aeafa89878bf1bf20f74243b4fc8bd37a53e03745238c0fe587fa4025e45bd5f

Analysis

max time kernel
17s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 12:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
Size

208KB
MD5

8706fa98bcafd7c8dd9371cfa5e276ce
SHA1

0ad85ca2a9fe713a2653714455c53053979a7fdf
SHA256

aeafa89878bf1bf20f74243b4fc8bd37a53e03745238c0fe587fa4025e45bd5f
SHA512

f4f542dd77be41691d31b2b5fcdc034771146dc5d8bf5f7b92ed0ad1cb5372cd8b4947ec908ec5a192551fa1b1d19d848c261d1f96f77538c19147da96d32bae
SSDEEP

3072:PoWje0y9cn8qcJZceaBUn/8RdHnif0jDl0ocCLWGg/Wc5GAce+39oB:PoDP2jTdHne0vyCA95GAc539

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 59 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

UAC bypass 3 TTPs 59 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Executes dropped EXE 2 IoCs

pid	Process
2512	jYgEEwcw.exe
2712	JOsYwwAY.exe

Loads dropped DLL 20 IoCs

pid	Process
3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe
2712	JOsYwwAY.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\jYgEEwcw.exe = "C:\\Users\\Admin\\SyMQIsQo\\jYgEEwcw.exe"	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JOsYwwAY.exe = "C:\\ProgramData\\rswwYQsQ\\JOsYwwAY.exe"	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\jYgEEwcw.exe = "C:\\Users\\Admin\\SyMQIsQo\\jYgEEwcw.exe"	jYgEEwcw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JOsYwwAY.exe = "C:\\ProgramData\\rswwYQsQ\\JOsYwwAY.exe"	JOsYwwAY.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

pid	Process
1296	reg.exe
1680	reg.exe
2500	reg.exe
2864	reg.exe
1876	reg.exe
3016	reg.exe
1400	reg.exe
2588	reg.exe
2788	reg.exe
1312	reg.exe
2676	reg.exe
1976	reg.exe
2448	reg.exe
2700	reg.exe
2920	reg.exe
1772	reg.exe
1100	reg.exe
2404	reg.exe
960	reg.exe
2836	reg.exe
2948	reg.exe
2436	reg.exe
1580	reg.exe
1304	reg.exe
1500	reg.exe
2788	reg.exe
1480	reg.exe
960	reg.exe
672	reg.exe
1836	reg.exe
2364	reg.exe
2680	reg.exe
2292	reg.exe
2672	reg.exe
1580	reg.exe
1352	reg.exe
1552	reg.exe
772	reg.exe
1952	reg.exe
1668	reg.exe
2652	reg.exe
2292	reg.exe
696	reg.exe
1824	reg.exe
1964	reg.exe
1568	reg.exe
2104	reg.exe
2408	reg.exe
2488	reg.exe
1992	reg.exe
240	reg.exe
2684	reg.exe
1796	reg.exe
1780	reg.exe
1980	reg.exe
2724	reg.exe
1276	reg.exe
1792	reg.exe
2320	reg.exe
960	reg.exe
2704	reg.exe
2924	reg.exe
800	reg.exe
3036	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
564	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
564	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2680	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2680	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2880	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2880	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1340	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1340	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1964	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1964	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2804	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2804	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1708	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1708	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1040	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1040	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1140	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1140	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1300	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1300	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2560	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2560	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1740	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1740	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2496	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2496	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
564	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
564	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1052	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1052	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
952	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
952	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2572	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2572	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1284	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1284	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2144	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2144	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2876	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2876	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2356	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2356	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2584	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2584	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1728	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1728	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2760	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2760	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1608	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1608	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
892	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
892	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1012	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
1012	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2528	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
2528	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2512	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	28
PID 3048 wrote to memory of 2512	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	28
PID 3048 wrote to memory of 2512	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	28
PID 3048 wrote to memory of 2512	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	28
PID 3048 wrote to memory of 2712	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	29
PID 3048 wrote to memory of 2712	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	29
PID 3048 wrote to memory of 2712	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	29
PID 3048 wrote to memory of 2712	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	29
PID 3048 wrote to memory of 2768	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	30
PID 3048 wrote to memory of 2768	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	30
PID 3048 wrote to memory of 2768	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	30
PID 3048 wrote to memory of 2768	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	30
PID 2768 wrote to memory of 2104	2768	cmd.exe	248
PID 2768 wrote to memory of 2104	2768	cmd.exe	248
PID 2768 wrote to memory of 2104	2768	cmd.exe	248
PID 2768 wrote to memory of 2104	2768	cmd.exe	248
PID 3048 wrote to memory of 2720	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	32
PID 3048 wrote to memory of 2720	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	32
PID 3048 wrote to memory of 2720	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	32
PID 3048 wrote to memory of 2720	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	32
PID 3048 wrote to memory of 2620	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	34
PID 3048 wrote to memory of 2620	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	34
PID 3048 wrote to memory of 2620	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	34
PID 3048 wrote to memory of 2620	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	34
PID 3048 wrote to memory of 2448	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	35
PID 3048 wrote to memory of 2448	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	35
PID 3048 wrote to memory of 2448	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	35
PID 3048 wrote to memory of 2448	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	35
PID 3048 wrote to memory of 2440	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	38
PID 3048 wrote to memory of 2440	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	38
PID 3048 wrote to memory of 2440	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	38
PID 3048 wrote to memory of 2440	3048	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	38
PID 2440 wrote to memory of 672	2440	cmd.exe	492
PID 2440 wrote to memory of 672	2440	cmd.exe	492
PID 2440 wrote to memory of 672	2440	cmd.exe	492
PID 2440 wrote to memory of 672	2440	cmd.exe	492
PID 2104 wrote to memory of 1076	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	42
PID 2104 wrote to memory of 1076	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	42
PID 2104 wrote to memory of 1076	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	42
PID 2104 wrote to memory of 1076	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	42
PID 1076 wrote to memory of 564	1076	cmd.exe	200
PID 1076 wrote to memory of 564	1076	cmd.exe	200
PID 1076 wrote to memory of 564	1076	cmd.exe	200
PID 1076 wrote to memory of 564	1076	cmd.exe	200
PID 2104 wrote to memory of 1640	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	45
PID 2104 wrote to memory of 1640	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	45
PID 2104 wrote to memory of 1640	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	45
PID 2104 wrote to memory of 1640	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	45
PID 2104 wrote to memory of 1772	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	504
PID 2104 wrote to memory of 1772	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	504
PID 2104 wrote to memory of 1772	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	504
PID 2104 wrote to memory of 1772	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	504
PID 2104 wrote to memory of 2732	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	47
PID 2104 wrote to memory of 2732	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	47
PID 2104 wrote to memory of 2732	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	47
PID 2104 wrote to memory of 2732	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	47
PID 2104 wrote to memory of 2956	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	50
PID 2104 wrote to memory of 2956	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	50
PID 2104 wrote to memory of 2956	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	50
PID 2104 wrote to memory of 2956	2104	2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe	50
PID 2956 wrote to memory of 2112	2956	cmd.exe	196
PID 2956 wrote to memory of 2112	2956	cmd.exe	196
PID 2956 wrote to memory of 2112	2956	cmd.exe	196
PID 2956 wrote to memory of 2112	2956	cmd.exe	196

C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Users\Admin\SyMQIsQo\jYgEEwcw.exe
  "C:\Users\Admin\SyMQIsQo\jYgEEwcw.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2512
- C:\ProgramData\rswwYQsQ\JOsYwwAY.exe
  "C:\ProgramData\rswwYQsQ\JOsYwwAY.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  PID:2712
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
    C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2104
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:564
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        6⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2680
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        8⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        9⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2880
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        10⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        11⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        12⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        13⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1964
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        14⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        15⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2804
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        16⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        17⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        18⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        19⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1040
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        20⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        21⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1140
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        22⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        23⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1300
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        24⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        25⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2560
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        26⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        27⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1740
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        28⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        29⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2496
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        30⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        31⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:564
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        32⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        33⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        34⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        35⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:952
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        36⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        37⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        38⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        39⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        40⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        41⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        42⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        43⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1284
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        44⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        45⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2144
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        46⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        47⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2876
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        48⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        49⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2356
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        50⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        51⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        52⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        53⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        54⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        55⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2760
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        56⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        57⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1608
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        58⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        59⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        60⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        61⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1012
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        62⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        63⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2528
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        64⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        65⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        66⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        67⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        68⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        69⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        70⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        71⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        72⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        73⤵
        
