modifies visibility of file extensions in Explorer
PID:2072

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
130⤵
PID:1876

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
130⤵
- UAC bypass
PID:2828

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VKQsQUQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
130⤵
PID:1676

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
131⤵
PID:1940

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
128⤵
- Modifies visibility of file extensions in Explorer
PID:2644

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
128⤵
- Modifies registry key
PID:1112

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
128⤵
- UAC bypass
PID:2752

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DQYYEMUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
128⤵
PID:272

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
129⤵
PID:2088

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
126⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2024

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
126⤵
PID:1764

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
126⤵
- UAC bypass
- Modifies registry key
PID:1484

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FUIQYcYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
126⤵
PID:2520

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
127⤵
PID:2684

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
124⤵
- Modifies visibility of file extensions in Explorer
PID:1652

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
124⤵
PID:2304

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
124⤵
- UAC bypass
PID:976

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CysIcEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
124⤵
PID:1912

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
125⤵
PID:1660

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
122⤵
PID:1604

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
122⤵
PID:1144

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
122⤵
- UAC bypass
- Modifies registry key
PID:2728

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oQQIEksU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
122⤵
PID:2244

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
123⤵
PID:1052

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
120⤵
PID:2592

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
120⤵
PID:3012

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
120⤵
- UAC bypass
PID:1944

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QEsQocwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
120⤵
PID:2824

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
121⤵
PID:1588

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
118⤵
- Modifies registry key
PID:1292

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
118⤵
- Modifies registry key
PID:2016

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
118⤵
PID:1648

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IYAYkEUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
118⤵
PID:652

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
119⤵
PID:3020

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
116⤵
PID:1168

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
116⤵
PID:272

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
116⤵
PID:2124

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LagEoMMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
116⤵
PID:2436

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
117⤵
PID:2432

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
114⤵
- Modifies visibility of file extensions in Explorer
PID:2800

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
114⤵
PID:1284

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
114⤵
- UAC bypass
PID:872

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TccMUAkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
114⤵
PID:2748

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
115⤵
PID:2632

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
112⤵
PID:2824

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
112⤵
PID:764

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
112⤵
PID:2128

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jSYkwgAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
112⤵
PID:2488

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
113⤵
PID:2104

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
110⤵
PID:2944

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
110⤵
PID:2256

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
110⤵
- UAC bypass
PID:1048

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vMcoIEQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
110⤵
PID:1292

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
111⤵
PID:1060

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
108⤵
PID:1616

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
108⤵
PID:1540

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
108⤵
- UAC bypass
PID:2652

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ksIUgEkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
108⤵
PID:1912

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
109⤵
PID:844

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
106⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2456

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
106⤵
PID:1804

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
106⤵
- Modifies registry key
PID:2280

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QgswsggQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
106⤵
PID:1132

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
107⤵
PID:2424

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
104⤵
- Modifies visibility of file extensions in Explorer
PID:1624

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
104⤵
- Modifies registry key
PID:1284

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
104⤵
- UAC bypass
PID:1652

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GYMQEQYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
104⤵
PID:2132

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
105⤵
PID:1956

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
102⤵
- Modifies visibility of file extensions in Explorer
PID:764

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
102⤵
- Modifies registry key
PID:1040

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
102⤵
- UAC bypass
PID:2416

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CMQcUMYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
102⤵
PID:1836

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
103⤵
PID:580

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
100⤵
- Modifies visibility of file extensions in Explorer
PID:2608

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
100⤵
PID:2628

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
100⤵
- UAC bypass
PID:272

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vKMQIUQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
100⤵
PID:2320

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
101⤵
PID:1632

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
98⤵
- Modifies visibility of file extensions in Explorer
PID:2512

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
98⤵
PID:632

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
98⤵
PID:588

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vGEAQMIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
98⤵
PID:1036

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
99⤵
PID:2748

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
96⤵
- Modifies registry key
PID:1980

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
96⤵
PID:1996

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
96⤵
- UAC bypass
PID:2536

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PSsMcAcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
96⤵
PID:2484

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
97⤵
PID:2684

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
94⤵
- Modifies registry key
PID:580

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
94⤵
PID:868

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
94⤵
PID:1984

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RUEQgwIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
94⤵
PID:2248

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
95⤵
PID:2728

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
92⤵
- Modifies visibility of file extensions in Explorer
PID:628

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
92⤵
PID:2364

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
92⤵
PID:2564

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FeUAwQUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
92⤵
PID:540

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
93⤵
PID:1940

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
90⤵
PID:2828

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
90⤵
PID:2372

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
90⤵
PID:2548

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sEgEAkQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
90⤵
PID:2760

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
91⤵
PID:2088

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
88⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:496

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
88⤵
PID:3000

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
88⤵
- UAC bypass
PID:1280

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AkAYkcEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
88⤵
PID:2508

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
89⤵
PID:2320

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
86⤵
- Modifies visibility of file extensions in Explorer
PID:1620

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
86⤵
- Modifies registry key
PID:2940

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
86⤵
- UAC bypass
PID:976

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mKsYgwsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
86⤵
PID:2528

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
87⤵
PID:2540

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
84⤵
- Modifies visibility of file extensions in Explorer
PID:1728

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
84⤵
PID:1316

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
84⤵
- UAC bypass
PID:2104

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WsUYoUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
84⤵
PID:1284

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
85⤵
PID:2288

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
82⤵
- Modifies visibility of file extensions in Explorer
PID:2128

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
82⤵
PID:1692

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
82⤵
- UAC bypass
PID:240

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nQMYAgAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
82⤵
PID:1512

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
83⤵
PID:1888

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
80⤵
- Modifies visibility of file extensions in Explorer
PID:2152

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
80⤵
PID:1488

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
80⤵
PID:788

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RoUcgwMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
80⤵
PID:564

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
81⤵
PID:652

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
78⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1936

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
78⤵
PID:780

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
78⤵
- UAC bypass
PID:1608

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hisUAwQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
78⤵
PID:2584

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
79⤵
PID:2640

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
76⤵
PID:1308

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
76⤵
PID:1776

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
76⤵
PID:2808

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RWooYcgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
76⤵
PID:908

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
77⤵
PID:1440

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
74⤵
PID:2616

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
74⤵
PID:2576

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
74⤵
- UAC bypass
- Modifies registry key
PID:2596

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tUYgYgsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
74⤵
PID:1992

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
75⤵
PID:2788

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
72⤵
- Modifies visibility of file extensions in Explorer
PID:3064

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
72⤵
PID:1372

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
72⤵
- UAC bypass
PID:2544

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OQsgIMcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
72⤵
PID:2840

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
73⤵
PID:1248

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
70⤵
PID:2140

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
70⤵
- Modifies registry key
PID:2812

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
70⤵
- UAC bypass
- Modifies registry key
PID:1888

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WsUAQgcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
70⤵
PID:2636

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
71⤵
PID:1784

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
68⤵
- Modifies registry key
PID:280

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
68⤵
PID:2004

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
68⤵
PID:1384

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SCMMAssg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
68⤵
PID:1400

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
69⤵
PID:1564

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
66⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2828

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
66⤵
PID:1648

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
66⤵
- UAC bypass
- Modifies registry key
PID:1740

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GaMAwEcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
66⤵
PID:2992

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
67⤵
PID:1500

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
64⤵
PID:1988

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
64⤵
PID:1768

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
64⤵
- Modifies registry key
PID:872

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NcsEMQAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
64⤵
PID:2124

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
65⤵
PID:2364

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
62⤵
- Modifies visibility of file extensions in Explorer
PID:2908

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
62⤵
PID:1844

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
62⤵
- UAC bypass
PID:2528

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vIAEgIcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
62⤵
PID:2496

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
63⤵
PID:2716

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
60⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:772

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
60⤵
PID:1728

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
60⤵
- UAC bypass
PID:2776

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DCIUUQIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
60⤵
PID:2740

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
61⤵
PID:2596

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
58⤵
PID:792

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
58⤵
PID:2184

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
58⤵
- UAC bypass
PID:2652

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DaQkQcYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
58⤵
PID:1160

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
59⤵
PID:1524

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
56⤵
- Modifies visibility of file extensions in Explorer
PID:480

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
56⤵
PID:412

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
56⤵
PID:1636

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eYMUoEEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
56⤵
PID:2072

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
57⤵
PID:1644

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
54⤵
PID:1132

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
54⤵
- Modifies registry key
PID:2584

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
54⤵
- UAC bypass
PID:2344

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mMkoQUEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
54⤵
PID:556

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
55⤵
PID:1112

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
52⤵
- Modifies visibility of file extensions in Explorer
PID:2508

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
52⤵
PID:872

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
52⤵
PID:2284

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gmwwcUMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
52⤵
PID:2332

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
53⤵
PID:2432

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
50⤵
- Modifies registry key
PID:2568

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
50⤵
- Modifies registry key
PID:2412

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
50⤵
- UAC bypass
PID:2576

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MgIAUMUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
50⤵
PID:2372

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
51⤵
PID:2012

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
48⤵
- Modifies visibility of file extensions in Explorer
PID:1372

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
48⤵
PID:1696

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
48⤵
PID:1664

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YoIAIEcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
48⤵
PID:2592

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
49⤵
PID:2148

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
46⤵
- Modifies visibility of file extensions in Explorer
PID:2136

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
46⤵
- Modifies registry key
PID:2796

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
46⤵
- UAC bypass
- Modifies registry key
PID:2248

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HkcEgEkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
46⤵
PID:1944

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
47⤵
PID:1756

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
44⤵
- Modifies visibility of file extensions in Explorer
PID:2784

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
44⤵
- Modifies registry key
PID:1400

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
44⤵
- UAC bypass
PID:564

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LywUwUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
44⤵
PID:844

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
45⤵
PID:1700

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
42⤵
- Modifies registry key
PID:1936

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
42⤵
- Modifies registry key
PID:1448

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
42⤵
PID:1712

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hqUYUMwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
42⤵
PID:1484

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
43⤵
PID:944

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
40⤵
PID:2508

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
40⤵
- Modifies registry key
PID:2672

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
40⤵
PID:1632

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dsoAAskw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
40⤵
PID:2328

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
41⤵
PID:1640

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
38⤵
- Modifies visibility of file extensions in Explorer
PID:1284

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
38⤵
- Modifies registry key
PID:2712

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
38⤵
PID:1720

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mQcAggUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
38⤵
PID:2912

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
39⤵
PID:2768

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
36⤵
PID:2300

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
36⤵
PID:1068

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
36⤵
- UAC bypass
PID:908

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aKYMAkgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
36⤵
PID:2700

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
37⤵
PID:2516

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
34⤵
- Modifies visibility of file extensions in Explorer
PID:1160

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
34⤵
PID:960

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
34⤵
PID:1524

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aCgQMgMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
34⤵
PID:1692

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
35⤵
PID:1880

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
32⤵
- Modifies visibility of file extensions in Explorer
PID:1604

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
32⤵
PID:1636

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
32⤵
- Modifies registry key
PID:1320

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\msEkwIII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
32⤵
PID:1496

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
33⤵
PID:764

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
30⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2692

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
30⤵
PID:644

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
30⤵
PID:1732

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DuQksgsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
30⤵
PID:1648

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
31⤵
PID:1060

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
28⤵
PID:2012

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
28⤵
PID:2548

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
28⤵
PID:2456

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\roQAcwQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
28⤵
PID:868

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
29⤵
PID:1440

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
26⤵
- Modifies visibility of file extensions in Explorer
PID:900

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
26⤵
PID:1720

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
26⤵
PID:2616

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DMkwwkcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
26⤵
PID:2252

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
27⤵
PID:2908

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
24⤵
PID:2592

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
24⤵
PID:800

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
24⤵
PID:1552

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xaUgAYkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
24⤵
PID:2668

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
25⤵
PID:2560

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
22⤵
PID:1692

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
22⤵
- Modifies registry key
PID:1564

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
22⤵
- UAC bypass
PID:792

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ckAswgcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
22⤵
PID:1884

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
23⤵
PID:1880

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
20⤵
- Modifies visibility of file extensions in Explorer
PID:2424

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
20⤵
PID:2100

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
20⤵
- UAC bypass
PID:1488

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gIYwoMQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
20⤵
PID:480

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
21⤵
PID:448

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
18⤵
PID:2104

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
18⤵
PID:2280

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
18⤵
- UAC bypass
PID:2344

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wOYMQQIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
18⤵
PID:2292

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
19⤵
PID:1804

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
16⤵
- Modifies visibility of file extensions in Explorer
PID:2780

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
16⤵
PID:1816

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
16⤵
PID:1132

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GqYQUIIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
16⤵
PID:2032

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
17⤵
PID:776

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
14⤵
- Modifies visibility of file extensions in Explorer
PID:2580

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
14⤵
- Modifies registry key
PID:2716

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
14⤵
- UAC bypass
PID:2952

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eyQkoMcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
14⤵
PID:2480

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
15⤵
PID:2528

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
12⤵
- Modifies visibility of file extensions in Explorer
PID:2852

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
12⤵
PID:2160

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
12⤵
- UAC bypass
PID:1612

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\twwUIEwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
12⤵
PID:2404

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
13⤵
PID:2604

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
10⤵
- Modifies visibility of file extensions in Explorer
PID:1564

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
10⤵
PID:3048

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
10⤵
- UAC bypass
PID:1784

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JOgQwkEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
10⤵
PID:1888

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
11⤵
PID:916

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
8⤵
- Modifies registry key
PID:588

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
8⤵
PID:324

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
8⤵
- Modifies registry key
PID:1496

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Hmsokooo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
8⤵
PID:564

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
9⤵
PID:540

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
6⤵
- Modifies visibility of file extensions in Explorer
PID:2344

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
6⤵
PID:1732

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
6⤵
PID:1740

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tYckMMAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
6⤵
PID:2268

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
7⤵
PID:2824

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
4⤵
- Modifies visibility of file extensions in Explorer
PID:3044

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
4⤵
PID:1812

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
4⤵
- UAC bypass
PID:2768

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KyAMYkss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
4⤵
- Suspicious use of WriteProcessMemory
PID:1308

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
5⤵
PID:2028

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
2⤵
- Modifies visibility of file extensions in Explorer
PID:1248

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
2⤵
- Modifies registry key
PID:2952

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
2⤵
- UAC bypass
PID:2612

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KMEAwwYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock.exe""
2⤵
- Suspicious use of WriteProcessMemory
PID:2724

C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
3⤵
PID:2524

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
Filesize
326KB

MD5
edf2cfcbb35da081a665f05a1273e6e4

SHA1
888a02b3e6507c0b230567f5bc2f971e9866d9f9

SHA256
ab31638d238b897229ea7c7c8e731d84990bb7d5bbfb2a0f9013ba0bef7b4ea3

SHA512
cabaea14390a143a3360eb33cdc7ba356f9984411064457808ef1cb3755fa654bdbdbfac6ddd7b1e58644fe07813d9eea0c99220c1184ae68a1f22f4aa1385a7

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.exe
Filesize
254KB

MD5
79014405e59bcfe020ee572374e3d02c

SHA1
58fbfca37fec6115b6d209ed845ca14fab41d380

SHA256
d7de0ee1257c7ff3bf3cf871db320bb235ae6d03ab41615c28a197821187be61

SHA512
f40314ea41702f79fc9e375d95dea0c78da149ada2b85a924630192341e916dc92da5143ced31a3f72123248026ced00113240fee187faff90cb981c4900f0a6

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.exe
Filesize
235KB

MD5
19e338ee4a23c056a275f8ed9a3db15b

SHA1
e9b2a10e70cc1ed39785a9252a30cf0ad2232e2b

SHA256
781f5bddde4385c216530f7f2c2841ec58cf93f134992de4c81653342fabd8f0

SHA512
a8850c731f54feb5d86f61ad1bb76a7ac0a3785c4b78965f0b19a0c23160fb06e02c4b9369c5f440978d634b276a33c42a7f69ae95dc2c7065e2b011d6ce7996

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
Filesize
252KB

MD5
0c00ea246e4f842fba4b67a2a3a1b685

SHA1
3c193827fa6cd863d0d8c499ee91242d507c9dfa

SHA256
3f57a6b66c615ee07a83208c7806df5cb5edd0687434007b00190e057d235298

SHA512
fa579fda53c4f6c5bb6461d5131cbba6d5e4f2fd2411a32f56907cd4c463644c0c697f39402d07ad75cf4ead6fc28a5dfd31e2404cd3308ca27b39077143f21f

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe
Filesize
231KB

MD5
018f7486f349c9656b2136707238aea2

SHA1
67860aa3489adc95c76ff17eb65c6b96c67abf84

SHA256
38739d570b0cbb71fec359954d5ff9a7e234ea0f750d57adbf3267bae1bbcdc2

SHA512
c6a381b94392b86e69363a7089e05f761f7f05fb5956007ceab68fd57fb24431ebfabc27b2a203a6585f860b38476bca3f88930b23504b974691bea90a71635e

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe
Filesize
236KB

MD5
ee51cb3021ad1c894d7e12e2c7c242ae

SHA1
708375c84ee8b06f9cf828f85aedecef8d0f4bfa

SHA256
a713c02cff66501ccdbd2722cc49941ccace95c163d4aff39f5bb1a90754b7f5

SHA512
6e79a602f8500e752c98e583aa4263a77cea588e739d75afe1844ab930b35b5a638c429d62b4807ec601ef3cf61d06483f3317fe2b86c22131db99aa29b1134d

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.exe
Filesize
242KB

MD5
bdaa36a0fd312542dc7bed29f284d627

SHA1
e1d8fca76ac521c87d58d7a7ca1132f236e95f99

SHA256
44c4bb70895f5b90d22348d67f58ae3ec0e424f079ca0ba71ba3a89d159ba4da

SHA512
a5f72ff5c81e0630a38b9bc7a21ec0b15e357748b39345780ccd74369382c2f10889d7ace3b75ee0ec66639a228092296d004b3d51f909e1d4dba81d6e13ba94

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe
Filesize
244KB

MD5
750a2cddc8d8a14920b4c6412130ec91

SHA1
cda5610e6cc31598d8549ef26fba30ba10bacc73

SHA256
95c64f9ac2effceb5d2c47af7ebf31f8727a0fe7fa780b3019cec6b6657aae22

SHA512
665fd88dd5f35f34726bcaecd3944734710403273a074eb1b2b922bbde18e0e77c55d6b8759e8bd7bd0b41f2e005c8347dc75ed76eff170f3dfc4e299222e5ff

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.exe
Filesize
236KB

MD5
42828fc729597a6cb0b95186e5464679

SHA1
88b422d6b3fbf217a4082b462b0bac1504bf54ae

SHA256
eae809b8c7e29d9d6a3e140fcb1638ac2e5f5460c03ad7f1f4399caccceb9271

SHA512
e80bf660168d775323487086a56eb8442568521145d62ef4a3ff1faf5140aa4dd039f7ff366596b4b7406db635e010a569d5cacc7ee256f644b0c27e347cf7f0

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
Filesize
239KB

MD5
ef0535a8d583aea6d4a707755f87499d

SHA1
212543cdf47efd193a1d08cc8376354d3b9553ef

SHA256
8d054a20873cc3621fafa85481972c6bf283718c1a71d0aa5d2f3ad8d2c60117

SHA512
412c2169a7744066597148ec70fd4fe482e5a151df92db0ebf45b1f0d8e82c3c8cf7872f7322dd7acc1c1487ee1766c1317e38ed1d93be1045c59c72f6f36605

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
Filesize
239KB

MD5
62aa936b3493a687071eba361523cdf0

SHA1
774b93b7b231c28275baed46b796a609bfc4b9dc

SHA256
762d3874d49edc6a5e382a7feb6d2509063c4a7ce55f8e03cfd8e883de46abc2

SHA512
52af2987e8244ae5579e9a23d7aba3cb42d3c6414342646ff0278b93fd5718cf9cccb7e3e79f24420f672fc3c3c4413deb97f1f1ec6bc4f06d7237f35476235d

Download Submit
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
Filesize
633KB

MD5
632eed8318579ccabe2b66bd36663caa

SHA1
d3b1985397d9c20ce7f73b63e730329203de254b

SHA256
78ff6f75558b2659666fb5b0119f33413cb4c81c34b9d6e86bcda921b46073ed

SHA512
b4bb7964b2c35a6f82c91e8a23a77322fe93e38b7ae06e58725f36fc106841ecbf32d77e8d7a71663ae4493f27e0b44001173201e3196c018084ad4707fef8d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png.exe
Filesize
199KB

MD5
420fd067c0214bb46481ea01ea3a2a44

SHA1
35a6af31f658f2a68c80dc014a2864806d3ee905

SHA256
fd0db105fbc87009358662f77e2b6584a497035bfe76734961f03cb15be7a731

SHA512
8da8bd85eb0d146e33b386ed55c11c6b3550be1b3808ece3fe475bb7c8a1ee8fd024658f9149e351a29c1577de06b0571a061bcae584e8c014ef33144fac11f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png.exe
Filesize
199KB

MD5
7285e2d126fb7bf83882dbd1caa188f8

SHA1
0621fc2cd16482ea1e422bfdec877711dcdea39a

SHA256
27383ec4fa06ccab11f24c3314ea555aedf135a339220b5c2b7574e7fbcf3b32

SHA512
d1ed5677693ef68b36c4c7fa8467f73c63f97a58bb7877f50ea187aad44968918befd2a5fa8c0241adf3151434da5ada78ec93a5fccf82ac34dba18be9f0a252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe
Filesize
203KB