        PID:964
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        74⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        75⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        76⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        77⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        78⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        79⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        80⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        81⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        82⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        83⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        84⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        85⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        86⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        87⤵
        
        PID:892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        88⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        89⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        90⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        91⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        92⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        93⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        94⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        95⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        96⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        97⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        98⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        99⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        100⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        101⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        102⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        103⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        104⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        105⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        106⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        107⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        108⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        109⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        110⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        111⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        112⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        113⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        114⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        115⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        116⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        117⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        118⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        119⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        120⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        121⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        122⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        123⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        124⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        125⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        126⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        127⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        128⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        129⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        130⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        131⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        132⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        133⤵
        
        PID:672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        134⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        135⤵
        
        PID:984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        136⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        137⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        138⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        139⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        140⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        141⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        142⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        143⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        144⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        145⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        146⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        147⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        148⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        149⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        150⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        151⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        152⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        153⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        154⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        155⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        156⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        157⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        158⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        159⤵
        
        PID:800
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        160⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        161⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        162⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        163⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        164⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        165⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        166⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        167⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        168⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        169⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        170⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        171⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        172⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        173⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        174⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        175⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        176⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        177⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        178⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        179⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        180⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        181⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        182⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        183⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        184⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        185⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        186⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        187⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        188⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        189⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        190⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        191⤵
        
        PID:956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        192⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        193⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        194⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        195⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        196⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        197⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        198⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        199⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        200⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        201⤵
        
        PID:892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        202⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        203⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        204⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        205⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        206⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        207⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        208⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        209⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        210⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        211⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        212⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        213⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        214⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        215⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        216⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        217⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        218⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        219⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        220⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        221⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        222⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        223⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        224⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        225⤵
        
        PID:808
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        226⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        227⤵
        
        PID:904
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        228⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        229⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock"
        230⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock
        231⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        232⤵
        Modifies registry key
        
        PID:240
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        232⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        232⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        230⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        230⤵
        Modifies registry key
        
        PID:1992
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        230⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\rUMooIss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        230⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        231⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        228⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        228⤵
        Modifies registry key
        
        PID:2704
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        228⤵
        Modifies registry key
        
        PID:2500
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\daYccMEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        228⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        229⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        226⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        226⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        226⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\jkwEQAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        226⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        227⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        224⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        224⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        224⤵
        
        PID:588
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\uCQoQAkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        224⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        225⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        222⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        222⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        222⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\yswYkQAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        222⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        223⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        220⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        220⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        220⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\iUIoUgYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        220⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        221⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        218⤵
        Modifies registry key
        
        PID:696
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        218⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        218⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\wcgQEsQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        218⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        219⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        216⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        216⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        216⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\aeAowogE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        216⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        217⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        214⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        214⤵
        Modifies registry key
        
        PID:2924
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        214⤵
        
        PID:904
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\uIkYQQwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        214⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        215⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        212⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        212⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        212⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tWccgcgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        212⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        213⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        210⤵
        Modifies registry key
        
        PID:2864
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        210⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        210⤵
        Modifies registry key
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZoAcIMAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        210⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        211⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        208⤵
        
        PID:896
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        208⤵
        Modifies registry key
        
        PID:1352
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        208⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\xGQsAgkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        208⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        209⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        206⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        206⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        206⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\Zacocssw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        206⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        207⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        204⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        204⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        204⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\FuUMwMks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        204⤵
        
        PID:940
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        205⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        202⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        202⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        202⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fWsEwUEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        202⤵
        
        PID:956
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        203⤵
        
        PID:904
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        200⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        200⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        200⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\JqscUIQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        200⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        201⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        198⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        198⤵
        Modifies registry key
        
        PID:2292
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        198⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\GAoIEUwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        198⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        199⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        196⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        196⤵
        
        PID:696
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        196⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\YcwQQUAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        196⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        197⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        194⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        194⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        194⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\WwEIosoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        194⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        195⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        192⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        192⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        192⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\aMkosQwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        192⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        193⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        190⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        190⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        190⤵
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\imgwMoks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        190⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        191⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        188⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        188⤵
        Modifies registry key
        
        PID:1792
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        188⤵
        Modifies registry key
        
        PID:1964
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\WywIgIUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        188⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        189⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        186⤵
        
        PID:860
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        186⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        186⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\suskUsEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        186⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        187⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        184⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        184⤵
        Modifies registry key
        
        PID:1552
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        184⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TKswoUAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        184⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        185⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        182⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        182⤵
        
        PID:240
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        182⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\twEkoAQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        182⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        183⤵
        
        PID:852
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        180⤵
        Modifies registry key
        
        PID:1568
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        180⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        180⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\lukQwwss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        180⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        181⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        178⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        178⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        178⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fyQgssck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        178⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        179⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        176⤵
        Modifies registry key
        
        PID:1400
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        176⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        176⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\veAMQwcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        176⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        177⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        174⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        174⤵
        Modifies registry key
        
        PID:800
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        174⤵
        
        PID:268
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HiosQkcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        174⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        175⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        172⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        172⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        172⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\cksYIosY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        172⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        173⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        170⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        170⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        170⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\WocokMok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        170⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        171⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        168⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        168⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        168⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\MooEYoUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        168⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        169⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        166⤵
        
        PID:268
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        166⤵
        Modifies registry key
        
        PID:2948
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        166⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\KCwEwMsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        166⤵
        
        PID:808
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        167⤵
        
        PID:636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        164⤵
        Modifies registry key
        
        PID:1276
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        164⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        164⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\KiowUMQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        164⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        165⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        162⤵
        Modifies registry key
        
        PID:2836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        162⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        162⤵
        Modifies registry key
        
        PID:2672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\gusEgYss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        162⤵
        
        PID:992
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        163⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        160⤵
        Modifies registry key
        
        PID:2684
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        160⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        160⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\WEsUIYwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        160⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        161⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        158⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        158⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        158⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\JKEwkMkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        158⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        159⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        156⤵
        Modifies registry key
        
        PID:1796
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        156⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        156⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\rycUMswc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        156⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        157⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        154⤵
        
        PID:892
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        154⤵
        Modifies registry key
        
        PID:1580
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        154⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\pawYAQUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        154⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        155⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        152⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        152⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        152⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\zwEwMEsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        152⤵
        
        PID:808
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        153⤵
        
        PID:848
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        150⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        150⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        150⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\FesYEsYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        150⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        151⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        148⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        148⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        148⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\xwUcoIwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        148⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        149⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        146⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        146⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        146⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\omYsQIYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        146⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        147⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        144⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        144⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        144⤵
        Modifies registry key
        
        PID:2448
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ucQUQksA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        144⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        145⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        142⤵
        
        PID:960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        142⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        142⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\IOgoUcUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        142⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        143⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        140⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        140⤵
        
        PID:892
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        140⤵
        Modifies registry key
        
        PID:1500
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\GecMcIAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        140⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        141⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        138⤵
        
        PID:808
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        138⤵
        Modifies registry key
        
        PID:1976
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        138⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\KcEQUMQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        138⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        139⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        136⤵
        Modifies registry key
        
        PID:772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        136⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        136⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\OuUkQggU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        136⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        137⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        134⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        134⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        134⤵
        Modifies registry key
        
        PID:1980
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\IMIIwscY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        134⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        135⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        132⤵
        Modifies registry key
        
        PID:1952
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        132⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        132⤵
        Modifies registry key
        
        PID:2104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\BwcgwYww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        132⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        133⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        130⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        130⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        130⤵
        Modifies registry key
        
        PID:1876
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HUcQsAUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        130⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        131⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        128⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        128⤵
        
        PID:808
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        128⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZEsogMsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        128⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        129⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        126⤵
        Modifies registry key
        
        PID:1780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        126⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        126⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\DGEkwwsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        126⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        127⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        124⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        124⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        124⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\jmsoQAME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        124⤵
        