MD5
360b98e968dea429120ecc97140de8dd

SHA1
4413316c5f66f307bc856388cfc5900c608d64ab

SHA256
d91699baa29a9c13baccb9b43fae8175041281e8e91057015a9c0ba35c930b4e

SHA512
fd2869bd20dd0253d874a39c86cb696ee7b83a522efacc83218b7fbe9a3f229bbb0e8913079148a763433428d2551ff12da04a1f39be3c46b536e3e3fae6e85d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\96.png.exe
Filesize
192KB

MD5
f980b36d3f5096ef57b23aa92ecafba4

SHA1
80297b8cb464e8eb6c2dc00cc70399e9b07e50ab

SHA256
4833ea05bd514b341595d64382ee3214dba55e1fba8a9a781e5ed2f2c6c3d204

SHA512
dd1304ce61ea5d17e79e68909a9273117364761e6a9f5f05617cadb7f2439d75bdd08d2e3b0d336c285422c596faca6c1d2c86bbfeccdb46951f26acac52d119

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-05-25_7a8c3761bddf48493b1c70a2c7c0edf8_virlock
Filesize
2KB

MD5
da5fb10f4215e9a1f4b162257972f9f3

SHA1
8db7fb453b79b8f2b4e67ac30a4ba5b5bddebd3b

SHA256
62866e95501c436b329a15432355743c6efd64a37cfb65bcece465ab63ecf240

SHA512
990cf306f04a536e4f92257a07da2d120877c00573bd0f7b17466d74e797d827f6c127e2beaadb734a529254595918c3a5f54fdbd859bc325a162c8cd8f6f5be

Download Submit
C:\Users\Admin\AppData\Local\Temp\AMAK.exe
Filesize
226KB

MD5
da37018417a7ac0a12f6d2f0727a0b6f

SHA1
dcf499cb40636ccaa158ccb17e66225ad86e52cc

SHA256
dda317e675e75c97066d0604c9f5e954d75d5ecd2877ce58b4ff60d09bbb5e99

SHA512
9630258756d7de3f2e86bb44f614dd705b458347c3e53fc8212ec43ce0326f52021a9440d1e53cd111af2d87c9950913725f1e1d1020e22966864d5af2c73a9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AkII.exe
Filesize
629KB

MD5
27ceee0c6e7ca660dcff8524997db934

SHA1
c778748074e27006af6efc5e589ff7a0dfd50241

SHA256
4271c4fdc6014e4938f72fbbb344c03b7354cb4317ab2b7f4ffac7759cfa59d8

SHA512
c78db3de67fe5b2013b4d11c82870aa486ae2dee4f0a25c29cd1eaeb1271a9fac2d871b184471686e97d167f4cbd3f6dff42fa1c0f7cf7c08508173aabeb8027

Download Submit
C:\Users\Admin\AppData\Local\Temp\AogU.exe
Filesize
4.1MB

MD5
fb5b6eecc3ea04b9a1b81a7038fcbb0b

SHA1
59057cb26540fe1817106287a41b14be251caa60

SHA256
4851f84ba7b4a9b4346f1b73511e8be5f038ceea4130920b24ed6428eb4a1ae6

SHA512
0ec34ea1d0034d6375bd8d249c700eb8aa72c4987e85db7a25b50125650e53168001668d8e9e547a1e6878b40febf68048fd049940150bc4b91a5422aa68c2c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\AsMUAMkc.bat
Filesize
4B

MD5
7b5bb81a38fba6824f569b710605ccc7

SHA1
7e0b05eed2988dd36441e76ad51dd2e5070a366c

SHA256
e948bb78853b69a869abee704910316f52b9bd70e0a3e44ea93452ce030ddaaf

SHA512
3bfc540a015e925a4d083fc9f8d7f95cb1840bf675b633dfabfe3fcad2611b421e0a43ad85f385997b69787927e0675ee8de6126a114f39b501526f7b9b54596

Download Submit
C:\Users\Admin\AppData\Local\Temp\BQUkIIcs.bat
Filesize
4B

MD5
902574790d054a29830c92090aa0d6ea

SHA1
1cc2b329d67473b8d9c905b8f624602406789805

SHA256
04db295860d768dffaaeb6a2f7cd8adaea5887bd5acce285e9dff4e519939ee7

SHA512
79b2430225d219f43adbe747ee9ade75d95f75313c038f5fd47349f77107577a4e3fea5d3f85ef883e82d8e4e387976ffda369e5ce40874ac4a7f313416f0423

Download Submit
C:\Users\Admin\AppData\Local\Temp\CEUy.exe
Filesize
236KB

MD5
6248a7ddec6940737353db553a67fd0a

SHA1
d442ed0d64d7ae0b64db3f2307339c7436a3ea7a

SHA256
c09544c06a21dd83ac6a97f8da4188885e426e73a35feb3bb07f70a4cd831896

SHA512
6391eb80007656fe3b3f65764771689ec9445b481cd248b2f74e2c9a2c3bc3ef05f8f7a8744405ac4b2c7ded195c85696f264d4fb053d5a0d662d3cf945b2ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\CkcwEQcE.bat
Filesize
4B

MD5
6e52027e909a77cf89b5f58a7fd20014

SHA1
519cd362af9c201031996d1694eb893366f221f0

SHA256
bf3aed7f38edd4f2404716d80cf50cd8d8270dfcc426618f85ee51f4d95a93d1

SHA512
648b14026c5518f4c92b4c775b75fa50b013f52162df42ec8a72c1097b49bf115bf4eb2e60f1e11fd7f0180a65a0442389d2f63333619ef7297215bb26a107f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CmwIIgQU.bat
Filesize
4B

MD5
17a8ca7ca7aac859d7a0eca62a79bc85

SHA1
33d13375b7cf23c181b518b3aede921ae4415f69

SHA256
9b7fc44b5ee46a881544c5b47f0c5dfc95ba396e7d263aec813ae6e5a8a5538b

SHA512
0aa264f572df7c4c88ff9b85c610a50e8858aceca12ebd89372847a70ceb4ecb63e924875dbf36db38fe5c4e26fb7c52c600da861a66882a730755d54f904132

Download Submit
C:\Users\Admin\AppData\Local\Temp\CoUAosUE.bat
Filesize
4B

MD5
bf180cf0f18b0e4c4783ea375b6a8417

SHA1
14c1cebbc524369bb759080ee80306b88e709e37

SHA256
31b8a82adcdf10e9c744c5a259670989d23092ce509fe6d42b5ea569558fff44

SHA512
2f0d9da45ebc1fe0e9b4aefadbe1361c1fc5e65074d438005e7dd2367823cbd013f7f7e5729e4b5bfe668c7f5304c4fc422197cbaceaa2239092e570321aa415

Download Submit
C:\Users\Admin\AppData\Local\Temp\Coow.exe
Filesize
226KB

MD5
e66fb79cce4b0a5dafcd445a97c7669f

SHA1
58d9dcfc7d1f268090c89d7e40ca5fe000c4d41f

SHA256
268fb3ecabd21e22b2851467128c385e2d4fb76e0d765a05fdd911774427a8ca

SHA512
1aaf6b99ca918a3b0979129d3d4e7c70c2502a075ea7995756ffbfe49c9c383c225ce0ce23d85509a2e9ddb477eb10f88c5d214b3bc60e11006c683d9b622173

Download Submit
C:\Users\Admin\AppData\Local\Temp\DCQQMYkQ.bat
Filesize
4B

MD5
a7b88651176f3f6e5406285a88d09c40

SHA1
110af598dc974cc43e11380d6583493b5adbc6a3

SHA256
3019207c009f7855457446ed3cd04d6b8a8424673f8b3b91c33c653d87cdd817

SHA512
4258f5140c0815acc9372e28172da06c1b751a59af9fb87b185abaf769910718f7f12c7184189bbc9e0b534dac3c9ea607196d95f8cc03ac3a849f1d2789a2e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\DcwwIYkc.bat
Filesize
4B

MD5
e2bbba5a5db37f3a260f81aeb56c75ea

SHA1
5699fda39a8e5c018aa0a9e39ce5bc55517c6d01

SHA256
fb2899dbacdc1f2c3a4ed07f3c339c2962b63fa3f8d463d2e2533ff5ee86d47c

SHA512
95ef73cc26e215943879a6d194e1586a91c155cafade2e1c65126415d5a9ae4a7f08c1a380475391aee3c663f444f13083ac035adfc72a9797ffe38fc4811893

Download Submit
C:\Users\Admin\AppData\Local\Temp\DgAIUMgo.bat
Filesize
4B

MD5
3a6330a5c5c7dcd372c97b52788e366b

SHA1
ecf16f786357c70faf62049e304aa08f4173584e

SHA256
741bbb6b663510f8083c8d136dc7bfc485e5180ffa870412a117c24586e5e70e

SHA512
d6d071ff5d100b0777f885ce737b3c4a25a537f0fc2a5d7556e6f1a57e86ede0491df486f5628bcd5161c897a2fd655d95c989c22da6c722098b3c2359bfe3c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\DmkYAcQc.bat
Filesize
4B

MD5
9af6d427a1e435a59012540099ac7424

SHA1
162f4c609963b30f5e6febd040f5582bc5e95ffb

SHA256
62bb8b42591bf06e334fdc54aca5a4f1e876329b54a6374c058ffd423db4c5f7

SHA512
97d1a5a5cec8e19f4fd9bfa5d96f6dad9dc73e3f9d46bf20ee63ac6f0f604509b4bb8d09cdd2df4cf3a7a1dcfaa7478dfeae8188be44d28c2da13aa68893d286

Download Submit
C:\Users\Admin\AppData\Local\Temp\EIwy.exe
Filesize
413KB

MD5
2d69120ebd2ea2437c4c5d33a8a1f486

SHA1
a8c5f1bb718a7de079b61f77b6008bd6ebfb4844

SHA256
1b4ab5e76db4e6e143a17b43ee19fe8d271385e7bdf7a153d224bcaab48a8691

SHA512
fde31a4971f1d9a80bbc7c475e4f32141c43ce6218534bc4b3a7a0c74b05c253aecebdc4acb31b72a6358c4305dbc3aa4d667ec638637cbbe514f484d8cc26cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\EKUIQwAM.bat
Filesize
4B

MD5
9fefede4814798e8a2c926ea53330d54

SHA1
9e0381b449ed918bdcff26ec919ea3fd6880c806

SHA256
ffb523ff04b074cd680541bdc8cff7436d1f8f80aecc2d847930f2aef974752c

SHA512
b44348fab93f84e02cf311ffeb0d0aaa4be9c33d6d94d891a6bb7487b7c2864e4cd0179d796f489e9c7f68c587d42c7d507b2f5616619259460c86862bd95c70

Download Submit
C:\Users\Admin\AppData\Local\Temp\EKgUUAIA.bat
Filesize
4B

MD5
784bf1b65bf17079920b6838c594e5de

SHA1
4fe0409473cc6117d60afaa160574400fdb178f8

SHA256
c94a9f1e23be843a4d0c330cf6052ba8accfa103891cd7a3f4a71ebed0e101b9

SHA512
9b4db76c290ede331943e4027a2399b158b1a6088905fc65051c0b4e2d36ea532a65ed87e4c92cf2efbe82219a3f5c34fd02f685895d41cd23c72d3f345d99ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\EUcu.exe
Filesize
228KB

MD5
bd55f083bfffd64f073f6e82526b4b55

SHA1
1e92942a20e61ae8b9892d85515439611701b27d

SHA256
ce38856feaea8e64321482ce8e05650099049318207fbd7182a9c478b458cab7

SHA512
5df0c610a5b2be0fbec419e2b8f237ab54d434f87531bed6595f913c0a90a844829b40344393db862677352431cf92f0df7b59d70ac2d79bac7b593db6fcafae

Download Submit
C:\Users\Admin\AppData\Local\Temp\EYowIYcE.bat
Filesize
4B

MD5
36511817c7de4c6dd68dff20b9f56b2f

SHA1
c3c336b1280d22132e10244f4db86401f23a7de7

SHA256
aae8923d40e3d904029a1d58485ca535fa7412c33ee75a18bd7df137e3c87dd5

SHA512
d3f05ebb2044d1d7b8bef503f4e16f7b51121ca0760e17500869ba73c9ab431d998433d2f34db38f4d66d86b6b806e86c06f90abc3a4e7704f341f949f4f734d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ecoq.exe
Filesize
245KB

MD5
4dd52ecd4ce91675920d7e7868f859b3

SHA1
a303d5fb3f43a1ee37676728e1f23e1f6b6b6c81

SHA256
24a988efddda35813df9c8d94d6313bde2b4b2cfe1985dbad9812710a7ccc102

SHA512
33b588af9ae142742e980442c834e8f04a17b92869cee6933ec790cf172c674febf89e37cdee70fd20a0a0ef3de414858852eeda60d07e1089c3cef99b43934b

Download Submit
C:\Users\Admin\AppData\Local\Temp\EkAO.exe
Filesize
230KB

MD5
b6c8979bf3e68e60e76001a866d0b765

SHA1
e880132485e90e786f5e82a68ba908ec7fa79ba7

SHA256
4ed44f4e21bb95d968cda455005441f14729685778da31336372ccc671a3e8fb

SHA512
cae8908e4139422eced9c0e4fb01a916d15e7ea0b715edcaed45c6acdb3b39599eb2dd7d5e0292548cb7d470333bdb59df4b0f38145b8d39f1939cd658f2c580

Download Submit
C:\Users\Admin\AppData\Local\Temp\EmwocUYY.bat
Filesize
4B

MD5
b3696d0b189c9c75207a09ecafb9f140

SHA1
99908d6b183de6df4536eff599f4ecadf1f1b129

SHA256
e8135c452b037880a65d161b05b14f2b19f6b64355dc2741759976ca5454e08a

SHA512
7ec77c6eccba37d36fd568653bfe51fe8b931e34139b0af9a3c87c10cca6595092b7637d93d27f5b13910e35b3ac88ad71be1fcbc5d9082718805061aaac6d38

Download Submit
C:\Users\Admin\AppData\Local\Temp\EscE.exe
Filesize
231KB

MD5
a15135feb0587a2da07b2eaaa111aa0a

SHA1
6105779ce20045f2eee7145409a8fa6247111274

SHA256
62e2491cfa04438967f65a7ec5c88b929b500c7a8f9b74a574dc688b3f88f8f2

SHA512
4bea3e2f89124ec575cec147ce7c5156f4873619a7ff09b8e1bbeacdb405abb68dfa20a0e37224bb53c50786848e3e49537307399706aa5abf438ef04d83ecdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\FUogEYMc.bat
Filesize
4B

MD5
490a9a4e0cbe6a8702a01728d4e9f8cc

SHA1
65fc63e7c23991d84107649bb1a6c80d7e0fbc0d

SHA256
015cb6a41012dbf2372d6b574e04eaea5f6e6652b87915b7427e96e3c14f293a

SHA512
c2c4bf5eb7b6a8d7b5da773a3d1f74d44a97e23637e44763a23cdace9cf68acd6e17fad344b61242a730d2a14fb8b29f89e320c7e8322494c2c1e639521216ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\FagwwwMs.bat
Filesize
4B

MD5
3a489fc92c686ae0e33690543cebb9d7

SHA1
4bfcabad39b2c547f8b9fc24f779f824ca097db3

SHA256
3f1051d4999a09896e2cc964176b1540143e3523fa197b7b98f6100fa0c593f1

SHA512
20d1acce06f5e7119884935ef4f54f88fe086c74b2e848416a458997e79a657046f5d4186f504f62098cf683c292703d470ecf1b8067dc06809c1e9cbf7b2692

Download Submit
C:\Users\Admin\AppData\Local\Temp\FkIUskQk.bat
Filesize
4B

MD5
b436c6c557f03ee9e21462791bb238e1

SHA1
01fa2bf989b49765001c678b5dd73090ea4ad90f

SHA256
9c90298f48a1f125b3c52f7e538da7b2ef873745bc282fce918eedcbd4e115ed

SHA512
eb4097fde21c52ae3d239b5cd5a40cbb1f5fd444a23d6b06ef0e662968399814b31a4db90bdadcd563e22b7b109a58a71626a155e23bf050ec3d4d8a48c86fd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\FsswkgQA.bat
Filesize
4B

MD5
498c37406aef81f78723cb8d7776fd21

SHA1
97e9187368ae9e27cb2dcd14d00c53e7fcf1d4da

SHA256
9da2d90bf244a25d6087b1d5d274ec3f4a406662d7230d5192ce149f7804d626

SHA512
8dc7b0c9733d7bab0f7279bffc8de01fafb0fe732e1400cd4e2cb262e6cfd66b0b4dcc64b7650a41d3085f5806d98e13552880a495454efba123670c3e860d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\FuIwwkwY.bat
Filesize
4B

MD5
ef33f24439327c22d08ed32ec9f27c03

SHA1
0e6d2904c5e90fdf39deb62b1a87561aeee7a21c

SHA256
38f6c96a61e7a669934071e9136eb39a03fa003c8dcd4ad802803e956cb8c791

SHA512
ee12bd2afbfa51fbfa2accf6640b3ee423e49d6d1629de0b5a4b2c5a081403088e464d87642094fcc6b1acf976406658004cf5af9b99bee25a33b3d513c4c13f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GAoY.exe
Filesize
204KB

MD5
912a36ef716eb3b82b2e69f0185c382d

SHA1
83a2887ee84759ddc8873cc3b15c3d4458b8a6d4

SHA256
dd8c12fd7dc0a0b2d2e64d61c31aad2dc035880a834e7234e518d3990d09acc3

SHA512
1f79a78c265bdc534f2ee2930977819ba1bf6747135f527d631a5190b25de5d25a74937a98d353e0099322bf47138d950f8eb0ebcca420da722806f47f22ff55

Download Submit
C:\Users\Admin\AppData\Local\Temp\GMgYQIsk.bat
Filesize
4B

MD5
e599ca895f16fa9a3eecbabc52550558

SHA1
bc9007b07e27faaf10e6cb2bbd12d4fab8ad0916

SHA256
d1b78cf3e792d4ccb96ad2515502284ea663de27f8b868f039e2ad2595e1f59e

SHA512
2ab1cbeb4d05e32da63b8e44947c1900e3a86a1b8b8478e4ea2a15ab098dd5abd84a65e1bdc7d1f4691b6584055a750af3648f85f7878e2963fc639ebdab4405

Download Submit
C:\Users\Admin\AppData\Local\Temp\GgwoEAUg.bat
Filesize
4B

MD5
651ff31c916e5a1265a547dfb6d44eb4

SHA1
5a8a754aa29fa58c6b3224baafe0e0fd52a9333d

SHA256
92d5d8d1f1357cd384dab84f8df6cf9c58a784a8e3e4f84ffda0e7256834547a

SHA512
a7e79be05c580d4c713a0d48ff7c55371c24c11cb679569f0d0400c81894701645d3443adb6d0a6d5567aa163c066db3c586e792a1b3490776c3a59b75ec199a

Download Submit
C:\Users\Admin\AppData\Local\Temp\GoQo.exe
Filesize
189KB

MD5
3fdeca48150b6780a7dd77fb2c17e10d

SHA1
5915bb1a00e65336b9f249e1dcad2941e0146b63

SHA256
c48bb743a029cd3cd77df2bdc52b78a440604059af827ca165ec7f6acbe8d185

SHA512
e52b5a5a2c440966cfccd7da61cb56868f8abd75f31d0e4768569da66f461300b3c131288cba16d69c97edb1200de03582c55e91b2a37db18a8f8e387ed630d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\GoYoIQEY.bat
Filesize
4B

MD5
10c05c9a13362c5360495c8fb307860e

SHA1
34a1cc3c2e9c9bf0c7a3465f2564f76f5461395c

SHA256
e52af36e9808c5268e37eda58a2ff3170b22350fd71c541ddda8d8024e1d22ce

SHA512
3d780b3d6551b5c1feac2e53afc8c32ee3c743cd1178a10697c4cdc596a48916c44420aa2c5b585f12ea74c2fdb27fd94bf821e97390cfb4b62d880ab6b03444

Download Submit
C:\Users\Admin\AppData\Local\Temp\GogA.exe
Filesize
210KB

MD5
3333c7ccdd4ccf197ff5c3c820739723

SHA1
fc41c9e5f3a88f16afeb6d4083c70d30e46218e1

SHA256
db52efcb24ed510da77571211fcacbd0613f31fc3e3e7a545afbb647b2118d68

SHA512
603f898a8dd88e324347fd205acb4309a4e3fd2e9872b52c54100585c55aaf83b77a2c7877a9b58038c5157496a6c87c065637fd6ee79fe4efc89d7bcd9d5586

Download Submit
C:\Users\Admin\AppData\Local\Temp\HUQccIgw.bat
Filesize
4B

MD5
8d26a1a5d712ed9c2109440542d59120

SHA1
e58cc639ee276a1cc90be1196ea11bd648f5473d

SHA256
d5714e2857d514bf343663f1ca12695f1cf6c62068a6b5b512a2de04e048b322

SHA512
35467b150f547f745f827b5facddc5f0142d9b3e026aec6a205a047693f77a56e53268317548ab44d1540ab695ad4bf08179f401fb183794160fbef2bed1865c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIIA.exe
Filesize
236KB