        PID:992
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        125⤵
        
        PID:700
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        122⤵
        Modifies registry key
        
        PID:2408
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        122⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        122⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\NiIIQcUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        122⤵
        
        PID:852
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        123⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        120⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        120⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        120⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\aYQgEckQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        120⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        121⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        118⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2576
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        118⤵
        Modifies registry key
        
        PID:1296
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        118⤵
        UAC bypass
        
        PID:2772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\qcAYIEMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        118⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        119⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        116⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1668
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        116⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        116⤵
        UAC bypass
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ICYcosQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        116⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        117⤵
        
        PID:844
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        114⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2976
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        114⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        114⤵
        UAC bypass
        Modifies registry key
        
        PID:2320
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\YUIMEooQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        114⤵
        
        PID:800
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        115⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        112⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1044
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        112⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        112⤵
        UAC bypass
        
        PID:2804
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\oGEsIUQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        112⤵
        
        PID:992
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        113⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        110⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1824
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        110⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        110⤵
        UAC bypass
        Modifies registry key
        
        PID:1680
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\yyMkwMsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        110⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        111⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        108⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1476
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        108⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        108⤵
        UAC bypass
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\MYUAgAcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        108⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        109⤵
        
        PID:768
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        106⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1480
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        106⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        106⤵
        UAC bypass
        
        PID:432
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\PgAokkwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        106⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        107⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        104⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        104⤵
        
        PID:524
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        104⤵
        UAC bypass
        
        PID:2788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\RqoogQAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        104⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        105⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        102⤵
        Modifies visibility of file extensions in Explorer
        
        PID:904
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        102⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        102⤵
        UAC bypass
        Modifies registry key
        
        PID:2588
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\jWocYMwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        102⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        103⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        100⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2908
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        100⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        100⤵
        UAC bypass
        
        PID:800
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hUkMYQok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        100⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        101⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        98⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2024
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        98⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        98⤵
        UAC bypass
        
        PID:1156
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\rewQkcQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        98⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        99⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        96⤵
        Modifies visibility of file extensions in Explorer
        
        PID:112
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        96⤵
        Modifies registry key
        
        PID:2700
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        96⤵
        UAC bypass
        
        PID:2848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HgYccAEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        96⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        97⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        94⤵
        Modifies visibility of file extensions in Explorer
        
        PID:588
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        94⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        94⤵
        UAC bypass
        Modifies registry key
        
        PID:2436
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\dqgoksEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        94⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        95⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        92⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1284
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        92⤵
        Modifies registry key
        
        PID:1836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        92⤵
        UAC bypass
        
        PID:1980
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\RQccwYwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        92⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        93⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        90⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2940
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        90⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        90⤵
        UAC bypass
        Modifies registry key
        
        PID:672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\CyAEcoQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        90⤵
        
        PID:652
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        91⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        88⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2608
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        88⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        88⤵
        UAC bypass
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\oCIMEEMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        88⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        89⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        86⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2468
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        86⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        86⤵
        UAC bypass
        
        PID:2548
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\cgsYMssM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        86⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        87⤵
        
        PID:944
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        84⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        84⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        84⤵
        UAC bypass
        
        PID:1316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\kucIIMsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        84⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        85⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        82⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2652
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        82⤵
        Modifies registry key
        
        PID:1480
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        82⤵
        UAC bypass
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\IAwYwoos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        82⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        83⤵
        
        PID:432
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        80⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        80⤵
        Modifies registry key
        
        PID:2788
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        80⤵
        UAC bypass
        
        PID:1104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\mCAYAkoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        80⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        81⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        78⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2244
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        78⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        78⤵
        UAC bypass
        
        PID:672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\aqwwQcIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        78⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        79⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        76⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2820
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        76⤵
        Modifies registry key
        
        PID:3016
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        76⤵
        UAC bypass
        
        PID:2372
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HgEIMUQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        76⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        77⤵
        
        PID:580
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        74⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        74⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        74⤵
        UAC bypass
        
        PID:3036
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\XSoAQoEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        74⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        75⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        72⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2908
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        72⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        72⤵
        UAC bypass
        
        PID:3012
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TyYMIkkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        72⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        73⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        70⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1504
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        70⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        70⤵
        UAC bypass
        Modifies registry key
        
        PID:1312
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\pEMkMUUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        70⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        71⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        68⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2364
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        68⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        68⤵
        UAC bypass
        
        PID:2984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\vCkMQMAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        68⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        69⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        66⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2260
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        66⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        66⤵
        UAC bypass
        
        PID:1708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\JUQwAgsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        66⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        67⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        64⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2628
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        64⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        64⤵
        UAC bypass
        Modifies registry key
        
        PID:2920
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\WgooogAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        64⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        65⤵
        
        PID:672
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        62⤵
        Modifies visibility of file extensions in Explorer
        
        PID:472
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        62⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        62⤵
        UAC bypass
        
        PID:2812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\cQgogIoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        62⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        63⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        60⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2676
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        60⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        60⤵
        UAC bypass
        Modifies registry key
        
        PID:2680
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\iQMEgAkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        60⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        61⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        58⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        58⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        58⤵
        UAC bypass
        
        PID:1344
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\GsUswIEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        58⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        59⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        56⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2376
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        56⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        56⤵
        UAC bypass
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\sUkwUUEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        56⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        57⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        54⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        54⤵
        Modifies registry key
        
        PID:1580
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        54⤵
        UAC bypass
        
        PID:1772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\WyIUQoEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        54⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        55⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        52⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2404
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        52⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        52⤵
        UAC bypass
        
        PID:2544
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AyswcgwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        52⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        53⤵
        
        PID:900
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        50⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2692
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        50⤵
        
        PID:844
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        50⤵
        UAC bypass
        
        PID:2744
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tOIkQoEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        50⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        51⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        48⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1304
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        48⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        48⤵
        UAC bypass
        
        PID:1984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\LwMksQks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        48⤵
        
        PID:952
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        49⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        46⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1276
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        46⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        46⤵
        UAC bypass
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fuoEMgoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        46⤵
        
        PID:992
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        47⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        44⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1048
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        44⤵
        
        PID:940
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        44⤵
        UAC bypass
        
        PID:1808
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZKkMgMwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        44⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        45⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        42⤵
        Modifies visibility of file extensions in Explorer
        
        PID:652
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        42⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        42⤵
        UAC bypass
        
        PID:2152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\vuowkIEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        42⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        43⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        40⤵
        Modifies visibility of file extensions in Explorer
        
        PID:672
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        40⤵
        Modifies registry key
        
        PID:2488
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        40⤵
        UAC bypass
        
        PID:1740
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\LgwAcIIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        40⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        41⤵
        
        PID:584
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        38⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2580
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        38⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        38⤵
        UAC bypass
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SsocwgAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        38⤵
        
        PID:580
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        39⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        36⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1136
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        36⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        36⤵
        UAC bypass
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\cooAcwAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        36⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        37⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        34⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        34⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        34⤵
        UAC bypass
        
        PID:2408
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\MSggYcEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        34⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        35⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        32⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2156
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        32⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        32⤵
        UAC bypass
        
        PID:1516
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\IakkcQQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        32⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        33⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        30⤵
        Modifies visibility of file extensions in Explorer
        
        PID:696
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        30⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        30⤵
        UAC bypass
        Modifies registry key
        
        PID:1772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\UAAYwgoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        30⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        31⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        28⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2520
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        28⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        28⤵
        UAC bypass
        Modifies registry key
        
        PID:2788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\eyEggoQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        28⤵
        
        PID:896
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        29⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        26⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:3036
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        26⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        26⤵
        UAC bypass
        
        PID:2400
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\GyEksEwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        26⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        27⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        24⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2572
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        24⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        24⤵
        UAC bypass
        
        PID:2352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\nocssIQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        24⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        25⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        22⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1344
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        22⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        22⤵
        UAC bypass
        
        PID:1636
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZCQYkYkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        22⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        23⤵
        
        PID:904
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        20⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1496
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        20⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        20⤵
        UAC bypass
        
        PID:1808
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HckIAoso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        20⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        21⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        18⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2376
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        18⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        18⤵
        UAC bypass
        
        PID:1608
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\DEMUoEQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        18⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        19⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        16⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2788
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        16⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        16⤵
        UAC bypass
        
        PID:2076
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZAcAggIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        16⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        17⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        14⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2620
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        14⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        14⤵
        UAC bypass
        
        PID:2476
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tqMwMUcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        14⤵
        
        PID:436
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        15⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        12⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1952
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        12⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        12⤵
        UAC bypass
        
        PID:1560
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZwckYwcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        12⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        13⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        10⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2896
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        10⤵
        
        PID:852
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        10⤵
        UAC bypass
        
        PID:1280
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ewYgoAkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        10⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        11⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        8⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2292
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        8⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        8⤵
        UAC bypass
        Modifies registry key
        
        PID:1100
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\IycQQAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        8⤵
        
        PID:964
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        9⤵
        
        PID:700
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        6⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2156
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        6⤵
        
        PID:696
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        6⤵
        UAC bypass
        
        PID:2024
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\UWcQocIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
        6⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        7⤵
        
        PID:2868
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
      4⤵
      Modifies visibility of file extensions in Explorer
      PID:1640
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
      4⤵
      PID:1772
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
      4⤵
      UAC bypass
      PID:2732
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\uScoAooo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2956
    - - C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        5⤵
        
        PID:2112
- C:\Windows\SysWOW64\reg.exe
  reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
  2⤵
  - Modifies visibility of file extensions in Explorer
  PID:2720
- C:\Windows\SysWOW64\reg.exe
  reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
  2⤵
  PID:2620
- C:\Windows\SysWOW64\reg.exe
  reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
  2⤵
  - UAC bypass
  PID:2448
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\aMoUgIgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Windows\SysWOW64\cscript.exe
    cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
    3⤵
    PID:672

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1566018653-4467498941690429303230498780-775530048-14414159151464762401202202530"
1⤵
PID:2112

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12093901021856408930610026044-7829598682135881585-499004562-721604701818834683"
1⤵
PID:988

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-17129215649058256071023357013-218610226-1499465336-50476286312806008102112460936"
1⤵
PID:2488

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14061253754363341661031807010-1850017883-83884369168607518412025554232075409524"
1⤵
PID:1772

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18600042411786532695-221530492972217642-70767049219005704561321669907728163853"
1⤵
PID:952

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-889132721542542033213962879-926971340-210155658-225589596577157117420551208"
1⤵
PID:2756

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "895432094-603685896-15506854321441606658-1702297436500851635901007701773901954"
1⤵
PID:2044

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7300525727037842841260983191-8514848803681019161599669940382616457823305169"
1⤵
PID:2748

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "925378556-1190532073-1642395340490999222-1384899590-959300389-1899728455-540562695"
1⤵
PID:2628

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1909302755-573706280-295202902093513200-19637211995872838191475284602-1711438534"
1⤵
PID:2580

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "170895413816357299495498956-197333244919812209061936847295236674044-1503139528"
1⤵
PID:1864

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-890087726-1773473841-937719559207968043855265983618019073881989057211-1375365476"
1⤵
PID:1808

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1877111879-1940080177-1354149281-1331583528-498123065-1982703208497648987222287200"
1⤵
PID:1580

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "7752799-2278519291643224515-2105728689320491308-615771228430607042-1731348874"
1⤵
PID:2292

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3742466691265292006-5912188972020721501-894568731-634421066715930512-1942242840"
1⤵
PID:2552

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "361652486-333940677-1174031363-1065363903576562653-579784280-11380839172024286108"
1⤵
PID:1304

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-128000397554538690-13537171281920693940109382696219572996321980011972-1838228741"
1⤵
PID:1964

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-208965576-908392150-1344713329-488491341-1676275857288689589-605966039-1596077982"
1⤵
PID:1276

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "962282446-1776894509-2010495990-19651565731143194575-17651085991375650035-557653049"
1⤵
PID:1032

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1941175076136810837-9450587631516388042-269975182-668525629-17566363-2106699783"
1⤵
PID:1104

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1952800153-2113242384-3476989901226417790903947557-1605460621357057012-219591334"
1⤵
PID:2084

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-749176726-4741680412575443981144098705723420929-959500325-11695983841062257146"
1⤵
PID:2060

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "143537262-49445672797818721-724840583-1004405111259524757453431960786671404"
1⤵
PID:2144

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "6596331626347583631040165161-8693504501106985803109733993012167468242055649950"
1⤵
PID:2364

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1224626901-1466465300-9208140111389752934969535931-1303038106-517544662-307123153"
1⤵
PID:2508

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "16918094111382659574-727487578975823991249284768-6035504101318282976-1492655940"
1⤵
PID:1708

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1122227126-18557134961421669478783404963-1941853462558557144-489378452-20456889"
1⤵
PID:1704

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1652128472-1958034414-72784292-1026278315-1372936170-794089271-9726129891502540520"
1⤵
PID:1836

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2127671918-8561894027874952342652039911593061747918462844842748600736848399"
1⤵
PID:2092

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "853909822550194148-14555022751455830800-4577068661872583087-1888252552-2133050904"
1⤵
PID:2352

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "523717734-103080449318940009711196630428-1829667323-1555738324-1015918343327435947"
1⤵
PID:3036

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1845571844411525287-1554667546-1188194135-765761198-16920425781389055668853285280"
1⤵
PID:1692

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1667700605-148549620445694765-1626809271-245109890-1578850436108219338-1737744907"
1⤵
PID:2520

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1534170328-206005029289381889-3885001197441409531316879835-1624941219821341377"
1⤵
PID:940

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "488654021-11485384921307974530-174276911999164466887214344-17610340591715853243"
1⤵
PID:3016

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12894183041526273956-1504175314162869975837754077187507052218915593241580394185"
1⤵
PID:2244

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "400009756-1764404758-252996001330307452-17969601751831500134-2899433281896208416"
1⤵
PID:2468

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-933821665-509566131-2132562757599146788-617853458-935663093-241509799-470211977"
1⤵
PID:2760

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "183802230-1314041050-1906588623-117607446020311753401909327077-15732039761946594164"
1⤵
PID:2676

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-517465216-994063047-2013284471-17851163983478289981088153227-305371073-1811276865"
1⤵
PID:1516

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1492177223-4665865499376450001181043655739809653-683566932518756804-81992577"
1⤵
PID:2288

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "274262516-603090878-1218986588-1796587023-89413840016991380281045019073-262202317"
1⤵
PID:2308

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "422164712-1636176038-955410572-420637755190334689-445502036-504953305448185368"
1⤵
PID:1492

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2128850637377574428-163552059-410577497203026855251704049-1425154097464762346"
1⤵
PID:2896

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1589775639-10280863471241126761179884728717468394741210422045273395911329006867"
1⤵
PID:2900

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "47996430921350071291354539620-779075658-1760788739-4996552471397935302551191627"
1⤵
PID:2876

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1329027014-289709211671277897-1555557031-1932809803-20432408269478060742078369489"
1⤵
PID:2808

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18205903061421399390-15179283661498113090-16242897522064182638-1802084365-1176016152"
1⤵
PID:2788

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1329449587-958725557-1551837190-656337613-513556185-306638079647820766-1324361489"
1⤵
PID:1636

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "115895360157351302521291373351466904363212127954-1647802596356049732-415830031"
1⤵
PID:1192

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "917969344-1960366261533697342-2072994424-16949693041673011172241059031-958777174"
1⤵
PID:2404

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-4374384094084267891476868940-12690735711227585288-1216762225-1773212163-345499784"
1⤵
PID:2852

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "16198864754104458792041872100190350161172914864-2124524599-5080177341186738873"
1⤵
PID:564

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "8984935-119497326013821641261710940330-151563731216649382471774928038-1740576300"
1⤵
PID:2544

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1700536144-53445651-1462762159-186888956315059161681398215534737922510567842440"
1⤵
PID:2652

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1877777471-359146579-383896789275688484200121411563253010-759294103843805124"
1⤵
PID:2208

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7583166091381492376-20051723047079112171790103261-114218767617696904531795097365"
1⤵
PID:700