MD5
996e1b13d41ab3f3668a4fcae6be07ed

SHA1
eb7d903a64209c43b50081291bb8ace0aaa536ce

SHA256
cc6c81532ba45430f9fa0db9c61d6b2e8fbcb1d49db7e2cdcd373d0f0c3434f3

SHA512
e1be6ff80498207829886b7c1d0bf1883e874e860078723a8115425d3f25aea14c01e05195f27979989cdadcc5f0c447a5f589b5746124c5c212739e356af6b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IooO.exe
Filesize
189KB

MD5
29cf41ea91541bd8d43366b9072482cb

SHA1
349c9eda52993d0cd803e30cc25f7d51865f5751

SHA256
344afbec04bfe4b22259499b047ba6e8c130ac16c448957c10573b3673326120

SHA512
d643bf0f5f1834420c0e83da13a150fd8c6e179341dc4040316dbdea89372b9a749193553520b4ae97f66d2d607efe3e3ccf2104a3af8f8b5c02cc9c3debbc39

Download Submit
C:\Users\Admin\AppData\Local\Temp\IsIu.exe
Filesize
231KB

MD5
da36dae7380b69968115ade3a592a947

SHA1
6f79be2469cf62dd1947cb821e8b5cd7d78e2fb6

SHA256
6f0a1b0655c181658221d902a4e5643cda0d8064a27e4169d13625dd09975f0f

SHA512
662ceadcb48a59ff6a40cf8190049c81a8bcf6aa78277b6f96434c3f873e438f7980c0f25fa0416368289586e6df4a192f43389c439ca16510890b3afc993bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\JIcsEgsw.bat
Filesize
4B

MD5
f46e5e49b6a817301ac12e5021367e4f

SHA1
a0a8a91acd9c40339a2a4ecdf93a9c210ae74e60

SHA256
cc04682d82eebc85af87ee3884bc34a47326b56f080db5b85e326961e9cf3a38

SHA512
d4e7fd617635032e08682190c43f090a4a41c444960ae5e21505d31399eb61552d5a3cab58c07c53ccf23c96b1a494d76a5cd8eeb12835087a7ae5f813857cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\JyUcoEUI.bat
Filesize
4B

MD5
6dbe68a8dcbdc544b424c1edef02f0a9

SHA1
c029edcefb9de007fa4f165cc8ad49aee30a8009

SHA256
df8fed3dc60b4d891f06834bc603bd9fdc7ff21e1652816428edf8a65208e8f3

SHA512
87a39e3b5918f75b156c11b5a6a0aa9c7b75e6186829fbe67bb1ef1f2ba343000b29f679086cc6d91056ddd879645088e30ec5342852e605745bfbe051b65ea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\KEgU.exe
Filesize
235KB

MD5
3e0ef9a6520dcea7a61d4ca8fa65b008

SHA1
b740d878b6c1ac77ac25bdbd378d34912741458c

SHA256
6dcc65e042c3c2da5e8db8c015feee6408bc09e6573ad068e44592f559935a24

SHA512
d73442651595be3f77b5ea9f863904f24c887133c41c0c16b54fe72e7413ce25943afaa8a3afe1776b6cb00fd6585f3bdcff4a8dfac5a687015d0983f41f3e31

Download Submit
C:\Users\Admin\AppData\Local\Temp\KMEAwwYc.bat
Filesize
112B

MD5
bae1095f340720d965898063fede1273

SHA1
455d8a81818a7e82b1490c949b32fa7ff98d5210

SHA256
ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a

SHA512
4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

Download Submit
C:\Users\Admin\AppData\Local\Temp\KQYS.exe
Filesize
193KB

MD5
8397d09a2453761cd72f286d22d90e13

SHA1
d1cd827911b9c4b68f59eec97fc5d154769e4e1f

SHA256
1ea8d555ad4d0e9b296eb81547de3c22febffbd2ffe0e62124789c3bc9b85deb

SHA512
635b3f6d087556f778ab476933a0370ac9c7568935cf5c605d98595e6b2111d9e5a7f307d87f08fbfcf43d6c82c90cbcd7f0a24c78df184b99d487064ac65b67

Download Submit
C:\Users\Admin\AppData\Local\Temp\KWMgkwQk.bat
Filesize
4B

MD5
26bbb5026d5b3578d6e1f6205ee6ac5b

SHA1
5dc07641e68961050d6a84a5371ec72987e4c9ef

SHA256
cb1a1525b7f99057722600c6e02216914e3c36abb264d3f80f7b407d35996b9d

SHA512
bb76d7ccf3d903089524e853560a83cd53b8a9ddb3c9b461efd136bbe007e048352110d253af772de5e6d2f25b0096f4d12fba9534097cf96a92558f55fbf8db

Download Submit
C:\Users\Admin\AppData\Local\Temp\KYIE.exe
Filesize
8.2MB

MD5
d0e9cea04bb85bf13902bb2f724390ad

SHA1
7de0349ed741a433ce7aea8e97369a419f98ccab

SHA256
21223686577aaa989c21c617626dc8486b7c7c74a077d83a5e98943ae3c76308

SHA512
43f6adcc115a234c31f8dbcc4e8c601f8506a6c21e2477fdcf28c2976fdafde8e62541666560fc4166508d0b6490acf3d0c52fa39fffc8d2ec1d9e44ac4fb2f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\KkUkkgkA.bat
Filesize
4B

MD5
ad16097715fdd2f2a4affb38a0309f68

SHA1
732533af013bba8bb2caa4b83d673972c9631a54

SHA256
5272e29ee3db6ac3313ae62b8d2e4d642462523941f9212521d2a5d252342031

SHA512
61f23e68f12b82d0af85ea220442592be21015736a1896aa5c808d83fb66254de41eec0afec9c701b8715321c3c2ebfb617316534f846c7e4bbb287b7612f73f

Download Submit
C:\Users\Admin\AppData\Local\Temp\KkYwIwII.bat
Filesize
4B

MD5
b6db77413887723b75e1e0cc508b20f8

SHA1
f407e548c30fe59c411799b3cc554209f8a3e1e4

SHA256
ef815231961ad028dfaf2cf9c08670bc42b3a8f0ff63aa5a10f72f2f7f54ba66

SHA512
ced3496f7aa701705b1d6a36f27eb804a7a0355067e85ac631d3c949d7a6bf972a0fdafe78fd8ef76780387351f99bbe2bba8cf99ad7cfab30caf113bcbda882

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kscq.exe
Filesize
242KB

MD5
aa47e2d6a55474bf035a66936882bd34

SHA1
dd5dc75ff14aefc939e9024617e7be3f7fe8c6d7

SHA256
f37a8b324f0c25064a4227b90ae77418d1f9c89072126cd7b5d82927b73f0c1e

SHA512
a08b1aeb4edd0f131e60c814e3dd07d57e7b46d3244ea78e6e702f4859688f722650c01a83e89b726ff243eef708476832306f86c1204dcb53e7684900b6b823

Download Submit
C:\Users\Admin\AppData\Local\Temp\LKsMIIso.bat
Filesize
4B

MD5
7632be0ba8bb7a3edbec66df134e9246

SHA1
a4d588acb0af2c3e49f62cdac3ab28e7598e3ffb

SHA256
c76889393de71fc6f7752ab7789fd963a2e4ecd80b17cb27d6ff8c7ca9fc2f26

SHA512
9989a3c7915fcfa359980d73c82d51c79873457ca9bfc9f88ed77cc36c900d8a09c16563d1aa0145be111c1cfd168f169c263a8b6c5c68da407a585a8b0385ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\LWoAwIMc.bat
Filesize
4B

MD5
e7a71368e3581cd2540f850492c889df

SHA1
a77837d3c0abb63e8e2a9377e3d7870aab40a2c3

SHA256
67f44eac9a90cac62f331c6e775a95ae10b35fed454bb4eef00a2dd3155d8177

SHA512
cdc9bc24b2fedb553cfdcaeeac6b3eb0dabcbf2c039ddea1e6aa2be0b6ff846b9f7da386fa8f2b445204077c19255109ef7d598339ae84cdcf58556078ce4c1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\LsAkoQQk.bat
Filesize
4B

MD5
66ef32be78ab1f94c043c621f648f0fa

SHA1
2c4a2b41a5de3ed6cb8018e101ffa7a47cf11920

SHA256
a7f534a478092b5447b36237bba3e5462606b49d0447c16995009061261911cb

SHA512
2ea2b87fbba8d02dd3f06892f25dbf400f2434f5887c48ccd69775fa91ce5387627f277345bf35112dedf182625760a4734449ec75685e0708c8af0e8a4fc638

Download Submit
C:\Users\Admin\AppData\Local\Temp\LuwAMYYA.bat
Filesize
4B

MD5
c165a239ba97aa067aa604d86911d40a

SHA1
95749f2346f840997a01c5a303cd05b40fbcbabf

SHA256
1db383f4071fb83775d52f1399bbb066ab2977bd5036ca40f45136ba679fc670

SHA512
5a582de1c281770822f424f626d66f0845c92de01c96749735556d01e3d9298a01e10d00ee3bf0bb60fc09c7596a1b33ff0b87aa7ee784cea9c4d71ca439ef40

Download Submit
C:\Users\Admin\AppData\Local\Temp\MMQq.exe
Filesize
226KB

MD5
d2d3a619b5ba4d79ed39347fd2eccdcb

SHA1
d0f468dcb8ef9fbb313ca904c764883b8fdd6414

SHA256
95406e090a6fe7e15dbd4aeb64f47f3a15bdd9a32ae6e126dd23fe50cc31063f

SHA512
0146bc4cc419827fefc800db98ff1fb4b10354ded945ea260275c14637d3dd6f670c6fa71c19703101ad210ec92ea794922bfd70475c829024e72e2753c4ace0

Download Submit
C:\Users\Admin\AppData\Local\Temp\MMsa.exe
Filesize
248KB

MD5
41b41e6a850b660db49fbb09bd943a97

SHA1
770f3833fb4ea4ffc0a0043b05f1f700b1859199

SHA256
4e113a40e4351fffd8bbfc0b1521c45d6c1f28d8876755a3268e2ab075601582

SHA512
55360a320d138df60247a99f155620c6ceb97bdcf9a6c2f7996ddc8364f86028168f70893930752083dbd3f5a35cc4a8a4e07e8acb21d208c8f6c6396b8b154b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MOIIAwUk.bat
Filesize
4B

MD5
8370fd13a8004897f815928e2948023c

SHA1
b4533c154176e4b6d86831110ff603effcf61575

SHA256
c722df1b24dd4ae6623573a45336fbf4b1b13189dc76042bd33bfa96c03b9869

SHA512
2cf3fd8eb23aa78c90fd28e480bac64f8fb5777f33d835fbd4597c9bdfeb637b37967b86d4b3426af4dc310f9061d1c1729eeffe53985722d53325031f101a7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MUoa.exe
Filesize
235KB

MD5
1be12071841927202f2415b3b5537f77

SHA1
03e1c4074ccce6d9fc6d2b622b8e77f9f20572dc

SHA256
eac160ee48dbf0496bca5766f525a91f8578126e4c4bf96c94f58e7a16ff85b3

SHA512
9e04e733d02cb98ab0cf247ae54ffa0b03e47207ab066a807bb59e5b5be00f8774ed9be25db30259c71b0bf6876464ea93757bc2f341b5a2a5e60bab3db95ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MgMo.exe
Filesize
203KB

MD5
243ebeeff9fc5c5a2ec3e8083e350ed9

SHA1
98cffe6a7dad6bb5d66e80633aeee930f0719310

SHA256
9e108077070abadcffe543399a869709c592974a7f5741543010f35f2a140dc2

SHA512
b6793b4563e40b124d800a27863d2dfda89ff997bda580665f6b75f08167e72cdd3aaf84ceaf79a71fcad21601fb770c8044d0329af9c28b9a5fcac6225cc687

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mosq.exe
Filesize
188KB

MD5
a30e3db555cc51df0270c01f5a6af581

SHA1
d2aaf5c6e2d55fc8ce8f4b19cac4fd26ece93b8e

SHA256
37a3b47d1c8aaa948fb43569454908859fbaa6ca3e34f62bdb145e72b07e39ab

SHA512
4878d9784150783a1678f3fd7f7f88868442bb78b8febecb68be3e8f19ae5d70324062c26a21b3de9dbd0e287e869d077d85f3d7d23324b506cbe6c3ea797f14

Download Submit
C:\Users\Admin\AppData\Local\Temp\MqQsccoc.bat
Filesize
4B

MD5
82cb7df0023d34c03bfff2eaf6d06696

SHA1
17169040ede38cd80f49686d37d03546703d1d19

SHA256
87b35722d3b945153f75d86c4e4866c32696fad1d4808e24fd3b9f4c8cc5dae5

SHA512
9175a7166eeb559a996fbef481adfc6e9d8601fe847eb3f73d359f0283dc2dfe233277723a10c3c5f77c9f2149fdc4c240e2723168116f5e5f87af4ab4fe80b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\MsMs.exe
Filesize
1.2MB

MD5
7779a9c44d26ea2e196e1cc3d0b68255

SHA1
872013c7f1a1959dc843ca099c055898b7b35c51

SHA256
19d11f8e30252533266ef57b138ea6cb240ca486e68c53db0e8805c0c5c6340d

SHA512
366e837ede5399797bfe8e3d7ac0a37658c0c7b9e0f163081076606222f95d690cb6ff132f9581bd627cf18732f4eb6e5373cc593fbca68cb4af65862c42adae

Download Submit
C:\Users\Admin\AppData\Local\Temp\MuEIIMoE.bat
Filesize
4B

MD5
f0efacd332a63f29a43042c123e577bd

SHA1
b32edbd400dff3c2fe2467963ce6133c42f6bda1

SHA256
6f04e70ab8baf2d0b59f69fa04328c48e5bf95f0c3a4efbbfa33efbdfe7607d8

SHA512
8e20a33d9d26ded723ae0fd499258e49b8b6489958a26c786a50c87f5925d4c80dacb05094b2225fa9e46438aa8e9c78ef237e77b937c7713902e13d1163731c

Download Submit
C:\Users\Admin\AppData\Local\Temp\NKYMkYYY.bat
Filesize
4B

MD5
2037f84f17d050664dea5408db2bfdec

SHA1
7eafebd0fea68d41a38f5cc2ec0ce0588bb74b24

SHA256
527474a5ed2a20812d45a60c4d809299f10342ce173fb34257db79e69c9738f2

SHA512
c311a917f954934f7accc4d70426248b8c542fad234347e58f576f84b08565ba3dfd5249f277625b69133d563cae3ee7a55493ceb8dbaffbe1cce28a2d6a54f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\OAco.exe
Filesize
247KB

MD5
0f8116943e4097f44674af3bab5c8932

SHA1
edac6201e711c895f84f75972b14c774163b9baf

SHA256
960106cdc90aba5d5836bbde86d622b95dc72c55e77f64aada1b6917e576990d

SHA512
8739f0b8d9314488a7354be8c55914e87ca50626853b6215e51f0f73f7bcea43adfab925f0edb197e87a50f5fe57121e5b0634e04dcc4b2eff3e42a13b2bb8b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\OIEI.exe
Filesize
244KB

MD5
690f3ae7f4f1ce281e9208ff3f41134d

SHA1
ea44521ac6f5c1d9b3096bef28a0040ee79876b0

SHA256
91d3f1b2ea0046dcb15de656f6caf579bdc091601d76b5ef438e519bb4618cde

SHA512
cfaff7aafaa4e8786c9ecf8492e64401a2f3cc1d8167dfafb0b65e6fd65f4a88d44d8af9e7438caaac71f1db160cfb5cdb30d99c34d1aa2c6acd5ff4ba21d4ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\OIga.exe
Filesize
193KB

MD5
392be9b278128bbd3989f87628da09fd

SHA1
f17ac478357304372f0bfc658491312c07d0266a

SHA256
341a7a361af9bd5b7c7525b7ef4a220aea6992e23b3c467cc31d0d267a0b9b1b

SHA512
70d58104683fb8466b4096cd0a17f56309a77283200d34f48e78db9493c417578220ee49c893ca0c7a97990cb64594f7fe2b0e360f62520ebc5255749599e3c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\OMAk.exe
Filesize
4.8MB

MD5
8cc188665fe6c29317c28299460fb110

SHA1
f11b1b26be3d4672e1ddc8f48c538115a524f8fe

SHA256
54c1fbeae88d81dcc155444af22dceb743249cdba99bd4d5c17715fec774dc04

SHA512
0d28f6bb466537f0e8f3db1008d4b213f1793ee14c1348f15cfbbf56674a753831b4264c2bfa946fda0ee971a05479272ea09463699a2a33ae7989c6259e9c1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\OMsy.exe
Filesize
234KB

MD5
46ef21c3cf08ac9a4a5cd8d7385f7e85

SHA1
ee40531bb44115347be4377e93757e6c2a425120

SHA256
401d501d6a31b24607511aa6b828edffc4ecc83753a61647c522a07790d8b716

SHA512
031d872f83969398acf3d430120c6b344547878a628b6c30d7e1c3a2a5d36c7c87db921770bab24ce3b25e3f1a0849ecf9ac5c669312156f459bc493e7c885f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\OWAwgUkM.bat
Filesize
4B

MD5
1dd2d4e54974f23e954110ecac8ba0c7

SHA1
4a2fd806cf0ca2ae150f08c6a6254ab22c400561

SHA256
df798644859640255959f0a1f6267e31c0c7dc6ca81832e96170b4dd9965c111

SHA512
3091321131f1d649ddd98406606322caf7870b6060d0016b4b143533459b811c546dc207dba2d6cc52032195e69a2654dc6ded19b8af9d2239104bf8df6457a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ogco.exe
Filesize
231KB

MD5
6152e4a9777d88ddee1778f83948b68a

SHA1
19fa9cfd133c679188420214bbabdcdaffaf1c42

SHA256
ad9a05def5d27128ae70a828a04e36440588c327e0e8282a28cee520c23a4197

SHA512
d65ad7e43a753f1297b9903ecc3c4ebac6746d1a89f08d51b2e217766e2615486c2aabe230d1b8e047f685d50cde4f43c785d32de2929f4a0a56e82f5bc31447

Download Submit
C:\Users\Admin\AppData\Local\Temp\OkEI.exe
Filesize
201KB

MD5
5ade52a0ada02f10cabb23a20d7bb58c

SHA1
2b1198d22f048c49f06dfbc3d7da58802e154cc7

SHA256
cc0b53154cf2d82025c6dbf0372c06f25d3f272b6f165621a99012d8ed50d38f

SHA512
cddc97c8190f3d1e1fe219f5efcf656587b0b08e39eb30358944ac737aa4f33649c2dbedf63ce02033ca83b97acdec73db10a1dd161113b022bbdcd8aac146fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\OsMC.exe
Filesize
651KB

MD5
add3866a2f1becab4241562d0f7ee4dc

SHA1
0b994e33c6d14bfb2fa18881bd61b24844c55602

SHA256
3445d58002c04b1918c5becbc8e2e9b0ee5a770c22e2ec85602acf66f63ff6a7

SHA512
f10021f783bf7877436bffd69ad3faef62457c48fa79382d18cc3f423894463a416d1ff21ba3b68434cbc6848951fa87a4adc0859f9b98b57ad290c11c5c790e

Download Submit
C:\Users\Admin\AppData\Local\Temp\PQskYMQg.bat
Filesize
4B

MD5
025f25551af6c257841c03757cf66a91

SHA1
ccd600f0f9c1dbe38bfae7002e1eae362359faba

SHA256
b04c71de8af039f52b8c73e3e15e9f853733fe39c39fcee71e4b3671b6ce890f

SHA512
90b1bb6aba975ceedc6eacbfd847fe297f69342c659b96a7093336ba8292b95c520ce2d1fdffc9906bfef321a4ec9a4dc7b424c5b7a237d590d23fdceffed27e

Download Submit
C:\Users\Admin\AppData\Local\Temp\PwQUMwQQ.bat
Filesize
4B

MD5
f77a68532afa049143eaff987c0eef4e

SHA1
3ef8231a9a817e5d7dde2ffb8cdaa2f564b31873

SHA256
d2e359557e3f498f4a4c48619670164882d32459127616d5836002bbae43585a

SHA512
0348a58e6ead6146cad6a890c9347f5264fb5007dc1155237372a9cc927fcdfd667a33f87aaf749310ab807d65795a9db618050ea67bed9bf7df16a076e11d4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\QAMM.ico
Filesize
4KB

MD5
5647ff3b5b2783a651f5b591c0405149

SHA1
4af7969d82a8e97cf4e358fa791730892efe952b

SHA256
590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db

SHA512
cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\QGIwksEM.bat
Filesize
4B

MD5
b01825f2072b775c6fc826813a91e3d7

SHA1
004b4b05b93a28a5e986be814582dfcaadc9d561

SHA256
d2d4a5cdce19025d435c8b07c6c6d9e48d43342c347617a025727ff1332d99d3

SHA512
ddfdf0ed4e8c7d840d78fc4934ae07147fac84f55ba5a78fd9788fd5b654dd6d8196bb07beb5ad0cc2530f03d4f0ef7adaad413e47e5590d220c7e41846c6558

Download Submit
C:\Users\Admin\AppData\Local\Temp\QIka.exe
Filesize
236KB

MD5
65e15c3145316440b5bccae204102886

SHA1
53701c2a81692a927150dc1d6f7173fe2afa7199

SHA256
ebc3929222750c23b911f9ae1667c7d41ffcce9cbbe050581fdfce720e99ba00

SHA512
0b9a479aade6c122c146832e4e1622ce840dfb920a12e41cceafa173a4512d68958bd98c1ca20ba32aeda92bf5a0ca7787ba31d4fbe5bb85e3548bdc5a771efb