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2729850181382936840-338342607-1408724313165075923-191629662000353937-1757077980"
1⤵
PID:2344

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "17224987581517962039-1108687016-540520925206114593-300941436-1722138611-1665082060"
1⤵
PID:1100

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:1740

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1114127947-9078382-976701089486420749-184675122520976283871351792957-1484425503"
1⤵
PID:2280

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "784265302-319090917-459567706-1056605858-200032302-203767138912800567641369462689"
1⤵
PID:1268

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "707982742-711245851-575094095-141407712218306831512377094774137845511434252241"
1⤵
PID:3024

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1930525389-901345525-652137632-15284853571940910517-927646874-14329917131318313758"
1⤵
PID:1244

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5932624578057937543496160452019425185880709638-149610120215777980771674616228"
1⤵
PID:2716

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-191090961112442028461671955190-1929467711-1312681295209216718395247398-347326433"
1⤵
PID:1504

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2736843241649861052-1449821776-1759997364-19867514325115199671574183333-2131422226"
1⤵
PID:1604

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9863286463587279813080777787196067761843542502-2119444519986778174-964421745"
1⤵
PID:1744

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "752187266-977268819-2144768399-8355345323242433791486799231143868636-1782132766"
1⤵
PID:1040

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1740758164-178737722-1075922095-615173648991610262-1368243810-202706306983946529"
1⤵
PID:2620

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-832081871318239786905225024-930345391-46913463-497069278-83377511688878667"
1⤵
PID:1344

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16953703118333369461665144285425706195368239881095277792-3906104192009302636"
1⤵
PID:2112

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "770156158-123245269414862302581984924699-911465531-1311277929-7077568251217986322"
1⤵
PID:2476

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9350223931583259614-19426898071085121961-1125589168-1917406999467028641844753499"
1⤵
PID:1912

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-95697354558084541-1642085988-2007284782-1720394242-993564242-2008611186-1290133880"
1⤵
PID:2920

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-979646246-859231526-96820137-1064507026-10367880081780090926-643937143883401000"
1⤵
PID:2384

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "75841602780847286-1833745924-1647136076-52830882810722600592014323896535718871"
1⤵
PID:2752

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1631514870742627447669863401505342338-82611162619822894-437525869-1048745345"
1⤵
PID:2872

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1808423881-1948556597-952891438347970772561397859-1948382717-1748165012111172471"
1⤵
PID:1300

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1316538750-1640045796211217945556067629892557498315552903870867262-785577001"
1⤵
PID:2240

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1847120669-1210301793-1735582018222777569146790076620989740711073008729-99934459"
1⤵
PID:2880

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2603456042067087234462660804-1197119236-206930197911632098332123662203-196720535"
1⤵
PID:2768

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1302112385-197989146-66754895-1414533603-1156041779980254128-2068542152346502974"
1⤵
PID:652

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "644791991-1779642237-16985088351854761853456649037-1535416441-1581178291-1435234783"
1⤵
PID:844

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13164537611895509619-14775784361828693055-128066290-1878933452-962161029-1904813039"
1⤵
PID:580

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1740497844-77664887-293905879-2120343263691660750-1215419083541894395-2117382533"
1⤵
PID:2548

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9646517161219210526-2924651401676363281-14111384781422796335-696781117-1100905497"
1⤵
PID:2496

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16607068501549043751196061545-9770190759400383181589239892109473455-1694664082"
1⤵
PID:672

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "926136590-7934168811034239186-15750268415876277271579268695-740536803-903387695"
1⤵
PID:1608

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1566531066-85048696415840215281988150532-1705638114-133583364658521813-512843778"
1⤵
PID:1140

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "127564102919260750751402231535-2047491165-1350273473-61480582219849439711521957713"
1⤵
PID:2256

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "533168513969324551359835571118129802-2012027232-1553270410-151178982-352743324"
1⤵
PID:900

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "121972082913575369731441211268-1134687506-13149773901651200171560516758474521229"
1⤵
PID:472

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1759337006-139631085214182858091844616310-1024060993-844745781-1499013877-1536579833"
1⤵
PID:2356

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-11658046311197237299-1495129575-1343986052-300456477-935849484-778013384-1815731349"
1⤵
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.exe

Filesize
250KB

MD5
654407ed03def792a75c98d01cedf3ec

SHA1
907a55735f7fb32ed57c54bb62537e40eadd2916

SHA256
8bb619ad60c2a63ac8adbaa3b006cefc42e311f92253d7b814127fdf7465e52d

SHA512
4d722bb2826426eab0592e3796b8d7880ea1844c13104abc0009154cfe5fb9d3dc9c9b0629d73a0c598581da6f5fd4820efee36bcac87d487c2affae6627916f

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.exe

Filesize
237KB

MD5
88581758cc6b640ad6b2be75e2242e95

SHA1
12a90e377567d3b9333c5e0ff5da9a11898c5fe8

SHA256
99a16b773e5b9a68cffde7ead1b8c1a3c327389da8e28c35e3b0d804384dd4fa

SHA512
f65416bf72068df16af5cddf87068cde1fc78b3040cc4849d1a306667d22ecd82133367818095c93a4398fb6ef59c77af0426580064bb78e4b03adc022f04f3f

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe

Filesize
235KB

MD5
f2d9d993cee60b3e06bcc37a44d59fda

SHA1
5ac0bee315d2719848ffa7b4516ea6c6d673f4c9

SHA256
67306e70bc18e219eefcc4942d39f9360b67f11d5bd5240d1b6a544afd2138b0

SHA512
6e8bd70810f79c45533dea97229401ccc955c468c4659bc8fc706e03468de17ba1591a56c39aec179e85ea665eb5bd6a155754c332c990460e6be94eca9f9e87

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe

Filesize
241KB

MD5
d57af3bb81c7f510c99c14a64ebd05ec

SHA1
b7320f702f938361019e1def3985b08e042c184f

SHA256
0cc97af4970cae58cece2399604c8aeb8c128b636dfc6e7098aa984d66c9f3dd

SHA512
2c3cc365dc4a490240d7577ad3956aeea02e9d30f55a38354feff2d0b1a32540f0639f01d12599480d1aa1b653b59cf61bec6a1e4668796bef97721dd5fec629

Download Submit
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

Filesize
837KB

MD5
cc4a511cefe070c76a341dfcbf294fe5

SHA1
3159942ae11e37dc226be9d51b25e221302bb0ad

SHA256
ee0f92b82ef4a60da0b82a79421e122da4dbfe662ce5eb6e9caf88fe6b18da11

SHA512
73bebb32bdbc6842749a93cc374a1f5aad0e599276ea2c787fad5aa457806efab8561445adaf426f7b380d02ad47571aafab6694659a4eab15c369b3af255164

Download Submit
C:\ProgramData\rswwYQsQ\JOsYwwAY.exe

Filesize
203KB

MD5
6ea206cdf29f34c65b9dee81f7515465

SHA1
ff44293b8ea542a07732548cfd9c9518ff430b23

SHA256
4a959cada251bc007f36efcf3099af89d16da860ed3c9600db57acb4f408b365

SHA512
54a18a194643939fe807cdc05ce5b7d52e595f6a5038f4b2e6feff96bdf6e6cd4d69ae151ee007e4781d9a46085e41cab55bd871aedfdecea56bc4814724e285

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-06-09_8706fa98bcafd7c8dd9371cfa5e276ce_virlock

Filesize
6KB

MD5
5f6870e505406f5a8e8fa594b6d5bafb

SHA1
4da1f6c6440c1c32f6c9b3deffb9b5cc6c7707eb

SHA256
f5003282e999e6d9704b53812e3713723b37838efdcf8102901c14baa174257a

SHA512
b4a70f5f6a9c944eb08376010574134357cb5b1591f4df52411e789d5ddd33ba1091c06b956811f6b4fb89186c1470f85db0963ef58c14b6700307ee8ee65bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\AggK.exe

Filesize
885KB

MD5
8d2ca12db79bdf9c36c81925d6806de5

SHA1
4cf857affe77afe216a7b951a234a52a4d719cf5

SHA256
c058fa58a2b17e66d062c01698d3eab05e0c7d6105b980ff850ecf1c970a6819

SHA512
325ab54d4e15a69899e92ab1d17c10820d8502943e5ea5622b0aa69c3d4022204b4298ee1cf92f578dcdb942140170b99d580aa71c35e3eb6a6873ef51523c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AgoO.exe