Download Submit
C:\Users\Admin\AppData\Local\Temp\QYIo.exe
Filesize
241KB

MD5
3300b98176c76d71edb19046884063c6

SHA1
50247c9e2b0486ee0a510d985a59b5e8076fe393

SHA256
54a86ae4b491cd23554067f1f20a2404186c11217428df28a8beeaded52ff096

SHA512
6ce8670498057ca1856032a9930e57fd9ec49ff381a7d1051f1a0d98759cb96db2f57ca41cd71282b770e5ca5154152b8d98f0765b69d350fcbe217077edd047

Download Submit
C:\Users\Admin\AppData\Local\Temp\QYwYsskk.bat
Filesize
4B

MD5
ff170bb94481679ceb259d5bd23ab95f

SHA1
4504172b5998dcfdacc74a658189511ea68a1647

SHA256
ad2731d79c44b7e4ad8fc585aae8126b7c6bc2a433026214f482d247d82c1d7c

SHA512
6ea2395b876ac332867669940ebf69718d3d6beba4c468c6cfa710ab1b1f579b665ba378fda0da5541eae766290b351a2339f3e429a79a2c1fb6b7f0da374f14

Download Submit
C:\Users\Admin\AppData\Local\Temp\QwEO.exe
Filesize
234KB

MD5
8de0e4c2cc1be48658a13effac1c42de

SHA1
514d08ad46f3705901df66ff12026b37aef5148c

SHA256
c12f1db4a442b745ecd4e27e501a51d7ffec477837e2a2e32d1a8740cccedcc5

SHA512
fb0c47800182f3c0294cb8ebf13e6815496c8592daae69ff54b1c75fa440eae1e32dd2111381a1418f3bca7098f3ca8451971348fd7d9ad285f1533674d91c10

Download Submit
C:\Users\Admin\AppData\Local\Temp\SAAm.exe
Filesize
245KB

MD5
741e915f0a824b73abdac67de773bd84

SHA1
bf960597cdcd49e3b9999e409a1a6e582e78e0db

SHA256
66c47953ff4aa7b1f75d026cd34610001a252d20f9b44aa3c05031793d7f48bd

SHA512
03babc40d80095537e55a1a2bc40ebd8c2548a8150fc3f0b61d28e62d5bc5b34135b4fcc4bc4dcf379718a467de0a285f9d48880294354e0a32f59048a6fd031

Download Submit
C:\Users\Admin\AppData\Local\Temp\SAEW.exe
Filesize
248KB

MD5
d22880c1ea4ad7ea4989404bb31a1679

SHA1
722bc2074d35c8e397e9c877f3241885bd6dfea6

SHA256
7ae10691089a56ac352d0a9bb226e41de95d76a330d940eaeb34fea860b5439a

SHA512
dab983a8738f10a46687297f83383c1345efa9d173ffd47fc1bd049607fafd32899cd1858c494fc886cfa0cacf34a77e05b9ed16a3b14f537a30f0e781edfe90

Download Submit
C:\Users\Admin\AppData\Local\Temp\SgkI.ico
Filesize
4KB

MD5
6edd371bd7a23ec01c6a00d53f8723d1

SHA1
7b649ce267a19686d2d07a6c3ee2ca852a549ee6

SHA256
0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7

SHA512
65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sgoe.exe
Filesize
731KB

MD5
e5431613ca75606887c248342a64b562

SHA1
9edaa2e2036767fb36de62211e6207df83c97647

SHA256
63b3a642e6e6cbbf93f5e0f724bc29ce4aff09a2c32c14c14c0cb2637659f2d2

SHA512
393760b362a50c4f3b3501865b1c1c6816e821babee4535147bc38bbcf78afcaf230f616a1b7900d7710d50f83832efcb3e4e175a4cddae78975ffdc7f0b869e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sgou.exe
Filesize
356KB

MD5
7f5f03fdcd41b71a3417763a6bb83bf8

SHA1
17a5cf846614689ab691b3507466d7353c17c1ec

SHA256
ac5c789888e2e108b0a7afa9ecea0f46577afe9231ba8963a95bb15272efc0ff

SHA512
99196756fabc9c1226244b66df835e993ffa1d27572ffec9601de6ffd55b72205a43b36ac3c7a92486ee1a03bbae35e8f6779a50eb6c9884cc1300a84d81fe1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SkUW.exe
Filesize
427KB

MD5
b52f3cdabebdc21e14bffa0607c9e5a1

SHA1
73d73eddf58be58281cfd69134847c3d535c5191

SHA256
b79b347b39581a63409970b79b42f640c2943d9d3c21aa71a86b0a08eb850f21

SHA512
bb33441a0aaba1e73e3fedcc53c586eceead8bc3e98723d732d1714721234b2b16c5cffef393186dbb58fd7c3a370caf35a5da82a7dcf919974c152db1ec3c9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SycIsIYo.bat
Filesize
4B

MD5
d7f13cd27c245641ef5574438e78b144

SHA1
02786a15759ac431d187c07d9a2bfaa215e3f6c1

SHA256
9c0c0a87364cf78c1994175489741a5f05cc7e18a66bc7fcef350dbb97218d81

SHA512
59d33bdf0f074c2cdf6ae7331c6c0f93ea76e26b4a89ac0220f706675377370093e74315dc83ea78057e7bd6a6d006635e5ed8951a3bdd863b6a74f6667a70db

Download Submit
C:\Users\Admin\AppData\Local\Temp\SykQUQYs.bat
Filesize
4B

MD5
37d59f330262e88ace4e3c10120e883c

SHA1
81d24dbe27e9806441c3724f75a2a60da9b2c6e1

SHA256
1cfd09f0a1700245948b66028a95a3047fbdfe06c64753261eeec7b03dbd9329

SHA512
78ce667deebff9b5925782ca49a2f0fdf8c89493e39c3c7157ceca9377a165aa596c85e05abd213e1a12493fa372f110a6f87432969b22958f0d24c938371ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\UAQQ.exe
Filesize
437KB

MD5
ef7a886f070c9e5a7ca1f3acc0a0ca47

SHA1
7b1cb16e674e3a19cac791f9915c6cef9d7cd2d6

SHA256
cfe679071c646fa715155cf443c16fdbb0a805d1e470bdd93adbe0da7a8a8d45

SHA512
e12767952f9aef5e671f3f558b21635710e2bd8cd6e6904131f6fa268141d2cdd2fe883a0423ee42b2810aedd77d774f9d1d0d171fcc44c4b83c2053c7b440ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\UAQk.exe
Filesize
249KB

MD5
885dcbbdcfeed084a9dd71c2e289d428

SHA1
28bfda1da49cf47febfdf868331113fd2f641c93

SHA256
cde9603b26f0abc91fc60cf48ad1aea467dcd15a065daa5bce15b250b3a1377c

SHA512
c17ff27268baa6b6447df95b9fafe06013102c35f7ea44dfc3934650be647c8f93b63b5a8e7d38eb1c7db7f57ea2a73de15d2b2c3351c750621558125414797a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UCUUAsEM.bat
Filesize
4B

MD5
a297d59e61c59593d60cef9f4a40f5aa

SHA1
f281addb236a09a864de0e57426f750e80dae0d1

SHA256
5f2886227fcbe4f02db1b4489e729dcca944c27eed2650b550646c4d0d602b9c

SHA512
fcefeff5809e293194cf01548129392edd29cf9ee0aadb9910f3f0f7099f81a55a3b95ac50788fedbdbefae639b12471ecacfd508a4482d20d4e1573d6920457

Download Submit
C:\Users\Admin\AppData\Local\Temp\UEAU.ico
Filesize
4KB

MD5
ac4b56cc5c5e71c3bb226181418fd891

SHA1
e62149df7a7d31a7777cae68822e4d0eaba2199d

SHA256
701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3

SHA512
a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

Download Submit
C:\Users\Admin\AppData\Local\Temp\UgAs.exe
Filesize
230KB

MD5
26429f0924aa60e1d0f31cb817dcb89a

SHA1
1b8e6cc8f02d08bfb448ec72c23ff5d68e8844e5

SHA256
118033eb4c6a58de0669881ed89d43bc8347e8d45881c20e7df032fc9ad9d0cb

SHA512
6d0763ce52ea5561c863b275df5e486f8cc07b99f54596a10ef39ea9308ccd6c2b5b6831b1d5f9ce5cfc12e6ddea4e80f1abafd5e4341a39479ccc8a10ab8468

Download Submit
C:\Users\Admin\AppData\Local\Temp\UkAMAUQg.bat
Filesize
4B

MD5
ad7aa35c54948c3d83a4562fcd16b7bb

SHA1
d0e92cf16c25a62f6590850051897f7ff0c5333c

SHA256
13f18d12d1859f1dc7426636e5352d8e62a8d9e3b1888f0240d3b970e91fdf64

SHA512
1e308d99889627835bfdcd4d7f1b886e03b1a1e4ae49307ccb5c395cb25e6990cabf96185eae94b654437f200e46596752f8d81624af6b04e742aab7a84f70e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\UkIUIUck.bat
Filesize
4B

MD5
d7e2a5d8ad3ade911d422abc8df2c02f

SHA1
95b51de44a159cb711b09ac7ec7d1186acbaab21

SHA256
cd1c1166112f5c32b7926748f0afddce04ad860f737cd29bb16949ee53086e3d

SHA512
5c027193f957d83258bdc5ef0158aecf02a8d2e09dc83b89389ef5b0ab7ac392d264ab904afd37ec248d2290cf12533b20c44bde77de66a87ab249327b09c7ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\UkkQMAIk.bat
Filesize
4B

MD5
35d6483044435363cbdf98bab23c7b0d

SHA1
c51cdcb1041a77404466e37180aae54d4d510aa3

SHA256
c176fefcfa0005380f760cf847aed98b8a1218d1f57e6c05ace2dc7df35b6f62

SHA512
c312ea726394d66513be9a22d2c911c172ab9414ca671e1c7c91a3e23f32d0ba7535a4c6e65c651188cb9cb1ca96b651fc2007fd9fb35921437165213a15dfd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\UmkAIYMY.bat
Filesize
4B

MD5
126d5243b738fa3ff5ac128578014625

SHA1
81ef2fe8030dc2c1b8cac092c01f3d4c8f848c24

SHA256
acd7b19637b30563919fedf9997faba97b088bdafff93dacaeb0c357f23cfcc0

SHA512
87e29743a591f33e6d5001ce2948b687efdcbaf6199fed7da985f8d19ab7a43f09b1967e8dba4b0b4e587b3058fd2c3c5cf4c9098492c2e5f7f745d377cf2688

Download Submit
C:\Users\Admin\AppData\Local\Temp\VIwIEcIU.bat
Filesize
4B

MD5
42751fee22479f88f13d9b6e7673692f

SHA1
dc5827a484fe8ab8b9f3f7b37ad43f5aaaeab5f8

SHA256
865e4dbd3c7910c218db869b2b0f266edd326ca5dc0e2c5c068d2c42360a8bda

SHA512
dedd796d2387663e4dc6f78a1fcd95d25341da1d845a620b152df9cfe40f991eecbc08c89d218a0ce1d07eefc94f30672bb04e77a092069938707e53dd0b5870

Download Submit
C:\Users\Admin\AppData\Local\Temp\VasAEwIk.bat
Filesize
4B

MD5
b50d3996b810f2e650caf6a96e04a111

SHA1
e85119c6eaadc32f299f9476c41ff9a60b74b4fd

SHA256
f52763b938930290a25633d60f944a0b4108843055ac5bb3b06db0c597247764

SHA512
14a866bd2b47aede462f7f8477d6d7d18aadec7024d0a0dcaedeb4099e02f96e39f83e56161db5d81b367f4e1b349dd98ce7e58e41e66249038b384f1ed12177

Download Submit
C:\Users\Admin\AppData\Local\Temp\VywQYUQE.bat
Filesize
4B

MD5
35e6e3f9160fa9a024d4ff821d399da8

SHA1
8cacc484f0ae2d6c346095f43fbeecfaa807f2a1

SHA256
519e78dd07e4780a60e060863af6aa4a2eaea16f6de4e665f5cd68afa6518ff3

SHA512
6f5972e199187213b3d1b3953f008295887a7ad29c1ab79ac5edfa8b7dab7b6c6df328ce3e701f6c32a04dca3e10ee6dcfb25e6cc107d124fe816508d353f710

Download Submit
C:\Users\Admin\AppData\Local\Temp\WCEUYIAw.bat
Filesize
4B

MD5
c4b82a57d1d0a08a17c1e3f8f09bfc3f

SHA1
bf6474f2b2a42e7497138000579ab2697bd17773

SHA256
b55d9623300e036056972daad986106c8b4fd469edd768696322e7ca37d020aa

SHA512
360f5fe621445f0ab6e00719b092efb7ccfe44b1008be79e4d7d4df89ee8182475f47065b032e7ad47ccb3cd4b831389f35016ecfba8ecad7fd86df834e364de

Download Submit
C:\Users\Admin\AppData\Local\Temp\WEMi.exe
Filesize
215KB

MD5
272e7441110e914d0df122d4f2be86cc

SHA1
66d90b60bf19e234cff5d7940e1cc3720fe32e15

SHA256
29861e359763a63862ca759b8a0299849afdfb7bf70b6395697a4b544df2242c

SHA512
bd0058dc4c6a5ac09a3192def2403f80cb7bcb4cee2c7b78a5be66c3b65481ce7d36355689c80e682b81b72de5c6c186c4da30b31c036a35f3c0bd125b4c2138

Download Submit
C:\Users\Admin\AppData\Local\Temp\WEMw.exe
Filesize
232KB

MD5
32b9e5db39510036d90f3d888473fe69

SHA1
c36183a13e522caf2a74c4f3fa4eb048ea22d20f

SHA256
d5fe91329b08d8b2b7c7b7f9ff16147d55ba9e94dbc4b2a42618cb59bae859e3

SHA512
21088120824982b2371fefaa89ca3b452c7bef20ce236b18a0e4e68625014b4f4d6174a7ebfb558049edf0c23f40f1dd7c785b890a6875181a89a1488b61599a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WIEMswAU.bat
Filesize
4B

MD5
8880a5a90db5acf45ce348344c267424

SHA1
987e8c300c46175f12b28cdc6b1d3fa79b629b4e

SHA256
76eb9a53e6481a283c6500e722b3a479e89977feb4c621122cde0e88cc4ccb9f

SHA512
049e2bd0d880d1613c946974a347d52fbd76cb195b7000aa840f4f69af69ca498dae3050822250ff5cc4ceb35b8e246b17f46e18cd735c779a43f02ed2337374

Download Submit
C:\Users\Admin\AppData\Local\Temp\WMYg.exe
Filesize
317KB

MD5
2463d1092b596bc523ecdf4d2195acc5

SHA1
8a76fa7b2e3aeae638703ef4dc33b39e3567f775

SHA256
e75ec40318c9288b45d8466a6241299ca5c0f956b649ab4b6288f6a64d9b9be2

SHA512
674dd958f678627a8dde6a10f1df890c65f4fec26c2af308bf617e3c7373df4d97c16a81bd0bedaac082772ad043ff23e8adf16068ed52e807e52c6f473128e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\WUUW.exe
Filesize
907KB

MD5
a7e80f8339628ae2b5f1385c87dfaf17

SHA1
e4832c6e7dde0fc749f4c74affb724dddac1a201

SHA256
31635652feadaa572ada12ac58af1290572a721bc8033c41d58b96b5b4da8868

SHA512
ab4501edc80a01828f45c93f02ed6c63eec7318a1402fb4740c3635d57776d36059dab5a070df3c376abf46ca47ca81b3b6d4a62b394858f13a7f8f25c5698a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\WWkIsIcA.bat
Filesize
4B

MD5
53dd657e9572e9acfb76441264477a74

SHA1
2af1e791bbb3f09f55be52cf3c15789bfd0e0d7e

SHA256
b3da9529e63355b1ceff0ba99ac6921ab93ad27fbc0992762b8204f8c2296457

SHA512
2874bad46100c57cebda30ede96f91660a15da72f16b105deea5066c6e5bbb138178db68a46a770c86784357224f603e03c05badfe4697f6ce03288b52b13162

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wcsy.exe
Filesize
651KB

MD5
bfe7deb6c2f5cfd73cd8b5ae54415b43

SHA1
88fa1703db016808ebcee484f7147bdc9c96e2bf

SHA256
200d5e083227c0ee244052ab1a0520c8e1b9393dfcba83b30c3e21f48dc5e359

SHA512
a9325fe7719d0b3e5c822965672415233cfa0ed7775c2dd57dd8da4f467d05ddc81be26a3bb85e318e93b1c1a5226d263f57d0618ce44a38368f72fcbc27f3e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\WgAe.exe
Filesize
242KB

MD5
a7ce64f55fa9e384c7b3c03205236734

SHA1
88c91f89bda4892e760e894cbf56c152b08779d3

SHA256
d78a23bbed2dae753d22e0326deba96c3e84e55e47d9e7b7062c5db989e67230

SHA512
f6085644e8c4d03855704d681e5af1132112d08674dfb07782913068ad40b7d0e9cd00a3911cdcae8404aea35aa2ae6025f21bf18aa1a027d995504f9be30bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\WgcQsUEM.bat
Filesize
4B

MD5
3d733cd1b1a40388fc2e6d95710ab5ab

SHA1
42d306f9818d6aeb5d448015372ec810cc39d729

SHA256
e076625c3e16556ca6add90e071d56a37ad103902db256f0cf0bf97305671287

SHA512
907ce56a43b43f8e01ff941503b7109324fa2453aea98e2e900fa95201bc6bd7c2fb028b410a3a01014c5afb9c66cab26caba0ed851510c23125502c672f5db4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WoMS.exe
Filesize
786KB

MD5
7a69e4216fc80ac2a8d4e90511b4230f

SHA1
d4161035df15f7d197b766705966ea511a819ba1

SHA256
4a8cc7cc2d1110376d8231f6314deaa03d7a8eb709d78db386542850935cddfc

SHA512
7c1dce8633bf958867ff7f6b50b5e4b55ed3cc78fe55b3ae002e1488657d2500c92ba55a2d991ad5a18eef545753823284de1e9d746f00ed4d625867b6febba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\WqkEAIUY.bat
Filesize
4B

MD5
1270bba04d3d58afb775d1366550a4e1

SHA1
56b77c6f73d2cda30a228d9e0c874e0281033867

SHA256
22a3aa2055d8134e1ecb4465de374a1e75da95bc15dcc25a87ab299fcdcb505c

SHA512
b8d294e24a78eaff22ab0ef19173d054a8161315e63532a59e17f39a91bd63c86a9306ab66ef6ab2b2cb87b2c8edca8227c066994a533a2a4892fda1ec1bbf86

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWcUogEU.bat
Filesize
4B

MD5
a62f4746003c2e18ed060e4f63043b89

SHA1
dc475d263063dd58bdd666633e60f4ad5fa9f67d

SHA256
ce8e724aea18b292feb8413b7e287b92e8934443d37a824878c9fcf12368f452

SHA512
19b5d109cded7c99d807d9979d5d6362a42a4d2b3470d5a0028e00adcdb840d6113619a66c8ad2b14db40d2bebc799ce48a29cbe5560b238ef038fbee6a25e70

Download Submit
C:\Users\Admin\AppData\Local\Temp\YAUU.exe
Filesize
249KB

MD5
ddeb26c9b69ba4ca612f5785b9ba2099

SHA1
ec6384ad58ef669b745f2d1105ba94fa5551832c

SHA256
3d10b591657a0f6636ae8aa605ee29b64b05157e7ad28cc5379f5edf947cd8c4

SHA512
22c6fa33f418190de9200f14d250939de922fd03f8a8b9f2a2973c96d8896909e2cfd0e7c5fd499bdfd37fe299b9aeb87abbf40171d7fe2e11c2451487a4ac3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\YIMw.exe
Filesize
233KB

MD5
f776d9a58803122981f851f1319b8de0

SHA1
fe7b9949bad6b1c756ad202d8896186c5e5d3d57

SHA256
97651f72ee5023032ca56f51e99ae2501659d96ff43a97d217550c64952a1852

SHA512
6b28d3e3eb9975a1b22bbf92d729f22d8b8fbfbec43ace7409d718bf2b269130b8e27fb54181adc4a1068017de1d414f8ded39d92bb0f5ee396f734700956340

Download Submit
C:\Users\Admin\AppData\Local\Temp\YIse.exe
Filesize
232KB

MD5
1b1abc2f1f9d0915e7b32c23356815f0

SHA1
d8298eb52e067d71f4524c683c481506508e6588

SHA256
a1db4f7004d2ef5141205145d0200f95462c6ac4742ad28f241041d2ab6d6c61

SHA512
d30e84509805699dab6167d9f7caa041613f4b2de6e381cfde5adbedacb132ac56324988499bce1209766481b7a8b35272963dd5d19806aaede238bd8380a850

Download Submit
C:\Users\Admin\AppData\Local\Temp\YMse.exe
Filesize
252KB

MD5
257aadc10ea1dadc9edeec50393aec1d

SHA1
6f3f17e6ea24a48e2d5326a246be745cd4f64cd4

SHA256
de06be1b6bd985da9d8397c1d0c32b77b08092d97b8f37c9df398032aa46305e

SHA512
a1126dd645c0b822fec6409e3bdcafdc961923511be13898697dd9283005d79abaed8dcb92f758c2fa27ebf419e7b48c344ca82947dc2911f46bcf9b035272f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\YMwO.exe
Filesize
233KB

MD5
83254980e1ed80d759cc822163598370

SHA1
a5d218f072a9d29cd918b097d4e026c862b922cf

SHA256
821ca55618dc89b1d7c31e39624b9260ff3912d6463688c7ef5fcb4ac1474352

SHA512
4c1258061579c0a62fddb9c79defa978925e0704ed8fe855958c481494ba90a4773ae1eb0b19c62443f57fce4091ba390c2a6b7a7525d13e3df43b5009989477

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ycco.exe
Filesize
229KB

MD5
06be545da1f32f8dcc0c494529ca8435

SHA1
bf66e7b708f397ad0510b166ca45781d7fc103ef

SHA256
643ca2f0052b02c39e9390108a813ff2ef173f2c9dc4cd7a2ae8a7fedf923724

SHA512
6d0651a8e508ea67bb3f4e3048c4ad9754522f194e8a101f59d49db61ba220716a26ab7cb6e8425f49cb273a63a229c92185f47b6f198eebe5199dffd2aaec8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\YgEW.exe
Filesize
815KB

MD5
aed78af4c6b30a597ff62684754e1a47

SHA1
d1aafd3b9fb01ff39c54e306a1d47b7ba2c61682

SHA256
c39366aed020c7360711cc164c4377072a1b776f8998de9607479c10df07884f

SHA512
4ebe49afb7c84200b4ec2860a58613f6f3bc9c764b3a42c7f651c1e120e8b35366416a2f123e874a7a606c35d173cf7b5b48514d88bda499377330402d269cbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\YgIK.exe
Filesize
1.5MB

MD5
31bdbb213a25ab745e096cc81ba6371f

SHA1
2e9ab576153736a444a080f5e9cee82bd581c58f

SHA256
8d508cddcd7f74d71cdd30a087c32ffaa94faeecb1cad71766f42c50729e4a60

SHA512
fa66729bd7ec64f6c7f994901cfe9cc3744d8709723d1cb0856a501cb2eb58ec736f1d36b3d4589567679de56c0280d7a3c18d7e0ef89307ecd2fe3d8101f2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\YocK.exe
Filesize
796KB

MD5
1c02f416907bd896d3fc7ad5fe705a9c

SHA1
a857f188e65841b0fb1d26bd4b1f25340b390ca9

SHA256
8f6f8d6a73a8f7c2d44aac75d60ae68b8eac3d7892e4dddecb0bf72787d8195f

SHA512
322503bab6ebc52ae619df2c038c3c2020b90cd012f19536cc1d96da5d2c2f63506d2eb8e0677242c9a06f4e7f05dc3040e12b5c48e1201b7a7e8d29c493da58

Download Submit
C:\Users\Admin\AppData\Local\Temp\YuowMcAY.bat
Filesize
4B

MD5
c815e46f16946cc0778992e6203bcd78

SHA1
1907e1a869d15fa8296979595eafb2b80cc8674c

SHA256
093209e8e204af0fcf2f2a539b8ed8f9665ba5366528452d391621af6b48841f

SHA512
2221bde46cdc4a0b3ebd9235ad7ccbb189f80c9e2a9ca0e7d75aac2ee34a4c7732a3e7ddadb1b2e07155a04a99d0bf92b15032e8cb2cd9424f7bae006879e74e

Download Submit
C:\Users\Admin\AppData\Local\Temp\YwQE.exe
Filesize
184KB

MD5
2e8c5ae48a10176a8dc93985859aca63

SHA1
91fb744cf07dc435d47a577b45d372abda8a34d9

SHA256
fdb78c9df8423ceb518c86369e1436b18494c08636dcc01abc4dad6ca89a274f

SHA512
d26cb692813baca2850054631a96c80831b5413265627e8165ea9a02e85ea0cb20573f3405b7ba1f05a25b0d795ccabbba77c196d0dc4eef5ed504bc6af92240

Download Submit
C:\Users\Admin\AppData\Local\Temp\YyoIIIcU.bat
Filesize
4B

MD5
a8425106aec9aed21f72ae408b369f3e

SHA1
f97c514bdecbd27b17842f0392c7bd84bf80005c

SHA256
51ed04dbe3e7a5fa96763715e75e7b554b694c80b3cc6fe51691e233169cdb71

SHA512
9702a62be365cba13528677bffe1befe69b77be69d6217d07e1a6001e0a144ad7052c99223d4d2b172976a0d90804571dbc89a25259c975379856a03f222a003

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZWwAkwgA.bat
Filesize
4B

MD5
64d17b324feb8a09a48ae6c01eb06df1

SHA1
788f8045f653cf72f8840bc1beb2754f9da73d7f

SHA256
438a9d884f0218ece90d8611b6d7b8d5c40f452aaf811bcc407c5491d56789fd

SHA512
349a9b92e10b575c693585e64099ba8b5edbe3986b2b863200f6aee226d24f18ae4619faefe62496713586e9241d1541723a21fa1a643e8ae5daf6ff77337ec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZeUYEQwA.bat
Filesize
4B

MD5
8b8d49959600630e31d3afbbd2d953c9

SHA1
41208e27cf2771a92a7c151d5a32a42f5ae4e077

SHA256
c7c92d179b229a4354c9d489039cf8c4c8151bf1068efd92cd0a77a743575e8e

SHA512
d7d09fe719c292b42fa044ef6505afcf9322b5fb0be24ad73cde9e0d4d14a239184a6cb6bcf0555a5aa206333ceff3f8e332a9b2d0f69ede0e5270292a4aecbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZyUsYwgg.bat
Filesize
4B

MD5
ab08ed25e23fb46b5d258254737b59df

SHA1
c00584a5ea60803a5d036956d68df2bce1444227

SHA256
c5af3d9a6fdea6bcb0aae18ecf82f0ce8280a8e1d6f5e0dcd58970301a807a3c

SHA512
d100de2459219a06ec2283cc280fe2588bafe9d978bb1cc98bb69a481511221e7b7a733402385e8503f46dc51bfd1dcaf957a93e1db8e3402af140aa9a30b5c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\aIwk.exe
Filesize
232KB

MD5
2023bde23b719f9d8a415f277e6d8ee2

SHA1
fbcd749b95ad1dd16c6010d77d0ecfb777103818

SHA256
ba6e9b4d26f68dee97b1c1c435b601fa9605c4189498426d2e89943eea978a37

SHA512
8337a6a672521f0e777436af62b5e40decaa55cf21f875855d577889eb74662b4555f0c4608ab1d1d93640e9b2b708d2f375967ee75df93e9f9779b564372407

Download Submit
C:\Users\Admin\AppData\Local\Temp\aQAo.exe
Filesize
230KB

MD5
d19ace71b919189b9e8cb7b7063b8b4f

SHA1
b23aea1a370858a9faa0d1edd0e87e11c7e8c2a5

SHA256
1a7160b07f5b8f2dc21a074f3149c48302fed60d8ae23573e9a80e8faf0eaf69

SHA512
62530ce535a69934e641ccd46cfc1509962714c52bfabc63674d2501a623311a1cc91fe8ec1a1c47525836a661340af654afc725b039ebfa0e128b825c363a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\aawckIAc.bat
Filesize
4B

MD5
a46c8dfd04232e5701fafb5256f9b765

SHA1
357200920c3114e1e5c16e2e6298a2a2b54c434b

SHA256
319b61c31edea79e3922c0b0d3ef8b47880083228c255051224bc3317c016542

SHA512
99a0e1543e98fee5d2728a0ee5dacf03cc2f0df2d87f9421c9dc6b5d69fb923b3dd4f7ba1addbf09cdeb0ff3096696c4c3da26dea3eb48fc3736877c1ca95d5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\aiEQcgMo.bat
Filesize
4B

MD5
8a4e8ef27f236bb51bff27af7dae3455

SHA1
e269c97aefc27c444b8ef5d7fc3dbb341a5cd509

SHA256
a9f1049048bdb18091f588886a461af22109d40d0322fd313a850b2c21b5bfd8

SHA512
143732c12a92747d8609578895c3f1bce0ed28993dc0de807038fad2f52dc5327c1d2fbe2dca4ad242753dac23d5879ae4b98db429e73cf35bc7ab28703a0ae4

Download Submit
C:\Users\Admin\AppData\Local\Temp\aoQa.exe
Filesize
239KB

MD5
2578b546336b6a61a43d72e6ea22531a

SHA1
1864208fd97f43b1018466ffb329cbf4349e95ef

SHA256
256f032e7657d1afa7c0d27a5f2315bfab2e3f13f6af89564f6fb6baf59e5de2

SHA512
fafb36e389f69f4a41282601d9adef0f8d358d31306a57d8413f9a2f2459adc3840ac8446a10a8fef27ad4801db0d16c2ab87de5f841f5f81a348139b8f4a1a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\awAW.exe
Filesize
231KB

MD5
ab326c06668017d728a1ea2a9b5d79b2

SHA1
9e0592427dcd877c657944509d5e17097a845fac

SHA256
2a850315e1d5a48029ebf771ce7915a49b6ef82217319db0dbf7c531cd15385d

SHA512
c98c50957cbd26c05310c731dc0f8eff6b0133da3925667006256b5a1ad90fb9c39cf944cd97459bced9ee9ac44d8042e328024fc5e0603961d1ee7d2b93b506

Download Submit
C:\Users\Admin\AppData\Local\Temp\awQa.exe
Filesize
198KB

MD5
d88b36994c9187111205368788eefca0

SHA1
9d2b7bcb62f039fc3f12f577babedd452350673f

SHA256
5c8dbd8f8ca0a349baccde54affb1ce0a57e0c61362ebfaf6d7c852c8b31906d

SHA512
84137985bf15cf478c1bb2af4cf4cbad16f594b60982c94629a045f19fef72b8ba30b6cd5e42bfe50ac2b6ddd17616f2a8ab642395834084341ad5e223b5ee97

Download Submit
C:\Users\Admin\AppData\Local\Temp\bAMsUgAY.bat
Filesize
4B

MD5
c8f6f469243d7fbe24b117a7b6b3534b

SHA1
00e51f7819a879d9e0b6eea7290288c68c07f565

SHA256
ca663342f7bf86ae862d3e5262c1d5be6ab2901112c677b60cdb2465b4d2e673

SHA512
2564589a82fdad185b2d5ae1532e674f6a8815e9d207bda394a0ec3a5867161695e0e96ca14c0c8288afadc94928e0b7e19560620738d12af203b887bfac13a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cQYE.exe
Filesize
357KB

MD5
9460cf2c7cf41dcdc7bbc39662b3705a

SHA1
113bb9524e77ef68f8159d0c3db481ca46764d23

SHA256
ade95add82e6a360d2689f2aef09b4e6bf3609c524744cc074fea8fba9d460d2

SHA512
268d00e2e3e442942c9aaeef53f7ea1e4a7cf30fc372016939fe8d373137afb2c61db185a1138fb0335b7ae9aa4474d5f385faaacbf31031249c81e5f5f63ca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cUoC.exe
Filesize
230KB

MD5
e2a7510652d2630f3226a367b25adcbb

SHA1
de4050c837c85fd635869a9d56f0305b8e0df78b

SHA256
1a96cad13b336fd64b5298f27cb61169fdc0259ad7f523b6e25c94e31463d53e

SHA512
1c7f8dfebc95a39acd04cdbf106e25666992b70207f9e2186cee04c9437356ab4c0832abb02e8b105398d9b287b719d4ec2871c5294d01878870feca66308bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\caEYYcwc.bat
Filesize
4B

MD5
2961f87c5cb839ac08d51f6192b522fa

SHA1
0711b1946619356e52f36a45f25a721c27d186d3

SHA256
634f223fdbafa0535bd825c1e14505b7186ee629194a56ba4880f1a1d0d47bcc

SHA512
ade26b8a938cfff1e3bb2c62bd7c559cfd2ab3cfb122b61d2206667f5b2d6148e0763bbda25a83c1c0d8aaca1d1812da3f924fa660eb8a4b60862a3359bc2fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\cgQK.exe
Filesize
461KB

MD5
897e67ec64eb3885ca8c6271e116aa54

SHA1
bb7581cdf63e1b5300f23ed570d47bce0e92b74e

SHA256
c047a66197375a757ba5104851ea37ecf057f88b1af7565075002952bd0373e1

SHA512
b4cf73f693fabfe093e7bfe279f4757ac73be38c3ab201cfd5b5a2cab6695285064703693f402c59415b1f7e4078112899a71730ba2180f9a9ec649ace1bf3a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cosC.exe
Filesize
235KB

MD5
2ebc69d37cb4bdceb65a21d271d0b836

SHA1
04c4496425f4e62b3f8dc2e4cee7c37dc03aebca

SHA256
f715e234bceaab217c9bc35463a113e7814a6f7addaf6703ce661fac7d161545

SHA512
58cf90a1b3f58344cd2f8aabdb7f7502ee07bb156714a463863e4665cd5143adfce476cf4b0ce65a845711d77a726ca5060be815f265e07dc6851aab44b97bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cwMe.exe
Filesize
233KB

MD5
885ed5b730624958ab24cc90bb37d531

SHA1
e91190e6b83f2c5b5bbaa56f20ef97a81ba2b56a

SHA256
76ad83076bb53097f647d502bc7fcd3273fdc97f98b0b98ad098c3f6a362b42e

SHA512
82a1d7b1b44099ca2b287e9b39e34051c6a941804c01715e48845f7e2e53a0fa0c6243110597cf3a3bd2a974b605f42def2c833193fffd90f9d971e28e3d3c01

Download Submit
C:\Users\Admin\AppData\Local\Temp\dkUkAYIg.bat
Filesize
4B

MD5
18aff37bb690e041aee01a996f93545d

SHA1
c9d06d0e9d6e8215350bf7e792c878cff85d7ddb

SHA256
91637d63e7c3aff87d55c741c0e0f6e56ff357412c158eec7827109e183c3cbc

SHA512
e93d59487f7b324ab3710d8642ad18d7b6799653b1ccc13d1e7ad787c877a27041fa212cc507e7f6d98f3cc0832c04c974e5344fc9e1d36c7ff1c1a6e2f8eb9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\eGsUgIEY.bat
Filesize
4B

MD5
927290cb8ac434d1c3b21d8ae8d0c605

SHA1
882e1e0e59d90ff399dc64aa23ccc635fa563478

SHA256
a12cb84a99b761ddaf6dc4a6f6e7a55ac61eb934c9772e103e7eaff1d10243a0

SHA512
1b758fcb3622cff211533c362af539a316b6f6471bcac42df242b94f1d8ef4a914f77733eb8bdf332d18ed3df2ef5646d1e6f7fd657d954741824e3ecb2b2717

Download Submit
C:\Users\Admin\AppData\Local\Temp\eIQi.exe
Filesize
243KB

MD5
1fa83ca0393d3eafab012a841c363ecf

SHA1
e0811796cdb858a6fe47fb2b68312696819257be

SHA256
000bf3ed888e9804e36c63c07f3e7a37ab327d915b8084718e2ae9fd2d0e72b0

SHA512
aadd0cbc822dc52723e4e7d0c86ea231cfd595c145c10ed70825eafc668c40bcbe675126201a77c8f770cdbf857662229ad3ed88df25573d857ebd287a8ffb48

Download Submit
C:\Users\Admin\AppData\Local\Temp\eQAm.exe
Filesize
234KB

MD5
e01f4e97f1cb1f27c2baaf5c8fff2cb2

SHA1
777490a5e0c444dbd1195d561572ee5dec53795a

SHA256
c65e7edb28dd95dbd3c7d15007e4065abecf6c39087d9406de57aeb01b11da8d

SHA512
a57af5d7045686c92a64bbaaefe4fe2253781cc9731d5df06d6d8d869cb8080ed52d7be3c9089a1ff671665f02e382b7db08c1bca26bd105de674c5f6006fde6

Download Submit
C:\Users\Admin\AppData\Local\Temp\eoUg.exe
Filesize
238KB

MD5
13ee94a65d51588b0bca9ff9bab53aee

SHA1
ad3b603ad6f38a246b3289d29b4c34b74d1e3380

SHA256
25f541a652d509b8f38ee582252058645c853056ad0da75f0560d7b77f2779c6

SHA512
15ed4e209bad58121daee1592b48acf0d755c0f3a54ba96acc6d2b8eb9fdbf42dca7fb8fdc054f0ce9ea5c5d3bef8b40421d52fc0ba4999e03d742a93b3c1520

Download Submit
C:\Users\Admin\AppData\Local\Temp\esIsQwUE.bat
Filesize
4B

MD5
75f88d512a5d2291a7f8fcfb3e91428e

SHA1
2cb4a0b202251b3aae2ee178d0b9bda23f3bcf9a

SHA256
6039a59d6171dd9d257130b75840ff2d905a8e80a1c98747ffab40a26c28ac02

SHA512
266b9bcf2977182305afebd9873a9287f5dc8b2bd5c3454809ca26b16a7f970646678d287ca08d2285920a0f65c3cd43018a3abed47bc92daaf1acc12cf571d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ewsu.exe
Filesize
946KB

MD5
1409e8cf8a37831b9873d4adc69febd0

SHA1
51ad94602ba9b9653691b284a289693650ad36da

SHA256
d18181889f368dfa8d1e9b74143a95c98d708c0972b6b317e4457ace0ac6fc84

SHA512
0a97a6fd21bd1e3d7666d8fa442da839cf4e906deb4d17a56d5f33719b1a174d113071a5c4241744e4ade3e9a76cd0f08342de7bf140b9bbd6d96508bc04c92b

Download Submit
C:\Users\Admin\AppData\Local\Temp\fGoIcwUY.bat
Filesize
4B

MD5
014820a7e94da12cd8e5e777f073a90d

SHA1
3d2dae8e8fd5d8629c1f4f498dfa2d29aa28510b

SHA256
6a7446626c312fcf775e962a04c2efd5a8129a0bf257010a597c54072556d8c5

SHA512
d0cfa992a3cfa36444255dd846c7a9c8b3d9c47191c6f951795f94e449e39bda6d996a44724878b31c65a2a07915463fae0b0ec700030faacb08be0260e260c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.vbs
Filesize
19B

MD5
4afb5c4527091738faf9cd4addf9d34e

SHA1
170ba9d866894c1b109b62649b1893eb90350459

SHA256
59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc

SHA512
16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\fkQAcMAA.bat
Filesize
4B

MD5
fcbe1faff9a3b1eb128bc96732e5fb41

SHA1
47bf0f15b9f4282e1454b23a2c9a26d8936253a7

SHA256
443d69b63eeb281747e242fb0f7ed2b2a33fe2bf408ef50d7f845f74e9ef21cf

SHA512
5e5f078bba5fef15df386863cdb6dcf025b59030e74dbc8f422b26a0d1eddee232efd2f7f8fec6d8013bf81f4bf900a26949115af1f340dc9f8ee774b4d4d08a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fqEAIUgY.bat
Filesize
4B

MD5
920fbe4e11fe43293b5d6704320b8a5b

SHA1
0335d57ee14b449134513a7dd2256a746da1e36b

SHA256
c4cb5e2744de33e028ec4a3801db57d106a77f9a6c32e85d25935d0117d913a6

SHA512
1d3dd3ce279aa7294161e20c1ce44a6d38ff033020770bbea1975fdb9f41fe8e633b86586a89116df668d9884b3dab1d30318a89326b190093d55e49a20afa09

Download Submit
C:\Users\Admin\AppData\Local\Temp\gEAG.exe
Filesize
194KB

MD5
2f1b775c372889bef61137741d41d191

SHA1
a9460464dc3b585a9a3343a43a997875eb02ac7b

SHA256
1afd7061fdb5e1b1dcb6d72b20cd7f017a9d2e40a248e5c8f09a9ec9f2ace17b

SHA512
ae25e9998264e614830aeb17d4ec2cbf9ef5eaeeefacfd0e19e96aae0ef3e0e90bdd96f05dfd517d953f349b50ec247be15124c5353be881659a599d40cde557

Download Submit
C:\Users\Admin\AppData\Local\Temp\gUEMEQMM.bat
Filesize
4B

MD5
e2771785e5f9a31726e7d81aa9a0f02f

SHA1
c274b010206c9b8da6e9dc562ea0c41b75a93faa

SHA256
56a1f7ecb52ed08a8a47afde6cdb9eec152d93f3b8a084bedcf1fe7d1478c4c9

SHA512
2fc3d622be4707e09363861a40d9218537b74c14e39036bb32bcb7514565e9d1f7152e4e474938db0c92566bc5a9c7c8a052fcbcce0a4c8c8d9848d0ed8f6675

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcEo.exe
Filesize
207KB

MD5
d44c62090bececc9e2d5918cf6842d6b

SHA1
b6b8f69b2cdee98124e63729de856fdfc7b3a8cd

SHA256
a2e625a6d1d27409edfed55b4004cd0717e1bd3f0ab57e51616c4ca7fa8e4cd8

SHA512
c736c6fca2b8c2e1c0c0da71b5d8795470bb9c16c52cb9fe9229d32cc272d26d96514653daa37714f1aabb68b2c7e58b5ddaf683a80cb29ebe12413b0e801b3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\gwEQAgAc.bat
Filesize
4B