Filesize
648KB

MD5
ae1d44a62e0e6f00767ddb08b58b1da9

SHA1
e04c60f7b4f5c38672bc2aed5f226d35340a5cfb

SHA256
f3b9aadc68d8d1440e4688fed30c66d5a6772a0e4988f78240425999f07bddcd

SHA512
0b3954cb7ca38d30ca359b0dea86fa6e13dec1211d46f7fb6f41771fd80ee7344ca181134e46b95ff4bfbadb06e9683352ff1314a41a28b51c3527ea1b0bd92f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AoYG.exe

Filesize
192KB

MD5
ced90f8451fb0fd39d11c9c55c37177c

SHA1
554f600cd9f41581b565ac249fa03b365c9b280f

SHA256
8ff810e237c40d17c2ecfc1432e2cbcdeb1e3f15beb91759f509dfcdd9912f09

SHA512
e32c408a6198e3e3ee9f7ff07751e741e056494d70f9e95154b2d575dee9e5b1c1b458a90f263f26c7f58bf2a4236f9e15a23326c6e5863d6f2a1c6de646357d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AoYQEwoo.bat

Filesize
4B

MD5
e9d953885fd413de397ab946f3116eed

SHA1
8eb5518afa60f1001c14647c2cfdd86a208407eb

SHA256
5ff29788ee1a9254905e638b1145e622edece329b343b35ce29b3ae3a4c27df4

SHA512
28a7e4598abb51b23c908e0e30b693110b8345e28f862275a5759905580a9d71139b60878858396b81d0d4ecd03e83f4414deef83bd58c84c86f1fc36bf14857

Download Submit
C:\Users\Admin\AppData\Local\Temp\Aoco.exe

Filesize
236KB

MD5
a2154db82cd91cd528ca7706a48e6206

SHA1
90f1621852049d4044c9e60c19d0272067ec859b

SHA256
a24a7a3afe4593f6ffc61b678285ff3ac5247a28714368f4e0e044b763b2d0dc

SHA512
ad43ebd69471a6d1c587182dfedb56887a834d9b5ec677ff77e50e8fc6f3c1efaefac2c2d12d7db44331d37c40e72d71ad3b698e5a17cf425da49aadc83e8ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Aogi.exe

Filesize
749KB

MD5
b1bbd0c430939a26f70c79c16249cc42

SHA1
9befa642f3169b3d21ef7483c8c0c843c0f6e1f1

SHA256
70de7cb37ee6810d0665c07448d28a316ab27ff17f8c57ff4e1f9023245a656a

SHA512
28ec523569570616f0d4dda1b14d86408194c86ed6a948190dc7fdd755584b5bc845fae86cdfb810e9d2613094e97894a727199bfbe7ee10df3b0611ee159bb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\BaMkYMwQ.bat

Filesize
4B

MD5
4fb88ae35fc7566da2552bcb43c60b7a

SHA1
63a91589f52e93c69405b98922e79f98231eae50

SHA256
a575c4bc381e4ebddbda02089020e221486f92e081ce64a8bb65ec5ca8332732

SHA512
cb0c278d2a9831d429a8304fa1ae3756f80fc1d1599d7a1e4d602b69a544f9541ff252ed2aeec7772fb3cb308ee19c0b34746251fedbaf6fbb624933a30a925d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BuMAAEoY.bat

Filesize
4B

MD5
e0eff156ad46512595bbfb2b82c9e890

SHA1
6a0f4d606c7dd887668bb46dedcd5108e599d6d7

SHA256
81f68c061dc9d2c1a5a2cc60ffd8adc00aed2132dbd767427565f65166558898

SHA512
bdd92c90d84c29a9cd44022bf29b0c324f97f3fbf10c12430453ad11e24041b8f9e7c13d2dff66aa6e23ab6cce354bb45d4a6b521214f03d72c1107d1097551c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CGcoQgUo.bat

Filesize
4B

MD5
e91b1e20f8730edefc59366dce08d95a

SHA1
aa5c6165cb193f89fea9edcbcaa58a51d871bcb8

SHA256
cfe8d0c23b254f3e812b191e1e01f939267a24a3c76b6213b994efaadbc7db54

SHA512
3bda2347e87cac3545dbe47dc14488999db846d9530bd7a7d648f2baa875c6eedb9dc39b86fec0993a4a142d1bd5ed6d26394e800f0af5344a4d72447481d7c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CKwscgIM.bat

Filesize
4B

MD5
45023cd0929a0a046fec23e96b6af8ec

SHA1
64b7605ec56f5ad0490c47088325898b38a4cd83

SHA256
abd59b84a04d1294f2e66e4fd79675594cdcf5b1b18d959f0eec366a7dc668c0

SHA512
622ec63114ff775c347a292e77f149b21b6e439f21168c2cbd783d7e2e27bb637edfb134f48bfebdf42c90b6c02a0fd5576f037e2cf3f4af1b06c0f141af1668

Download Submit
C:\Users\Admin\AppData\Local\Temp\CMok.exe

Filesize
250KB

MD5
713be3adfc048dff3869cc73f70ebfc3

SHA1
45aa3dab73d267e477784ea2838aed18c859265b

SHA256
9e594fd0a4d2eef3a83c0dfc7e988231ffb0d226fadf6e4515ae13dfd09632ab

SHA512
e200a3c15168a839f89ddfe393fb5d7c37785a65019bc41a359d0ecdb29a2573192fc590dcb8131714ce0bd88e4331e083cc92de29df865b3e7c185a8edbbd66

Download Submit
C:\Users\Admin\AppData\Local\Temp\CQgo.exe

Filesize
238KB

MD5
ace96b620acdac8a2a17ba8e2398225e

SHA1
f479f5fb7d323d877b0c7e26551d38f9317e3e5b

SHA256
d69cb07faea22ff05065503a85ac29bd128f931e59ab91a05d29012fa5add0a9

SHA512
2dab013eaa0b0325936b088bb114c7eeff13bbedda92b49d2abbd4fd9921376c3de8ea37db5fb9b1a630cd4cd798126216fb38208637c92be0ff837a6be3e1c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CQkW.exe

Filesize
192KB

MD5
c453e894d541a5bc1d3a6d764d52be32

SHA1
bb608123dd8b25fe4996e360e284a8003ac2e27a

SHA256
c2641f8ae031652c8a802b58ecc028a8a80e1f00e9cb6254bac6fb0c2a8b9405

SHA512
6c7fb42356c3e5ad2cc962c21fce5ccc3f745752887d00271ac174ccad8d754f30904444b82fed7adba82238d4a315d67c4f3b4a687e1a358daf79ba521db8bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CSQUUYIU.bat

Filesize
4B

MD5
f78dacaab3fda557903401e9e6fd09be

SHA1
5c6aad685c1433fa85190290ed83c0e5a10bb7e8

SHA256
ae4ac474439e34c1574f3c695ffb88f3f86bbacc7184af7b02912fe2ec4b92d0

SHA512
1964363216e4c0342f509a4dfad7838ec0a9b5ca89c58fe11ceabbdf9d6eed97773c5efb1b4a030f72c9d0d3538ec627813045a75364c1efcbf3f2226f553283

Download Submit
C:\Users\Admin\AppData\Local\Temp\CkYY.exe

Filesize
228KB

MD5
f88215cc908cb548066d5671fab75dc9

SHA1
17644b32db97dcef2b3c6b92cf88f574db56bcd9

SHA256
4f60b064c8f29f910e1285e3fee4aeb118688fb156be03fca1bc0dd3e4a0a66a

SHA512
a052bd349ed0541fc494bb5b87d73de6d5af2d04cff6ddf252680d259febeda716516a788f64a5c44fe3d0ace688a7235664a056740d1f210241a4d3c42314e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CkkE.exe

Filesize
230KB

MD5
bddb5f9ea7aca274e4cdc758079109b3

SHA1
2fc496c11d73a114d717ec9fe7397ac5365abb21

SHA256
078e3a298a201fa8737921747393f00bc0739f882a799f6f6bedda8eaf0797bc

SHA512
9bce0ce837e4f71a27f914b00cad683fa82212104a293a36c7f346c5e0e15b3b06d287eb565044fa5e81dc6e8a4ecfba97ac41b77fd074e4f280eb5fc27ff690

Download Submit
C:\Users\Admin\AppData\Local\Temp\CkoI.exe

Filesize
243KB

MD5
9232397e972ae654f3a88e709dbde227

SHA1
0cc45a26c967aed22b354e30dbab9cd6a1691ef5

SHA256
b1d839fc55de235713bbb649740b7130babecc3d834b5105e9c9047440501c9f

SHA512
cdf2781d09fac38a0772090291942e2213ea6ba7baf99628816603a6da0cc33fd6036670386f7e83fd6dd0b0fd5cc183f150db68ba40a0451f910e3c70f0867b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CowQEgQE.bat

Filesize
4B

MD5
2ee49c8dc93727e3484b7c7a4c19bcda

SHA1
1b694fea0a9c93fad75f7c71b75613d85b4e14d4

SHA256
41214862e87868a7cb484170809f1b418c25a4731fcbf992e09da7f60f69b589

SHA512
c292fc9ed02abcc7581e5b9a6148b8a18b60dba8bf91c1718d0043cb1725ffa5cff4bf75c27d07fe4a4b7dc279f7046259ef0030ae2b66d496af08c761dc9087

Download Submit
C:\Users\Admin\AppData\Local\Temp\CsMC.exe

Filesize
469KB

MD5
2182595d2473dc059f97cab153706546

SHA1
273f2569cade48f1ece0eb08f2da5cddb0bd75cc

SHA256
5f61233b7a463a3fb25eda93d648e6ff3e31ccdca98c762935114c439db6748e

SHA512
3e1ef347e84de444919e1724dc57c7c7d2e88f3c041df17b7da0c98b6699889983d66d82aae670e1921dc2a56902fbf9bd146875b58e19ade4ce42e5150792b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CwkM.ico

Filesize
4KB

MD5
47a169535b738bd50344df196735e258

SHA1
23b4c8041b83f0374554191d543fdce6890f4723

SHA256
ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf

SHA512
ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\DIIUgQsw.bat

Filesize
4B

MD5
53253c42dd1ee8fb2b32f1c90ff30d9d

SHA1
d8d381d338349153081a86e717a5a7c435b88e93

SHA256
d552ba76ccbe297d3ffea0f0cca7cd6bbb7c0c3c36bccf058d34bc4f604c5ea2

SHA512
dc2c22fb0c0246e0778c7b24d8e002ae02538dad869a984200d471c49f65907dddd58b4e6076859511d416dccfbae59013ea6c268620a74533dc7f49b65896ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\EMMc.exe

Filesize
230KB

MD5
87d73574d34e4e543241e3d9a80b706b

SHA1
f76d442b5c999028c7e4a97526a2e124871d2d28

SHA256
adc96a7a4fac7ed0e80408629afefd9267e34a2f4b7313b7f9ed5b5225fff95d

SHA512
996f92a476a5393e0207ba39481d7a383eca6f4dc5484cfee4d6758b6884c67a5a33c443ea16d6aa34be26e8fd61909848cb9320e8fc4123441948880e922904

Download Submit
C:\Users\Admin\AppData\Local\Temp\EMwM.exe

Filesize
241KB

MD5
ea0aab190e39c38a5e0a5e8ae953f2b1

SHA1
fe9f788dbede8189a0396927509c172af28f1021

SHA256
4698495aec15fc9a5153deaf71b7b49736103058a6d3de1c31a75ab776b2d224

SHA512
092c7207add51bfb84b527a8a8a670a04960bc55604fb9b9eb53fb8c0edbdc8008f1016deaa2c0792224fe5776917b3056dc430b70c02e7d979095303a796159

Download Submit
C:\Users\Admin\AppData\Local\Temp\EOsUkYYo.bat

Filesize
4B

MD5
9059d6487a45d76b125bc2bcfbe9b9f4

SHA1
4103109fd3239ac8981e3df75c530f48ec798eaf

SHA256
4926a70ea29931f6ba7bbe39f72a376785bad82d3c8798f6a53d07c2df747d0c

SHA512
690b657672f4eb96afc330da135261ef1d912777e1c98f99354cad9215e3832fcb2b0dfa3f55a186e68db9bfb0f806eb9dbf69a583e989aec33a84cff412b3b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\EUYS.exe

Filesize
245KB

MD5
cb19be3566ea65cd11398ad400db25ed

SHA1
fe6d376500b2feaf030d2ab07b166ac9779ea61e

SHA256
a336a0579ee07185bf87ab67b6915896c1445702e08c19bd28fd016997fcdea4

SHA512
d1a1ab576fc84830f8eee13d7122efb4d2e9f9896402c4b56f43ced1a66033817f1a4300c2a6ef0306881d679c9884db2fb04dae3903e8fdcd56fb8d3177f0a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\EYoswEkw.bat

Filesize
4B

MD5
248899d941e6e7185f39aedf0d187ccb

SHA1
734aead8f6cc001d82dfc498dfe7bb0bd3e7180e

SHA256
647aa1b79b5dd9f3b2313839db315282500b2e98cef6d6c8785c5e8381765a18

SHA512
2690641d79ce11821a14f1a93af7f7f6d6734dd88560b9a8f5afe629cba8597d977b807349ae0830abff3200320d78a2d340e07d2aa450631e1c9e17f78ecc26

Download Submit
C:\Users\Admin\AppData\Local\Temp\EkUa.exe

Filesize
246KB

MD5
29706df750d9f3622a4de821521d04ed

SHA1
bb8847bc7f1d818d9fabce91e2239ce0f7a9af7a

SHA256
569e5276852c6e76346a8d395c6c7cc619c17231dde672fcb26a3e69dd13138c

SHA512
65c2d86b9f0aa16b897c6caf15851456be387dd1ce32d6b28106e1c134ae902846487ae00515f65c3a184e93aae2923a8b868a09cc7a3c19f18491785684f79c

Download Submit
C:\Users\Admin\AppData\Local\Temp\FOAkYsgk.bat

Filesize
4B

MD5
dfaca8d7cfee958c316ab640cb664728

SHA1
161652911cb9cc0967e603d8e2add9ba2c575c49

SHA256
31391e9038b656607095e93be26bdb70a41e0ec4e55ff7b52cb0438b59aaadcc

SHA512
41afc6d3471e1dd8de681bd3c76a100d0aee8103eeb8f0ae23db45b681d2d4ba6bde6f404e0f7b9ccb01e607a9340cdf4636c5eeed97e80c336bc9649052133f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GkUs.exe

Filesize
234KB

MD5
a653ad5ac1b40e5b8a9a5f8920490cc9

SHA1
828a34c8b079ddd93bd503f4d701db1f1d3f3881

SHA256
17e5e5a3a6583e882c538612899adc2ca057c094336338f99aa38cb57d9f94aa

SHA512
a4ac5125d3c746bd8bd516440162156c23811cfc5a58ef0ac9a5ebae468958040c30eb95667b4e0b057a29ede30bc88c36a0014939a5a34eae4097d8fdbc2a85

Download Submit
C:\Users\Admin\AppData\Local\Temp\GmcccEII.bat

Filesize
4B

MD5
10570f2662bd74f7c78600a3d073142a

SHA1
e085fca4b88d93bd6701b676bbea6cc24a495336

SHA256
ee8ed014f15080b78291c792f4d6c66958ddee18cea808d8f80d112da09fb98f

SHA512
1624f01367cc07ee4d2ee4ec9f853741a3b0a13ceacb279afc0e6b06b178af4450e25fb4c82c10844e1a1b77648c0aadbfc341d3f990195b35d749be8233d514

Download Submit
C:\Users\Admin\AppData\Local\Temp\GwEm.exe

Filesize
251KB

MD5
0f90ef99f3fc6aba371d3f356f3be2a7

SHA1
265fd5b122a671d52f52077176f7f9e4d1a5e548

SHA256
8636d8dceacc66bc6308a33b43514b4002503454c3d011ab5fcd1d5b16447ad5

SHA512
48c822d3abfdfac3acdb87e3429a418e355e9735440c62b473dc1d26a7eb6c019c24e4d25c889489975053abe5d2febff51256df9c6c8c350287de864f16e621