MD5
98812bcf5883fa0230abbdce815a8afc

SHA1
2ee493dba369c00c55663b4860be714ea24aee21

SHA256
7f4920b6f30ccf04f23080cbdfdba40fbcf0a3b3fa2b10b6cb89c1b38c6b7132

SHA512
4f2cd2302623ce4c4fe9e7a486025b9dab550bca74c37c879527ff000d8be2d092033da5d8b5116602d1c2c541c7aa18718804a31e0ee338a4bd571d179a4fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\hUIAgwAU.bat
Filesize
4B

MD5
a8873d27e23d80ccdc6c0fe8b26a4055

SHA1
f928629fc6f4d11b8b6bf6ce3fa2be8435ee558c

SHA256
efd87653e0cc118e0a762d12c77d766064f899804f686faa24e256615ee9ba93

SHA512
c9ab3219a1fec44160ce6f48548ad90973fac1abf136399087a59944b65eecbb702dcf805bd9dff5209d789194cfb52aa40c21746fc167eb650367b77e10da7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\iIse.exe
Filesize
238KB

MD5
e6b64086cccbe8f6437031ef633d59eb

SHA1
4666d36492bb9485a3ae8b93c916b8533aca5c8a

SHA256
1461cc76467d1234e5916409cd33f25b563d0258725d2e9a1acaff4c9f77f8d6

SHA512
0f1dfa2b6fe77bb11f10add97600c4c191f21ef5c5ab46b056b793f1c0630d796bc8c17acd13f3b9fb1cc41912f337b76a07d932e2c22e3e43a459b384b881ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\iQIC.exe
Filesize
227KB

MD5
c4b66531dd0272caea70c9a2f26ef11a

SHA1
6b23e87652ad6a977eb53336ee80b7a3c8f77e72

SHA256
d9d96a951673c768ccd0009fdeffe7b87b40eec4ca55a97a4fe01245f28ea249

SHA512
00764ca4f4fea53c7fe20587df6cc11726eb07dc422683748d8e2f4dac32c8d2e8ce7cce8e03eece738706caec29fd4360105df87100846803bafb7780216e39

Download Submit
C:\Users\Admin\AppData\Local\Temp\iYEwQsEA.bat
Filesize
4B

MD5
f8575b190fdd5f0033151a125a555894

SHA1
827b1f4677b858d19ba60a5c69bd777458e409a6

SHA256
810cb55153c245b2d577aa3f84ec286bb447662f08a58b29dc4cb64d12c2a462

SHA512
e4537aca498249be19cb4de362e3693d8fb22167ae27dd95aad433de5404036c798dc5d9a7625e4ec960d9fdc0dcc59fad103405c3e5edd1e89a372f240fa858

Download Submit
C:\Users\Admin\AppData\Local\Temp\iogc.exe
Filesize
205KB

MD5
2797ffbaea3545936ef510991979f961

SHA1
af04091e7ef4bc03551a34087e5a0cf2ea8f34d0

SHA256
8b61fd3f4d35afadd093b129acc6fe648c23be8518927bfea5e0767e53c7aa07

SHA512
fae7c2eb88ff9ac5efe07af2a817efefbddfb9eefa29c9cac85d3b07f3a4dda64a4afc3b03a3b5c3be6d80104a7078c05ac0d22765a74f3d4d34afd374c8d9da

Download Submit
C:\Users\Admin\AppData\Local\Temp\isUy.exe
Filesize
239KB

MD5
be16c4e6172c21ff1139dbc7894cee17

SHA1
62b9e6facfa3779e5e64100332ff4bf471613ae9

SHA256
322da2b22b3267a20b999f2831d90c4de3f58f7dfc89079540900726a5fbae50

SHA512
e751b3f3009c830f5ead18950fd41d27991e0bdb006549e03de08a86b78d25292b09c75d6a329af815dfc1a75cf03ca496fde4cc4b735432f1942fdd8dcbdbc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\iwUwgMIc.bat
Filesize
4B

MD5
3c728e750078d31ee2ddacaa5ca7566f

SHA1
ab5ab7a67b46fdcf0b1ff1caf06205f8ce100bd9

SHA256
19048e1b8ecbb251a6dd0bf00b2f8e147bb271ee6fd72804729c4650cdc51d8e

SHA512
829ab4a161cca7582e5dcaed714cc472e8452b011f3b449b3e0375782fa271e4ff9f1b9556a3311333bb0e71ff1d2ea666e1c4628f644c28425c8bca65a2c6ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\jmAgoIoQ.bat
Filesize
4B

MD5
8ffb9f03bff25ae32eabd1a3cd954abd

SHA1
9dd4f4ba5822c4e7c326d6eca1858288aeab821f

SHA256
8225743b8ca71785003523ef0b006703962ca9d48f7576760a15e626cbb8b00c

SHA512
bac89d802f85efcdc7f032466c0c7a664d9537ed5a8a5828ed8643eaec23ff151942f76c4886bd4016ac052c23cf6b9801929bd413dabaef0cd5a2197ad6c191

Download Submit
C:\Users\Admin\AppData\Local\Temp\kEYIYoUE.bat
Filesize
4B

MD5
6564533e3290012682771a1cdf3668ed

SHA1
21675facaa229d6afab3b1073415725a8860e529

SHA256
0e0cd6b39394151334de827789ea9d17a35c00e3aa54f2eb67ef5f50f5df4ef8

SHA512
43be36590aa7b792f84f75eb2d74f29d4030770fd1ca1179c031f2a6ee3ad27748f227c5252784d2e9801e4c2832883d38b0c2d0fe23f4999835a4036e1378f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\kMIu.exe
Filesize
203KB

MD5
6893191b9c6253609dca5c5704d1eba0

SHA1
a51adb8335bea4b4c0c8bdb4f5cf48a3681cc4d1

SHA256
1739112ed519fa3738ab9133efe2fef80e8045fb559a75b77e7b664b123eba8e

SHA512
1b3f3fdf8d0048f0b6ea46cac03292372c992b06603a8bf6b59fad79ff1fbe6c9488ae215fa51770865e93940d5f9eb77d462dd94832ef95fee3d46b838d4536

Download Submit
C:\Users\Admin\AppData\Local\Temp\kMYE.exe
Filesize
1024KB

MD5
cb03f2371aec312b75aeef89a83d5aa2

SHA1
06922003a99305386e84a7cc8283815e224e4c7c

SHA256
e148d84b8e9919c139c3c2bb70175742bc569264048e41f91dd4f81db5b4e6f5

SHA512
d9c1ef08b6a7be383172fd4239c63c543e44bed2c3c684e17105989b4bae389279dd1bec552293acbb304343825c00fb485d51e6bd234da89408503c473a83f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\kYoG.ico
Filesize
4KB

MD5
47a169535b738bd50344df196735e258

SHA1
23b4c8041b83f0374554191d543fdce6890f4723

SHA256
ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf

SHA512
ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\kmcUkccA.bat
Filesize
4B

MD5
973544fb9166e71a3676b2fa7fd6bd25

SHA1
8a55e230332c4fab2c942c6afb2525de059ed850

SHA256
55c7a011ca63732ffad02bddd6a22b63c5703bf019f6ce3146c4e8673fa3e361

SHA512
902241f2a7ca6d2e857827a6b5d237d12fdc5965635c80949c489a11cea8dd2060ecf31ac65ee007868bf651b291b72357567cc4dae1f83101bb9a547b6aa78c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ksIk.exe
Filesize
1.2MB

MD5
e33c58c2058a218bca9565227b036d7f

SHA1
66b5a25b7e1bcfa6d6b3590ecfaf33f052d765ee

SHA256
9e190f36ac2ef1c8c88b68281d78050612483c6984a025e530a0079b73cd7233

SHA512
c57f7f1a92de17595de866a364f833026ecd916730614a8a755f5441595921053dbe9b311b1c9e10e5cc937842a3e93263132f72aa0226f64f26caf8094339ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\kwYS.exe
Filesize
242KB

MD5
183a873c49d0384caf05668ea2dbf818

SHA1
f981cde25975f8f258804e436a2582d031b47d87

SHA256
0164d160a0fc875985b8f6d63e7a5bcbd1f444c07810f4986ab1527896b95fa7

SHA512
21dd7bc5a24c65284b36b7d84e1c590b8e9bfb7692afc2d84f149c0451fad1500a5d08661891a27c1b1b22b032f3933effd63d7d151e6aff9f926cf55c64c0e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\kwoI.exe
Filesize
292KB

MD5
7e0f897f0fca585cc26a1204fca9b531

SHA1
b9b1412911e7ba5adeca0cd1bbf14e4971851192

SHA256
bb77c411c359c96b8a67fa222c4c1f9b3b325f0d7849e5b0ff094cb7bf66be46

SHA512
d397828e189fee1d86a9aadc20c64263f1ca6a298e69dfba6ffe7e1c57639b3b764996b57afda5f1d8fb9feec989169a1f26f37bb8aa8cfd9a9917a6b232b909

Download Submit
C:\Users\Admin\AppData\Local\Temp\lCkIYQkI.bat
Filesize
4B

MD5
28a6f7b131c4155bed730820f11d50ee

SHA1
af42a6088f3a37914a436602ff1ef5f8bd498905

SHA256
0ea830fb981198d9e5bdee76dc02223bcd5469668cdd1dc67e04f61d3496f466

SHA512
53f054c715252f69923c511c0395ff4bb331e6ac9705625a79cf16601096d1efc8d3214248fa05dda4230aa2cb448015e7555c68fdfe8c6092d8b0d4b41eff9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lcEMgYEM.bat
Filesize
4B

MD5
bbc08f9e214cb516df851f98f90c3744

SHA1
7fbe01b19d9f6c175d84ddfcb0837c0db3358c11

SHA256
97e4dc086023f6144c10dd9d47e91e54285a294a4c9742cc7ee6df67d1cae88f

SHA512
0bb1c6de1dc24eb8562f665612c6d50658aa979d0f5eb6bacd69ff746221a330db3c0a0c68101dbcf40e1ce404811fe5976826f0c30c5b2507809a22aa3648c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\lqcYooMU.bat
Filesize
4B

MD5
672ca47ba30f130d9f3717e258fdfc7e

SHA1
d3f010228e6dfc03f83c4d8fb555c918891b86fa

SHA256
16fa891de775c4322148610bbc79be4c2e6607197feaa8eaa85f123de6133f63

SHA512
0abcaebf84b4d480be7371342aee0623c2a2ceb7eea584145e406cbf0a6d734e3f78984f46009f9360c8b34d8ad3c60ecc30cbd7cbab700c4f9142a61efb994c

Download Submit
C:\Users\Admin\AppData\Local\Temp\mMwE.exe
Filesize
185KB

MD5
608c19d288eb83f9b162cbb3762b1c42

SHA1
508e0dd4f72c0f56406d426c74c4e912f025f53b

SHA256
c3c79e2fd16b8bdeb62c9941eaff5e0fc558affc371dcef95c94db655298f8dd

SHA512
5771798f8017dea117f0b818c82d0b682c39fded753a97d557adc196451cf2e7fdb82f0d77c41dc9f2745b4c2b3f652a6040ab158009d2660856949345951e51

Download Submit
C:\Users\Admin\AppData\Local\Temp\mUYQ.exe
Filesize
237KB

MD5
335f94a52d32be1c2ec365cd88a21bf0

SHA1
1d06ce445edfa33b292b0adcf150ab7ab12c7edd

SHA256
0d1b11d23dceb90bf45d76841015f09e196e58d86ee2b4a30cb389f291043e70

SHA512
5f439485e6807551b59249a724d1ffcc64ce3e189f1a53a44b60e85f0a8dbd6b93fa6493bd4c36b53e684aa58da1399f4e85f74ace7bc9128e30534bd63e64bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nKEgIUUA.bat
Filesize
4B

MD5
2de9508e15638d4d06ea6699ed5b50e3

SHA1
188aa2c07ee9449214e45038932f71d112c03a21

SHA256
49740c89eefadd3531987f69d39660e513fd94987783887df263f84e7ec96a39

SHA512
92c3327910ab4fdd96e5d929abc735bd94c339d4707604c3218ef1ad641747f4d1ba91eabec3f3722da36fd147795faadea2682fd94b8e870fc1fe40814652f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nQgskgsY.bat
Filesize
4B

MD5
b00e68139b94cd991629c410081f3ab1

SHA1
872bbea69f798f6015c09063e2c42f6abc792630

SHA256
1d7044eea7b0471b65f730f6daa957e9f1c536c3c5afd60a771c4917efe553ba

SHA512
bb3f5e5abe00ff2f220e3e8c43e4666d074bd026f5b531774a0baad986f744fa9004f9ffc46c1a4516bf74804c6d32f17e7fa76b246ae9a6eb1181db37aa81d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\oEwu.exe
Filesize
434KB

MD5
737c8c744e7d56f906e3f81fda959f89

SHA1
7fd521c6f334ed4d695e33462a7c2868a303f76f

SHA256
ca7fae0878d76dec82cd1a006040d37f23710ecc3f3604c17b7056db53ce0b91

SHA512
31a65f3f544a15ebd467bf2e90dfc16ee85dbbba46382071d7681efb8452ecc180faf9f547046b1a4339e1f06a48a0461c26d9f0e695e22eee5894620779fe94

Download Submit
C:\Users\Admin\AppData\Local\Temp\oIom.exe
Filesize
234KB

MD5
2c48302356032f2846ce88c7de26125d

SHA1
68e3854f03fe5285159599e63003d10c97d063fc

SHA256
f113faedc8aafb194e099f09524f7c7f0a98cee7b2d5cbc918e7e05087ff733b

SHA512
3804974b7d144bcef6688460fff7b912bd0e0e29ba05458a1bbea9c4874ffa6963e5a6a6e23c5c1fe378496dbcc9413de36d522555420ef5759abdde3e9a3897

Download Submit
C:\Users\Admin\AppData\Local\Temp\oMMk.exe
Filesize
239KB

MD5
312ea47db5aeb9d597be6ee432b72177

SHA1
ba2781cf79fd36cdacef96ff789e54977ad40705

SHA256
66dc2a13c010266dfd2d8293b8264539f9b6a9395f1fd977d7e34c1b7465100e

SHA512
38540be7af34841324ca4b84c84ec1980468efd7b738733cd336d9cfd44e6e1881d44c492d0013e9be991bdb2a62d5db68422dbf21c69ba326ed539554d3fb9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\oOgYMQkI.bat
Filesize
4B

MD5
b0b2fab1e33eecd5723fac278d9e1158

SHA1
c9817bd44b802bb1cf719983b41308cddcd7a5c1

SHA256
c9e5b5f4955a2d8391e3d9de66b9fbb2bec4fb68788766dca010d7d178ca1d0e

SHA512
caefd04a692d43cb77bd4eff7c5b65554bd506f39a218930796ea70f1357ca333a12f5b53b358bf83d3f8c48ddea59d56d40b94545dd09f799d91fad03265b45

Download Submit
C:\Users\Admin\AppData\Local\Temp\oewwkwoM.bat
Filesize
4B

MD5
f2ef87547a3993032da432003e7c7c9c

SHA1
e33d647234e61dde005c22e49ba05b6648da9427

SHA256
aecaa2f8799d91e57c5489293d945e605db8ae847cb1b2da428ed1fcd092705c

SHA512
c8f6e8c12a7de0943652b4f070f38b8f3b79ddfdbd1c239222df27cb818cfeca040b2c0e639583f45013066842f288c12c1c7187ecd5b510701651ac0bfaa54c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ogsq.exe
Filesize
203KB

MD5
f2e9b9878b9da4ac5281c20fb8ece7c9

SHA1
649c89f025c1d21e9bb706e37072d5e68f3c03e0

SHA256
20c76e2540d184eec965208a48b787c3d2c4f6e926ddab0a92e3bbd485243e2e

SHA512
9b6873f3ed42b22161b4750102e900f65d6ea7d773e3dcce5e46f5523aeff11bc7a99d5679971c7488c351832b65ffbb9786536f9ca6de50875c348f46816462

Download Submit
C:\Users\Admin\AppData\Local\Temp\ooUoMooE.bat
Filesize
4B

MD5
63f8f8da91196bb4d0ef59f8726f4431

SHA1
861d2568df5a05ca2c79ae9958cbda85e8c4bd84

SHA256
4e5551dedb56d6bde204597c8540cc888f2f89213d11c8124cdffceb7d4c7f15

SHA512
be1baff2852580c36417b751e33742ffa43cf5fdb41301da4e42538e63f26184f8642662149c9fdefd94c37f7a3b88981ec9d41bfa50c4068ab5f7d960a5f087

Download Submit
C:\Users\Admin\AppData\Local\Temp\pAgQcUMU.bat
Filesize
4B

MD5
311e5e05bfafc22ec51a0f3a12914552

SHA1
7d7bff7bfd1e03513b7e285ff6a990e481bb1726

SHA256
a2562eab5edd95d74a26ec8bc6e6458de04495162b68b8acbee0723d81ab6901

SHA512
7bf665fe9ca3c15d5d7b75730fd529d511434961622b7993f97f701490c04f24190f68467be060171a803b6b5361dcf99c659b5bc5c2f775e8083b986b960ac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\pKwcoAoE.bat
Filesize
4B

MD5
9d116c165c44e9b34cb1e4b423e54b7b

SHA1
4e2797a66bd2477682f6bce314ea74d33669165b

SHA256
150c57a9364c9e1811d9048e4eff27f7531b65a75d2121e2c0bc9f144f016e09

SHA512
acf34c8cc39a8c51c236570affe1e4b4f5f9fe9f5133a6dfd6f2149f14e637f4640035fed6f0eda31c68b0cfdc412d687598cc1c88ecef64e1a4dab4eb1a19f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUEwUsck.bat
Filesize
4B

MD5
2678c3db6bf7b60ce84cc87b16e4ae09

SHA1
cdc05b7036dd0cbb59ec4e1b954aad7bc214ca29

SHA256
3b40659c064a3df1a267020a29bfd4481f49a0a3c6a3af5dae4119c809d92e57

SHA512
3c3bae6a87454a391e5d53c5b103f9f2c81b79fe870efdb0fb81599aa5b9f8758bf3f26134b4239934af1dbff25c3da46b9fc437d9623c276b06dc18192b0f35

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkQAYcIw.bat
Filesize
4B

MD5
e9ff7871b1fcfc0f7805e5f7ef7a7e4c

SHA1
cfe3c3fea89ff7f77524355b78869c2beaa2fecf

SHA256
55751ec69028ab23b9ee2f7848b6aa9b901e896626fdeb4692c68e9f29c105db

SHA512
cb2e24bf1c3a30fe28e99ef28f6cd328a60cbb7a985826562de6e7f41753c1227e7827f91b86db40604d994f909c23bba5d8e6d8df61542265f77ed6b57caf48

Download Submit
C:\Users\Admin\AppData\Local\Temp\qEkkwYcE.bat
Filesize
4B

MD5
cb3518edd060cf6c341e33149a5ccb11

SHA1
4788ece30c21e80ecec8aeddf9f56aecfe58d8c3

SHA256
13c84dbda16cd50047ee7c8f0e16cdec8461faa2f233d9939976b3057142c62a

SHA512
d371f5ffc192dc30c3b8b2f26801312a6e4c4bab7e25c55a8007ba28adae55dadbb480b3a467a49a7f49ed7eca2fb936d6f2caad302814b937a2317d88aa58f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\qIYq.exe
Filesize
358KB

MD5
86114004229fa2f00de2221f56abce3e

SHA1
88d853d435b3e9aca3203f198a1cd218a6b37a32

SHA256
f4175dbf10c49f2409c256e2b00a9c4d165acd80710c8417643a0041f73965d3

SHA512
c0e286865f304befd7ff5d4ed593430df5dd8f4e427a660c8055bedd33539ef6d302b4773088daa8a268876d523bf5a085ed669491fc9e477c78a1267966e97a

Download Submit
C:\Users\Admin\AppData\Local\Temp\qIkC.exe
Filesize
233KB

MD5
243e723406d687c586f61cea7603371e

SHA1
c468fd7b45c7fd68a68190aa452fc58ad78a5a94

SHA256
ea99c551983081ad56c3c7abb23c9807d1d1bbf6958ebaa0992d0aa5e7822523

SHA512
23696652dcd6afbf127cc9bc09352ad80ed0f45197a3e6995f000321d391f870feaaee151fa83f8cb3cc3f1ee5a6d7870a16091b1101043954657bbc2d2d7c64

Download Submit
C:\Users\Admin\AppData\Local\Temp\qIwG.exe
Filesize
1.0MB

MD5
973ead89e6750b4cf263e67a99baa6f6

SHA1
d63b8a2396f9049e67364e9d83437de3c75d9861

SHA256
54b77d6037290b1d7e367892f2f11bf719779250d6a05d7739c7a7c822f41a1f

SHA512
ea6db1710533ec8dd0b145b380f4ef984d2534d0d718a3011e58ca902a457e6cd760ea42c665ab93b09419c3ec1177e4481f3673220ff5efa53b7249feb01a90

Download Submit
C:\Users\Admin\AppData\Local\Temp\qSMkEsUs.bat
Filesize
4B

MD5
090fbc00d68495ec94e3649d73d659ac

SHA1
3471e2679214bade27c7529013722a1314a60736

SHA256
221c7ba40f84880767aa6c1cf8584ab5668799066076c30160671abbb598ef21

SHA512
f13d70fd0545b0caa91c53c1ad6cbc4072ce81a837e8a41329ed8d07e3aa6ff401fcb1c511807f65eb07a083d876d07acc429ebd077d534126d21ee18f14b433

Download Submit
C:\Users\Admin\AppData\Local\Temp\qSYMsIYs.bat
Filesize
4B

MD5
df3e5383e4e92239b23074b4caf74852

SHA1
5b6a9f7689b3fc6d4c4f128d42ca34d055ac2b86

SHA256
9d14f863736e31f91229cd01d8d56cb453314d239fa7b1f8b819d289f9064251

SHA512
67b316e7e59f6e300d88210c8f76bca9511a32573ee546bc116b41029ec0ff5e2168dc59d4f4d4bb884d59787ea4db2228cfd9607b9474c1d484b15e5016fac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\qUAI.exe
Filesize
643KB

MD5
ebe9b8504d4058154ad998c853526900

SHA1
45018e947ca85a4f47a135c50360e87891b455a2

SHA256
b66b92b86c5381deda5ba983b975b3b8c1d408cbb8049c80235ef5ebd3124b93

SHA512
2ebe60bac1606d2ab5a1e5c6e1a54822d266e51276406b244a6f3fe678f35f086a0df981f257eadd0e2f4e532446194f6a79c4064ae3af77794d16e991a8ec8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\qUsW.exe
Filesize
430KB

MD5
8100c20e2201792a32de48078874f79c

SHA1
8e6bb3ee71347d5cd5454464efb94be561189a20

SHA256
65b611c293e570d6f1ffa0aa6270c8c9ce6f75c0d4b57b6bc2e1f1cc31d46981

SHA512
8fc94a6e48c6a2cbb75fa864ea1d07452d5964e9f528b85039be0a3b501d01e67af16e98e631fa3a0d2dd07f51f92920e8a1edbd95f27e28799a70a7916ff23f

Download Submit
C:\Users\Admin\AppData\Local\Temp\qgos.exe
Filesize
240KB

MD5
19b8c8e429c9008dc59a89ae4c36f0f4

SHA1
fdc1b7703eff0be8dde3d6b58b618d6bc45d6c42

SHA256
b94eb05c6541df9c7084d5852695b8ad193f0bf96ea3215b519f75a29b167c50

SHA512
1596edf61929b9ebf1ef454521bf03092283d758760eb899b31eab178f1df7660e8bb7f710f04282f07f8f5b5120726b18d2f3f0f30583a254da1ec6268e752d

Download Submit
C:\Users\Admin\AppData\Local\Temp\qiIoUcEI.bat
Filesize
4B

MD5
24df1527563e4141454c6d22320922ce

SHA1
1b1bfae6f390c1fad9c3f77658a9759659305e77

SHA256
8167c124919dbffa8bd6cf28385c9cc601c8ebca02c41fc6160c4679d5865c14

SHA512
60c9ddf1b4006fc8010305e5298c504324b0d754ee67a67c387f23b61cb987ee1e1a0e785feccb947fa285ff55438056035e76d0742d32f8cd3e954a2502695c

Download Submit
C:\Users\Admin\AppData\Local\Temp\quUgEkos.bat
Filesize
4B

MD5
d940bfd563dc35bd906e83f4c2da0c28

SHA1
586e1a45cee4d581c1ceca1b737e3171c7ce358d

SHA256
b51e420a172ac4f331582fd753c7633e0bae3f11397bf13d808bd4232cc9220b

SHA512
f1d0fbeecffe50d61d9a619f9039d2e6f90b58c84bd7285e0d3c683cae01621908dec1ddbae223ad731e273cb43f339bddd9a04b544f33e277222b9ddaf3fcf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\rCccgwws.bat
Filesize
4B

MD5
30de0cd37e1b18a9e962897a21525b4f

SHA1
b3851c77d91339d4e43219a0f094bc38d69aa348

SHA256
364d13177f9c61d92150e48aaba81fcb854c4f8d3da789d576d7854e8d99fe92

SHA512
665353640d50dd722f0b85743e945713ae267c1eaededf208be203b2989094b90fb00f9c6ed10c6f8cad528531fa042714c2777f1fa8bdba86c52ab8c54fd8a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\rUMgcYoc.bat
Filesize
4B

MD5
2d67c252f2d3b1881ff8908197931cc2

SHA1
66de328834e248cdb34ca8ccfe9e1adfac520f34

SHA256
60cb68f35c591eaca6e2689bbb230ed289bbe06faf5935b56a6f2be12c5842bd

SHA512
46fb763e46115ce6e5bd3a0fd9f5abcb069da8100e498bb19b92d646297a065baf245313067a8028bb20b540b104031c755d010106089303bca770002dbc5a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\rgkQUccI.bat
Filesize
4B

MD5
fcd45cd1a01a89ab277359bdf242c5c3

SHA1
e4da9cea6f07cd07908b88af5c75865658224eca

SHA256
8397f78f575b1cf965764f84c6bfb9ffdd0ffed7106fcd7e744268fc3ad49243

SHA512
010f319e6033cd8f50a263c85d8667077bf9037ffdd2902399b5e38c111f1e0eacca4ce59aaa222cccb87f1b8a006587ce1f919f68624b0b1bf14bbda8acaadd

Download Submit
C:\Users\Admin\AppData\Local\Temp\rugYEEYg.bat
Filesize
4B

MD5
3c4681cf77f43749fe9e1df4b61429aa

SHA1
1bbe1a6159ccf040a7ec62a41c2b963df185d6c3

SHA256
c2ef0f6128d261a09374edade5f44dcec2590b032d89f88be24c910b59c17cf5

SHA512
8eb4ae202f3c081e60d1a4103054c2c131658603f0977c3a2c154be46f96bf78aab619dff3705e111716c4fa7671666ddee462d20edb262587833374b12522f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\rwoUYMUo.bat
Filesize
4B

MD5
7ad676609499000aa9e42fbcfeb82996

SHA1
cddb193d19cb7f5ff73d5624d6656eda56abc928

SHA256
f1a49319a4841322d5643cdcd89cab6240fba0d0f2512433516a9a0db424311b

SHA512
f73e57c4051c3994d64d1d15e440fe7f7571dd0d323509eab69646f5a220c9bcfaefa7a8fbba7538b2081c1713c04acd7f95b282581adaa68bd1bf5bad792828

Download Submit
C:\Users\Admin\AppData\Local\Temp\sAUA.exe
Filesize
538KB

MD5
4eb2af11a52c392cab25f25ddaf1155f

SHA1
59fd9d07b2b183eccad1bc4cccc27cb1277bfbdd

SHA256
645a857a38b2f67fa75a1a363bd67de9fe729868a947eb082c0ff9873b432207

SHA512
c7b93672762fb40aacd0569139c13feab7a2a3ceba09a9e22368482ec993bb63e125b72ea2e3f1b7f1443920fd31982c73e542ab6367a8b9336302636962f3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\sAYW.exe
Filesize
209KB

MD5
d1e3e5d911b075207785dc2fac778ca5

SHA1
8b644de480d0f19fbfc77601f3349763be653ede

SHA256
4066783f129e26adc7ebe0d073201f0f1694e25f5cb51a8666552b75298ca735

SHA512
c0ff0784b350a4ab5202434940087f3f0fa8709dd09bc0c5764ed0d2ba39bc8fae3eef8ff55e929e7c14f219ca9a47f9a7c5e69eb8ba50a364eb41f017bcef81

Download Submit
C:\Users\Admin\AppData\Local\Temp\sAcM.exe
Filesize
240KB

MD5
1e686969196b2078d1c271469629155e

SHA1
9c85729d9b7d4566d444622e1c3d7b34d99f3fa7

SHA256
67bcf01ac2d330e3114bb2e3222ca8a5d9c9a8c93ca87390ddb62f44a6590830

SHA512
928f64cc7ead8934f9e04edb979459afe0915cc133f9a03cb3e42237db88444315e81ab9a89214ad777f3369d3c8e8f0786b48078c47a9d10451f98eb99de3f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\sCQMIMwU.bat
Filesize
4B

MD5
8333263b5cf3e408d814bc12bfa1748d

SHA1
11483d0a535409947888d6152e4a98a266abc73d

SHA256
cca8ceb9af191df4531f2e436dd1ab100cd7844b1404816c133c488da8789301

SHA512
d88ada29af31a07bf67d41a53469b4a2a16b8fe97a9e56c8775876b94c0a6fc426edf552b522a1a6bcb65bd17b13ca197e9aad56e93bd74470343407044ad9c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\sIYc.exe
Filesize
229KB

MD5
132917a507d33d1cf7d516a442812deb

SHA1
20aa0719aeb63f8158d92a7c06c54ad82fe95c3e

SHA256
75e0c044d773556093bf52ef442ce514d6d8ae1495cdf34b0f93f6c8d55e23f1

SHA512
dff82312bf9cc4559e5d9e487b65b1a102acc5e8583609aa3fdbec5b6b7539d680386024f37788363d106d2ba994f6af63d96e26979e665ef789917f42a78c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\sUgi.exe
Filesize
297KB

MD5
f5a96814fbd6635c5fae3224b07ef183

SHA1
24d3477c237c801550ec80b9451c8b449113de78

SHA256
5b0219470291622fb3b563274d7371e8d6f1f588e13d82acf65d51f99faea9f7

SHA512
8eecb8e5a7575fed81f7d513ed9dc5a69485ef2ffdbd8a894c57ee8a3235aace3f3e357ab3934304e2fee0bf30f99d12c4370166e8da1611b1d3c30492c8d8c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\saUAQYgk.bat
Filesize
4B

MD5
48565f7bc6c7a50998552f4cb91cc292

SHA1
3f57e24737a73276bc230f52d5ab204dc5ecddcc

SHA256
94d44538f3c23a16b29f3d098a6ef88787cb692b7400a33e3242979d85ce7311

SHA512
ecc4faec2635b3f4b6d9082dd1734f26783eb52223611dc091d507f42fb7a2dce3141bf9e2c6dc32b36389bb43169a54c2527b6d5c694cc37593ff333ae9cdcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\sgIw.exe
Filesize
232KB

MD5
f9ad37602a52c30d2eebe98ec1d3325f

SHA1
fbbeb67e001bbc03ff6e2629ed9c740a69f7b26b

SHA256
54549b03421e2e97783d3dbf8f24175b448ec50cb5020d0b4386be58bfe857fc

SHA512
032132c41f581250d5c349eba7b8dd839406bff5d2b8fdf99c44f2cd761b26aeb3f09d55f9dd3f1f7b3a7719374df4094589b30821c0699bec9a064769a074df

Download Submit
C:\Users\Admin\AppData\Local\Temp\soAQ.exe
Filesize
236KB

MD5
74d7bc91499a3a17f8e00d131b859c82

SHA1
94ccfdb38f682a6cdb473a92e101193f0bddb181

SHA256
a4f3ae59d3e9d5715133f4ccba81c09c3559c30387ed7fa2c772f370f8db4d1b

SHA512
611eee4ff78167733d9a675100254a24e7d29ecf71a190f81d20e27641946d9cb9de70926f9fa682f5ab4cd5781eb8552e2c606d0faaf12654d17f46150943b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\sooC.exe
Filesize
181KB

MD5
1be93611b5ad31ca109725a8f8bedd75

SHA1
1f64833346d5efd625c214d4a31e6a75d67b2d06

SHA256
6a897ca525b1ad854a5df86233a67da954c2cc393099331f7f8f0a5f6bc77429

SHA512
73e7dfa1a2d314a2b6a1acf8b4c852185f51998a1d050a33138779bcd1ca9db26ae15505a83b0fe84225184717532048a1e1934c474272091ed87af4eda0f52c

Download Submit
C:\Users\Admin\AppData\Local\Temp\suAsAwcQ.bat
Filesize
4B

MD5
d38c270bf50cbcd30334246795691a15

SHA1
5fca9167185a42ce74f1ebedc076d85c14fc73cc

SHA256
23d0a996937d6d62bfe9a136773907ec9d508a9c84847cf459f6dde61b28ab72

SHA512
25de9ea472ff1623e8c1fe281777b97eeb8166b4216c01229c64ad981e055019592f9f04ab3b69e5125697b3f90e1d18d6b713b8bc7bf5cf1cd7277faddd6567

Download Submit
C:\Users\Admin\AppData\Local\Temp\swcwQUoE.bat
Filesize
4B

MD5
d6e6926e55ebdb327528fc97de62ed6e

SHA1
e462468f9e72f0d3db83038180bdd75b79ecf60a

SHA256
7ec76a3fc79a7a4f100b53bd5fe5388d456e5cca2149cd10b640980263368e1f

SHA512
9948a3090394ee962e90a286b8ad287a49ad8a833b73fcdde519edd1d0881322b393d3a90d25cadeb3c5ef9fcc7b480ebd17811244e850fd7e181164c42eac9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tKMAkYMc.bat
Filesize
4B

MD5
9f77e1dfe26b51a4f1956196f2ee5721

SHA1
f6b1cd55d3fdf7c03ffa20fae894a326bb10d6a5

SHA256
3cbc63287fcf41d611529e5298cccea5dd714ff4d6212b0f3a67bfef809fad99

SHA512
5282a4fff43da4e831edef2153c0ed9aa76312dd713158f4339cdb25ac0d64fb88107cd5d88a66f315eaef37cefe2d16e3557318351d4125ced9ea15f4df2ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\uIcY.exe
Filesize
230KB

MD5
3541b8bb3b01760b784f7535b9169fbe

SHA1
a20f724d7dcbeeb6f3e7fa7c0920a5755f43a74b

SHA256
29dac586aeedfff719dc354c5576bbb24c9a8e3d3a3d3dab8fa7d4a8def71c61

SHA512
c564c079be96c07a301c6000995c134930e96f8b21c2be5b91552befa90e81f5d8582105f71632ce0527378c63405db975db2eb5b7600b6269d70acb746f41e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\uSUcsgMQ.bat
Filesize
4B

MD5
76a67313acd4503ad06d9feca6b85448

SHA1
f26af702355b1616aaa8473a341c13422f02bdfd

SHA256
1865a03bb50e50c13f9342bb3d483231f13f93a25ee2af2c52421c93541fe20a

SHA512
708e5753cc89d8c9e41d6ef4a1aa3544849868fd0dc9f9e5edd9284b7490ef17acf29f519445127ee40cf7005c24a95949caf4c716e75ae57a22830136796cb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\uYgE.exe
Filesize
199KB

MD5
70a1b5768b3c83413dbaba59860056ff

SHA1
b69df6ec14e7073cc6ff92631f7d954467b206ff

SHA256
f2bd15cd90a6033b70eb411cfecf97633c94e49e02d75707c5df429a6bf0ef54

SHA512
cc5125c0021c8beaa1596a3e8bd69cacf89e2b7ea46266c0e1e7b505f07fff4100ea951054c5bd480ada527fe4f5f7119c49d0a7aa1f7b53d3ea8f413a7c35b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ugAm.exe
Filesize
235KB

MD5
8812e4d2f90af28804461155516e4416

SHA1
c4b663d3a65945d1967946daf8503bf9f020f7e0

SHA256
db2aefaa8100083f7cd378190bd7573f3d377da3c54bd5e17d0aee72ec2aaa0c

SHA512
d764b22ff6f364a821fd5d61a0ca19e3a46b25eb7593fd3524903c27487e2759ffcddef5a61bd8444d4d1b3f095909dca91f9033dbf4b3a2191258d890a9e281

Download Submit
C:\Users\Admin\AppData\Local\Temp\ugYe.exe
Filesize
204KB

MD5
f66ffbf4b3034a3e76ac45ea8e7425c6

SHA1
cd49d352548ce2571acf6b5eb554b9066cf4ab40

SHA256
40fa6c8f0071da8867aed4a5d2c365b20fa55a73d793abc6ebbc822b0835b113

SHA512
4449ab5d4b828a0517e0c809df7dd86cd327044e534a6e6245fe33e39d08478ed084cff3d17a1689a852adb39c1afb8b4fcfe8c9a2a8c23bff0ce9a7ba47253e

Download Submit
C:\Users\Admin\AppData\Local\Temp\uoEq.exe
Filesize
230KB

MD5
1adf14ca31f31f82580e9994905ddb14

SHA1
e60ce5087585aecd1eb582d8b345f358f452093e

SHA256
ce5ca80ed1f7a53a901f0690bebd1e3a9ee301eb3b463cc5aba0cdb8726a1399

SHA512
0d0aa8c2d25a2726dcd433bd24898fcc2f06ffb9e4f8b3d7586e907a947a06fb8a381e37e3a4c0d61ffb869b9d36e2adda631a2b86a51feb4a46071949d71b52

Download Submit
C:\Users\Admin\AppData\Local\Temp\uocc.exe
Filesize
235KB

MD5
2fa6e15019f1fe154938832f0b109fa0

SHA1
240d6722bc97890f7cf80127e9a363526329a076

SHA256
5a90abc7ac25c6b8045927f56a03ce6d0e820609aa3ee53d0bf3ed15af77a0ee

SHA512
168052aaa2d7b7cb54777829a3133f973e95afce6e985cf826d735cf1677055c6e3d3c799fa20236ce5e3ec7d4fbb21afbdbf4f1c76f14641e6110d84e9d0767

Download Submit
C:\Users\Admin\AppData\Local\Temp\uowc.exe
Filesize
233KB

MD5
fe1159fca0ee35bf546518b93307aa6c

SHA1
a0aed37a7bd1fcd095627b9eb63f9d26e3f4e90f

SHA256
d634efd6dc58dc6541ed8913bfe4fd8d7aa5fa906225e9498c57faad9add9ac1

SHA512
5a7c99ae77a733c35c1c6b51ab76fc53135d361e3d5ca5409383573c8dd1aec797e18bf609b0499ab5aa8dfeefa462726ba798f966c5d590702d552a1476d7b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\usES.exe
Filesize
245KB

MD5
53d946e801469cbfd3d957ed55ec5a5a

SHA1
b4597dc409ea39d3e26fb42a42312c69f63bd24a

SHA256
851b42f5cc049b3265893f3cf15d60f1675d2e57bdb62fa58dfec28f81613624

SHA512
110101146b6e52f566e1ae9fd3f648c7c384e380cf05fdb28e3e87fee0392c54ca0ea63dff82f5ff3b06141ae4270abe47a6e8d0855c0c856a7da992e4380b14

Download Submit
C:\Users\Admin\AppData\Local\Temp\usMI.exe
Filesize
235KB

MD5
e31a40805cc47b70e62a7061a8e960d6

SHA1
bd917e7581cdd9db6168a0300e344f23312be340

SHA256
abd43f70f9d5dd9621ec804b51cacca3905ea2a28bd47e89d1bcd85410a7ba90

SHA512
6f0bed602d39a37cc5848f9313be53d93528b00b598c7f8b4166ba96a31a14c38a5bd5d274636540f336dc43ba8ab62f64aa3a7d9e3705ccb17e153e1656ef87

Download Submit
C:\Users\Admin\AppData\Local\Temp\uwgowMQk.bat
Filesize
4B

MD5
30d477c8183fd7ce3a8e17ab591c31f6

SHA1
11d1af214ddf227e68118b02941f8ae3de0deb1d

SHA256
770ceb68856b710ad5b388ea000064397e2ce82c083ae2be25ccc63f9fb15070

SHA512
2cfa27c1c928548b2db8eb09a26cef0f245cdc905fcf5adeba90247d7a5641416f363e6d3d22227351056bcb7eb71c1987d70e22c8c56081af55a411fcf36864

Download Submit
C:\Users\Admin\AppData\Local\Temp\uyEsAMkc.bat
Filesize
4B

MD5
1026bc082ea78c6882eaec3535cc7047

SHA1
d0bb2f4a6a2b75410b412b98e03069a4c1635f5b

SHA256
efa17c0816431508ef000c72786c57d39ea2e6f1d0224846c2c3399d4532da8f

SHA512
b8cee08560d4a9029d31c49c1d8c17e5bd0e26417586839b12a9175b08ab1cdea3c8c94255ac34b1799250b5aa320e51f7536071b7406192a9264780d681a120

Download Submit
C:\Users\Admin\AppData\Local\Temp\vSMAcEgM.bat
Filesize
4B

MD5
1d2fc537024f274630ecf06a82a4b52e

SHA1
e760236feaa36eeaee51366ba5c9a5a42caa553d

SHA256
c2ad4ee580b041d29abbca5b93890e638c63e1c695fb8fce4eb10e7f701959f0

SHA512
8269eda011c73ec9839ce584e0fb6b1bc9cf6bba65022c317b77733d6c915dce97922ec4bed34efd81a7ec189092489864ff7db5e1cff06a2f4efb115e1aef70

Download Submit
C:\Users\Admin\AppData\Local\Temp\vWoAEIAw.bat
Filesize
4B

MD5
ed09200ff2e8a23ab76c87e5b39db0c9

SHA1
d841f396da52793ba0e48248051d28f25a68f09a

SHA256
b732efb275e58c6cf377c48fc952a19885749c20d66a148b5b3cc011bf5a81fa

SHA512
58737ae185faa1252ea42824d6c3970cf48f731bd949a6226fda3565e384b5241ad1cf986c6bda49478fea6e47a241b19dd290993b61577e7e2879615476f79a

Download Submit
C:\Users\Admin\AppData\Local\Temp\vWoIEQcc.bat
Filesize
4B

MD5
3436d85b57b85013d26b5b1fd5a35612

SHA1
7fd3a1edb2d9dd10394f6caf9efb55ee4268025b

SHA256
c6716deb669acb5f21cebf2f39c089ae570f098d08ab7ab66af3ba7901b95bbb

SHA512
ef7b176af537dd0d177ffdbe206c63492eb855be2329fa2cd7fd9660565b205e5dfc225aa35b1368901f8d826ea56d9987060ed29e5cea67993011f70b48b29c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vkgcIYMs.bat
Filesize
4B

MD5
cf96e126627d6585b1d6eac23e6b3711

SHA1
681ff3723f36eeb970d10d686e6b2eedadc15b11

SHA256
5b2b649f40c55a74eb2de93749eb87bcfe8de9db1dfcf70fc82c299c004eadd8

SHA512
d6d170e0ea2dc6d60dded9b25e2e7548693a0c9b67a617852ac5468d798bf7e8b87122fc68602116663dd59963e85edc265d17fa555d3545ca75e8d25116464c

Download Submit
C:\Users\Admin\AppData\Local\Temp\wEAq.exe
Filesize
231KB

MD5
e9b3598f570b8dcee2556e7e91a865ad

SHA1
c954af435db4d7a5c593617e6bb87a98cbaba0ac

SHA256
8a5f045fa2a7ee6bb97757f9efe9c91f721374ee18d91d284d0e010b67a104a7

SHA512
6f8f238a51be42d4b369003a2abbd49653e8269c139abec1a86f32da0f7f963512000088a314469739c519b3c7a3efed51219ac3e170ea22b487034dff3fc9bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\wMAQ.exe
Filesize
960KB

MD5
7a8bd8f51d0ef5faf059155f37e3904a

SHA1
902124871eec065fd900e3a01614ab1d7ad61f33

SHA256
d2fc04809ff66f093c341155d656a5a4957c4df2da172dc97fe144a3449d35e3

SHA512
e95dd9e2e8885cb5a4f424f625d100f92c07694e82d2e07a5924f763bfcc0ad1079ed4dbe003c1d9236fb9f752e349660e8437ced1482acc4124644f7559758c

Download Submit
C:\Users\Admin\AppData\Local\Temp\wOEQMUcw.bat
Filesize
4B

MD5
2d2eef6e9b8dab22bed4daa154b50110

SHA1
6ff4244eddcbcc020c74e82c3ea355e9a9a93447

SHA256
2c6c6499dfabeb069bd5b39c6d72cd43c620bf6414a3588ce8fc8edae89c0996

SHA512
c9f00831faee8b5523916dd64eb4e7b4be0852cb5678c4696255053778aab079b49e1464cef74e57f54fc858db1bc79c126783421c5f0c6dd2e6ae900f882f4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wQEu.exe
Filesize
1.2MB

MD5
0fcc960a82ff48b7306539e5ddf07667

SHA1
e112f0a87d40047dd916b8f5c46c52acfdc11ed5

SHA256
94141ac22bded88f86809c976721020f167276248abd68ab4fd6e914adfefc0a

SHA512
54229e1d6196314cbf925251ab5b547aa51693251313b2facb71af58b2c6cf87c07f74e7306c6a7c10069942deeb14d78a9929b2ff2d3a3d8ce3f3fefdf0bdd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\wYEk.exe
Filesize
234KB

MD5
2af95a4d47eb809621c84fa17b5f4673

SHA1
162e933fb4fb8e79c5709b2afd617158fd89b1b0

SHA256
f27c5d491b4cc57ccae1dbbd48e8c606f32e46ef29b0b7261f5befb18a10b7e9

SHA512
6beb52f88fc65eb13cb18b9bececa41fcbbcb85cac5d7ab53ae6ec537cabba8e9e38de511254f018e1ee8f58870298a719d3dfd9128c12b056866dd220c65557

Download Submit
C:\Users\Admin\AppData\Local\Temp\wYka.exe
Filesize
206KB

MD5
65f7c52a1a3f4f0982c4baf65679d69c

SHA1
486afd6009aac48a99736252893e5cc48ed205d1

SHA256
47d0ce1c561eafe7d92be5d6155b19a3de65d1923f5803f78bf16635129c901c

SHA512
930a0d577d0870a9efed2456adc966a84e7e9e9bebe90963701bc370b5611d29f422822d398abf6add9c64c83d1a7641c0def6ca63122ac3bdf3e8f1d111a407

Download Submit
C:\Users\Admin\AppData\Local\Temp\wcQE.exe
Filesize
328KB

MD5
d4024b233a4e8120826db6dee8149ab5

SHA1
7f9a5ae5de62d5a6888bb42d31e01f1ba8a432e2

SHA256
c8bef648af11088bfb06be516654c4bd4c144393d0f98c168090612a575bb686

SHA512
dc1a884bb6cf19a2605e01c0b735d18be685e606092bbe6ccda43bae0f46d8be8d829689ecfb4aeae85c233a99352276e6bc56fb3b8f501d62bae2454d5ea08c

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsIq.exe
Filesize
833KB

MD5
c12f0e49994028bf6523add0f6cf5d0a

SHA1
4afec59a044be6856ca477350b5bfe9fdf7b143d

SHA256
2a9fa6e703934467bcae411b7bdf20a4211905dea6abe0333d2831ae188e2882

SHA512
08117ed9e619344211d163dbf6fba0504302817f49eebd28415aafb8621646d18550a424572280d067c8c7e36a6d9efc1067da4a1b1e4377b704f444b193471b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wswMAsQs.bat
Filesize
4B

MD5
d785fe6f27ede639942ce0436c74fc06

SHA1
e6608266ccb905be5115ab2312e407f080f4e4a1

SHA256
1359495f439ed7c69020492c7452c315955efac181343d087efdaa89249f5006

SHA512
1bfb01eef220d284e7c4b93db9e62686b7a72ff0981c52ba528ad47fece573fa6a5bfbdb9242ee3e765c84ba073aa0d2e9b258bcc431d1322d7565a42a71942f

Download Submit
C:\Users\Admin\AppData\Local\Temp\wwok.exe
Filesize
198KB

MD5
d4eed4d60bb2ba21b1339459d5c877a5

SHA1
100e7f474c9352acdcc114c75d2158e7a83e96f1

SHA256
fe7bf3f7d6cf135f9f479c7cc0346f27e7217c695cefe5e97edda413d9637e87

SHA512
93f9dc8fff3136ff4d549d592e20ff517a8ecd06759de3bfd1837d03378e3c6bd586e6b40eb1b0ebc46bfd764de9b1631a0d68ed9b0f7b3fc4b917f5b80e2a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\xEIcEMQY.bat
Filesize
4B

MD5
a17c419d1c192be8d7b5757c752595fa

SHA1
862b7d8faff5e6bfd46545843e01f88513a215f0

SHA256
74b0dbf6c0e9b243b2af5067f7880d9af2350560ead84c0c9b91865d02d63450

SHA512
622333cd06d798e0f55e1ac664b3622521fab54a244c404117619811638ede6b6d1b2b233bbeeb5ea921a5d0b9a6fc01c994cbdc58e6b008a8eb3b09a1d49b16

Download Submit
C:\Users\Admin\AppData\Local\Temp\xUQMsUYE.bat
Filesize
4B

MD5
8104f9b070bfba45a8f5effbc9350ed2

SHA1
1b062d738cd0f76a434e3e10720fa8a0e007ed0f

SHA256
5d513c1876bcd942e4dee6e4bb98b362ee76c73e25fa0c543e4b838c73941539

SHA512
68a4fdd9ee155c422e73a14862f33578fc19c5ae78cbd21a48b4f709139fbefd42c35389fe6b895ca551ad63bb7083e9922c8ed12517665ab773e8a86d581603

Download Submit
C:\Users\Admin\AppData\Local\Temp\xasYQUEw.bat
Filesize
4B

MD5
61fd81b74092dc3ceb3a9391ff60d8e3

SHA1
07f6e139701ac0a99ce8d163ee2bbd647dfad924

SHA256
e18585848917598cd22ce02ae09feec8e1b96fa4b62566c9ef63228d6b746e4e

SHA512
b2044b7e2a4c98fd834debfccb107969d38b8edae898d0a71272944a6e1fbf91a197e04c74e9302f9d20da3481dfc9dd6914da06d768d201817356c8fb36273b

Download Submit
C:\Users\Admin\AppData\Local\Temp\yYYY.exe
Filesize
210KB

MD5
bab717dad8c3e08837090947e5183c23

SHA1
edfb91eb999f52cef19fbfe408efb7f3d922ee99

SHA256
915bd6ad1a992ddfaaf406fa5b587f2845ae1571ef0193c8bb1a0367f6ed14e6

SHA512
982c6fe87c93ce4d6eb3c1a68f05def44b93d915a4d05c06846f1242e9b037330b9df8846b41fda136845a65ffd238866d8d345a0a2ae092e2de76487c5edf23

Download Submit
C:\Users\Admin\AppData\Local\Temp\yYky.ico
Filesize
4KB

MD5
f461866875e8a7fc5c0e5bcdb48c67f6

SHA1
c6831938e249f1edaa968321f00141e6d791ca56

SHA256
0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7

SHA512
d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ycEY.exe
Filesize
327KB

MD5
38e126b6aff3725759fe0298228689de

SHA1
af512165467e20c9edbda51ab7f953a593c2a2f5

SHA256
7a9b97589ca69a710eb8d96be5d27a01880767eeae60dfe5add0b22c772dfc6b

SHA512
68854cff2440c63b5bcba9a6c774f6e60b59fde1a7c90cf625080060ba9d8321a1c95afa0191bbe4fd6f2ad8dd08187b626edcbfb7298e33d1b8d6bba657d292

Download Submit
C:\Users\Admin\AppData\Local\Temp\yowM.exe
Filesize
247KB

MD5
be266352b59cbe4c5ab68e84ef49d013

SHA1
a2f724ce16e99360101a0675f23f7ad06641fe29

SHA256
12ac3b60ba7a4e1a90d70f51efe7fefcdcce5b52513b209be879bd51f79e79fd

SHA512
550b25ff385ad705e3323a0950f3d98e01276be99871b6dc63022b64f52ebbfd27703610407db9ea9be5d8d49c1374d42e8cc0dd3b0c01818a257172d7dfb6e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\yqgYIsks.bat
Filesize
4B

MD5
cee3515ffcf8fafe08d3bcc5a48f5bee

SHA1
8fa1cc22604a7a6555f0da2ca33a86ca63840b1f

SHA256
61df397d1219016b8c5e0000cf23f14d5f093b1bd2b6abbee45ae2adf906a3c8

SHA512
4bfac792e1eb7705cfea7b81bed46e953ddfbb22e1c70d76719cc6b117eb5317868381cf3ab0014e6eb9a644902f56186cad5e3b8867bd8243ba9e135b34ef62

Download Submit
C:\Users\Admin\AppData\Local\Temp\ywQK.exe
Filesize
243KB

MD5
9c0a0f2480f31066baa191f3a4661782

SHA1
7e6784eed73e9c6d6aa4085b2af5d9e3ad5ee156

SHA256
9a78b2f75541de6032fc949bc884c0e1f751faa07533ba612a6c7416bf35612d

SHA512
ab28a49cb62b8542dafeaaf6ae68c2cb40263e14f94503bcd9f3c0874264fa14fd305113df2915cbbd29f1ad42a6354f496f82c86d41e3e0835057c718f480ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\zWQgosQw.bat
Filesize
4B

MD5
bcdaf31d472c322153c202c9b22191ec

SHA1
cbef2c6e6257f82daf1ebabf08c2cf4c61e94f48

SHA256
542fac12e46817ab62e17cca12a3162eef052094550f0c7661e188ae6b9b303f

SHA512
9293acdb20d3119dac3dc8aed74ff3d24e5ceb1ce9ed0d782fac2f60fa3aedb40d02e07b5939f3871dec30914cc8072b28e3caf4838d9e46f6845f481600976f

Download Submit
C:\Users\Admin\AppData\Local\Temp\zYQAokgs.bat
Filesize
4B

MD5
bf13b3dda5ddb1cdb872ef529a571255

SHA1
4c3e02fd13d7b58dd71b16c81f803dab0d25d68e

SHA256
96ed22a8452bc563cf2b7fbc471b73728df1096f5127630f30b77487dedc74a5

SHA512
a26648f3ba2303b8403d20477b598494922392ebd895c01c71e6029cce5c2fdbe6e3a20a03b95cd70f2e8d2657e5b1dadf6b748af595ae17ac361c7a9bc4e799

Download Submit
C:\Users\Admin\AppData\Local\Temp\ziYcMEIA.bat
Filesize
4B

MD5
c5696aa536136d0d625066d1cca04cfb

SHA1
09fb99959e17c5496f742174c1709830fb292361

SHA256
4f0d291c265d9d7f93d7bde19baade11c1b043b1efc8b1dd23360716685c15ec

SHA512
84ce12e52e08bc23368789360146341fbb3c62050dc84ab88cd3fa39a7f32cd80b52f230715bde308d6d19637b1355f7176073a1e5697abb49d80bbf5b9b88c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\zqQwUAII.bat
Filesize
4B

MD5
05d4adbbcaf07aaec5ac4ac1f731aec9

SHA1
d601849207b1453d5c01d0b65187bf7b361a206f

SHA256
3c70c2c567e83b5e637416c62b55e88126da9fe296ccefe1da66f8251c3cea28

SHA512
c741e4837d8a4cd8fb8942558108b0fd3eabb808068cdfc2a4b5504d8364bad45c049ced4d68c48059562356c4b20d9d94838cbe4064b09004136735270070ba

Download Submit
C:\Users\Admin\AppData\Roaming\ShowEnter.png.exe
Filesize
383KB

MD5
f0fc8a4d3bae06342870c14b0d1f717c

SHA1
86e2bb45c223b1f21b766c27bc6cb30ea9cf44ec

SHA256
7842be014b1f35f98978e7665273fe4b50bacf1541f04aa39ca532872545ac7e

SHA512
c9de7fcf2867d5cbac603dd808dbe0f14062aa11550fae367a2791866805e69564ab3c31edd5f9172c609960dd4073326a731193758bec69c05609919d74887d

Download Submit
C:\Users\Admin\Desktop\UndoRead.mp3.exe
Filesize
562KB

MD5
9ff1ddb960f0b9eea0c607941f1d6ba5

SHA1
7560e5a7916a8d258edfb78ee6c4340b474ab981

SHA256
58a4f3ff96cd373b5e2c474258a899a94bcf948ba4bf9ce70c7700dd88af1246

SHA512
e47c18492b474d90f686b342fd251b2b67123a1639162b996b3820718756ce4985b765724d4c0f018055aff825a5da428d9ea18dafb36c70afe1780970e75770

Download Submit
C:\Users\Admin\Pictures\My Wallpaper.jpg.exe
Filesize
224KB

MD5
5dae10fedf0701a6d8cbb4c4a49bb102

SHA1
2eb6718c0b4822bd0da69f0556006f34dd26cd23

SHA256
13659d5f0a02b9ebaded447c60616a6fdc6da1cc70dd2b8ab4d75e5077c16b8c

SHA512
60b5e731d4183092c6c8c0117903c7897d8cd1dc70a216667b44faa0b16e947504a3fbe17135d32d1dbc9e2a4c43564f7b666b6d37c121f6421d767fd4c4d367

Download Submit
\ProgramData\JYYwwokc\EgwkIoIc.exe
Filesize
184KB

MD5
0f6f59b55d851aa6da202d09c0f53b3b

SHA1
4e438226771acfc5b9932fbf14449da344ccb594

SHA256
9754f206dbfd617897459d352d4fecbdc62f0abcd21579284e21bb3798e055b7

SHA512
dbe061aee2e0c449295c4c3562ba97d5ae31bc6d2c241dbe5b5c132a6b09b246bc3610058719c10330b4223ff2c66c7c7a2d80fc258b944faf826e202f605b1c

Download Submit
\Users\Admin\Cqwowoss\buwQYUwk.exe
Filesize
185KB

MD5
83aa6e0b06a13e953de331466fb61944

SHA1
ceaf111cce8ea6ec1d43f82d25cc307885304e4b

SHA256
394ac8ce1ecf659ddbf8bbb41bae810d947806840995624385614eaee34ff102

SHA512
67c0862ce1816dbb0ffbf6279153d549c3fe9740e5417bcbc8aaac23cda5874b84a4859945d23c0d603bc13b1dd4cfdbbc8aa32bb1c1f600cf6aacd623a21cfd

Download Submit
memory/272-600-0x0000000000260000-0x0000000000291000-memory.dmp

Filesize
196KB

Download
memory/272-601-0x0000000000260000-0x0000000000291000-memory.dmp

Filesize
196KB

Download
memory/324-420-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/324-388-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/392-106-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/392-138-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/592-411-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/592-446-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/592-590-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/592-561-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/632-326-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/632-295-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/772-83-0x0000000000160000-0x0000000000191000-memory.dmp

Filesize
196KB

Download
memory/772-282-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/896-580-0x0000000000260000-0x0000000000291000-memory.dmp

Filesize
196KB

Download
memory/896-436-0x0000000000150000-0x0000000000181000-memory.dmp

Filesize
196KB

Download
memory/896-435-0x0000000000150000-0x0000000000181000-memory.dmp

Filesize
196KB

Download
memory/908-129-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/908-164-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1032-155-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1032-188-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1068-271-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1068-272-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1480-642-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1604-224-0x0000000000170000-0x00000000001A1000-memory.dmp

Filesize
196KB

Download
memory/1604-225-0x0000000000170000-0x00000000001A1000-memory.dmp

Filesize
196KB

Download
memory/1628-570-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1628-541-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1720-154-0x0000000000210000-0x0000000000241000-memory.dmp

Filesize
196KB

Download
memory/1720-153-0x0000000000210000-0x0000000000241000-memory.dmp

Filesize
196KB

Download
memory/1820-632-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1820-602-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1832-352-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1900-387-0x00000000002F0000-0x0000000000321000-memory.dmp

Filesize
196KB

Download
memory/1948-128-0x0000000000120000-0x0000000000151000-memory.dmp

Filesize
196KB

Download
memory/2000-454-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2004-105-0x0000000000120000-0x0000000000151000-memory.dmp

Filesize
196KB

Download
memory/2028-507-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2028-474-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2096-550-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2096-519-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2160-460-0x0000000000470000-0x000000000049E000-memory.dmp

Filesize
184KB

Download
memory/2160-437-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2160-457-0x0000000076D20000-0x0000000076E3F000-memory.dmp

Filesize
1.1MB

Download
memory/2160-4317-0x0000000076E40000-0x0000000076F3A000-memory.dmp

Filesize
1000KB

Download
memory/2160-4316-0x0000000076D20000-0x0000000076E3F000-memory.dmp

Filesize
1.1MB

Download
memory/2160-461-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2160-458-0x0000000076E40000-0x0000000076F3A000-memory.dmp

Filesize
1000KB

Download
memory/2160-453-0x0000000000470000-0x000000000049E000-memory.dmp

Filesize
184KB

Download
memory/2160-452-0x0000000000470000-0x000000000049E000-memory.dmp

Filesize
184KB

Download
memory/2160-4442-0x0000000076D20000-0x0000000076E3F000-memory.dmp

Filesize
1.1MB

Download
memory/2160-450-0x0000000000470000-0x00000000004A1000-memory.dmp

Filesize
196KB

Download
memory/2160-166-0x0000000076E40000-0x0000000076F3A000-memory.dmp

Filesize
1000KB

Download
memory/2172-374-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2172-341-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2180-29-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2184-201-0x0000000000160000-0x0000000000191000-memory.dmp

Filesize
196KB

Download
memory/2204-451-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2252-473-0x0000000000120000-0x0000000000151000-memory.dmp

Filesize
196KB

Download
memory/2296-226-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2296-258-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2300-273-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2300-304-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2348-496-0x00000000001A0000-0x00000000001D1000-memory.dmp

Filesize
196KB

Download
memory/2348-497-0x00000000001A0000-0x00000000001D1000-memory.dmp

Filesize
196KB

Download
memory/2396-498-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2396-528-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2456-211-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2456-179-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2472-581-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2472-612-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2496-317-0x0000000000460000-0x0000000000491000-memory.dmp

Filesize
196KB

Download
memory/2520-115-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2520-82-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2540-455-0x0000000000260000-0x0000000000291000-memory.dmp

Filesize
196KB

Download
memory/2576-35-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2576-69-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2644-59-0x0000000000310000-0x0000000000341000-memory.dmp

Filesize
196KB

Download
memory/2644-58-0x0000000000310000-0x0000000000341000-memory.dmp

Filesize
196KB

Download
memory/2644-365-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2644-397-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2652-202-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2652-235-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2656-560-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2692-34-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2692-33-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2716-483-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2716-456-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2736-31-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2740-12-0x0000000001C90000-0x0000000001CC0000-memory.dmp

Filesize
192KB

Download
memory/2740-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2740-30-0x0000000001C90000-0x0000000001CBF000-memory.dmp

Filesize
188KB

Download
memory/2740-43-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2740-9-0x0000000001C90000-0x0000000001CC0000-memory.dmp

Filesize
192KB

Download
memory/2756-623-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2776-92-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2776-60-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2776-540-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2860-339-0x0000000000330000-0x0000000000361000-memory.dmp

Filesize
196KB

Download
memory/2860-340-0x0000000000330000-0x0000000000361000-memory.dmp

Filesize
196KB

Download
memory/3020-518-0x0000000000120000-0x0000000000151000-memory.dmp

Filesize
196KB

Download
memory/3020-517-0x0000000000120000-0x0000000000151000-memory.dmp

Filesize
196KB

Download
memory/3024-410-0x00000000000F0000-0x0000000000121000-memory.dmp

Filesize
196KB

Download