Download Submit
C:\Users\Admin\AppData\Local\Temp\GwksMggM.bat

Filesize
4B

MD5
31ef9b7fd5027e46f746e1f847c12fbb

SHA1
3483b6f8308131d60a39cb1a1bfa156d6a0b7deb

SHA256
8670764bb5a50766d4cd8f4bb25822c9a53abee4c36bba282667d003b903383e

SHA512
e91970034577603a3362f651b2c4421957b6928a95f276568fa98963136e2b2b0d5b41c64f05f2c95c322a7450a5ff4fc46bf548024350425d908ac42155af36

Download Submit
C:\Users\Admin\AppData\Local\Temp\HIkcogME.bat

Filesize
4B

MD5
fddc93865d776420cf3bd86d0ef1726d

SHA1
108fa684592af0bcf7524953bb8381088f6dc9f9

SHA256
e2773cd41aa1dc2e80f93b6f654c6cdbb7385be984cc832f500e3e864e76cace

SHA512
4cb452ead60885b8956db3f7f38726c992c2618dfbbf190e46aa9e5bc60b2e9a14a5df4e4df5ecfa9774314ddfb96b0b5389a23ff3439d12f859b7aa52a55932

Download Submit
C:\Users\Admin\AppData\Local\Temp\ICkAcwYA.bat

Filesize
4B

MD5
721cfc8bc434c7f1a24a75dc689edf9e

SHA1
49e62414f04568e59c0a24007020d1b5d1fe75c5

SHA256
23bf7d2938d1e7e8df8ec2463d23180773914c03f764cf43be5155c6a7c1a028

SHA512
ea3f695bb5f0b7171a2940774f3556522274ae89c6b0692db75d6b4fc3a5467f94b5284badfcf13a1fb4fcf937963da007bf323f0dbe45716fc5e9588738e16a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IOQooQQM.bat

Filesize
4B

MD5
d8e98ab9aa45df51c7c0ebd5c412a010

SHA1
372434327d257c5db7cc75c5abd2bce06f41987a

SHA256
b06ad428782bbff0c82023ac51fabb8fb067ff867ed3d1e6d55835174c25aedb

SHA512
98dd79e21432f06ab8ecffb66b8c992683b7ccfb63b0738134d360f6da29c40537ee90cbec9c9e82446b29a0a6cbf106ea720909108ca82b80a09c251739afce

Download Submit
C:\Users\Admin\AppData\Local\Temp\IQEm.exe

Filesize
1.0MB

MD5
409805a33c40cce99e1aaac422dd72f8

SHA1
ccf5fe65113b619f3b26c7bf8c96dd05c26462f7

SHA256
f5f050d72d6a3e630b96df0129ce094d72413767edb079540b2b479edc0cb574

SHA512
6929e00b64a1f10c4ba382dea5ff3bb4476f2e50600b524e1afc647e44cbb2e49cc752e5f26b630762813e766dad80eae5b341d8930a01d053d72cc8f8342046

Download Submit
C:\Users\Admin\AppData\Local\Temp\Icgu.exe

Filesize
233KB

MD5
3cb4cbd0abe31f87fd5442669c6f3292

SHA1
fab70f0b8c3550b34f7801960156c0a5ec26aa1f

SHA256
7bb9e7970881224bfd70810cfb93976ed1cfe792edb23e774d1f6865ae33277e

SHA512
e93342d044a8cf7b9e2ec8e5d18c69f7357dd42d5f9f4c968575222b69dfe687f7665da631211eb7dc696108eb7411d2dd34b01a0aa24566d75aecd5fb5e2062

Download Submit
C:\Users\Admin\AppData\Local\Temp\IcoU.exe

Filesize
553KB

MD5
c13763a694f28299e357b884e53f0956

SHA1
6ab0c23d11eba09dc6b8fe64714269821d569681

SHA256
3e3c88dfe38d1d09727ec295d75ed44fa2dd0c3f1244628aa6a7d80e1bf4ef59

SHA512
b5058f4356dd85653af8802154215fa927246c025946c4c94a2855a47560f2afa67696e4e8ab620e2587baf5f87100bee0c7d271c42b29b25870e2c625ff0e84

Download Submit
C:\Users\Admin\AppData\Local\Temp\IgYG.exe

Filesize
251KB

MD5
160a8e04cc8df5f880f1972193197570

SHA1
ab6e05874b21e13775a5ce292535fb4a6cfdf1ea

SHA256
9d936afd6129f5a784948f3e40d42bacc51368dc720bf58c0e609e031ad0953d

SHA512
2a8fb09b6b621bb4fa1237346a539d16b6e0522a3ca8b3d770040bd26508aaa325d5d501044afc154e1cfc58a2812cb44460b0ca835e5af6e16988cfc344cf74

Download Submit
C:\Users\Admin\AppData\Local\Temp\IkYA.exe

Filesize
242KB

MD5
3134bb4cb94452e58975423f5f901cc3

SHA1
d88b77aa312791b75eb9723bc50593c10c586709

SHA256
c6f360aec04580cd1b864aa76a2f420bd06915b09ef49cbbb87fa3ecd3631c9c

SHA512
0cdef64a7853f4fc444bf0a861f9f79d462776ea8c5819e36275a4eb2725e5ca059b9bcae5487fa9bd7e28e063cb063772e30a4f5dcdc26ab8f00c78f4a7dfbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\IsYm.exe

Filesize
241KB

MD5
92fb379ca6b0f4c4be30c74db1bafe4c

SHA1
77e359184143c7eb243159f6e6071395c925ed12

SHA256
f509fe8dc696326ecefb5025440f5cbc2f5900bdbbe71c8c7c9250a312615fa2

SHA512
44cf26cfaf8e48076b3e5c44ae871b8cfdec028bb0fe06cfb07c36fde526a3da88a06603f7055faac187ee373e2ae86c41bdb1cc197c8c143637b9437b52d375

Download Submit
C:\Users\Admin\AppData\Local\Temp\JCkwoAIQ.bat

Filesize
4B

MD5
f52ee55170118b12b1f52b3b4a3a941e

SHA1
8639569502a60702ea712279aa9ab50291b9d67b

SHA256
3c8c597e7cada3f1173475cf6b4533699dfe0858940d02edd5d68e3ec2a8657c

SHA512
86ec84dc5a06c866658ad22b7dc18663415cb6b059fb85047993436861f7c2b36f9ec9f58d1e4445e95532282d8db97918e06259657022b2044b7f8064e5c6f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\KEYw.exe

Filesize
682KB

MD5
509d5ece2cf8d44eafe0dcc10a5440b5

SHA1
b5c8ef9e93841d88bcc2e24f08a046b8af667431

SHA256
4bc8ddf0e39846f9ee75a1af775b41105dda786b82ae1117d4850005d0fa012c

SHA512
6f2afb22e990fb78f8ebdac87d9f532a23531b6e8b234e7ba1719d487c9baaacde0658154eb91d3a8c82c2e5d2aaf517d3b43ce49397a098b2794ceee658550c

Download Submit
C:\Users\Admin\AppData\Local\Temp\KMUu.exe

Filesize
626KB

MD5
4ee917e7969fabbfa4c2307ee5e91829

SHA1
801551aafc0d667fa8401994b13b4b7703e441b1

SHA256
fd47d72976c8f3cb16c921adaec09100e21e99a846b3c506c51f705e45ca7aef

SHA512
0ff77f52f335761621e5f84ae4a0ec5f86d076a93e9b8e0692504bb87b259db2aa27203f278d8a7dda8ba565a0fb7c1cfbe9a7d045dbb1a153548860a811a942

Download Submit
C:\Users\Admin\AppData\Local\Temp\KUgy.exe

Filesize
252KB

MD5
6e2cac017b19fa0a0ea25b8e2d9bde6f

SHA1
d93d9459929237872316c3ee935c5a09c59456b0

SHA256
65c5edd8454b48255f8eff1e371f367c8a922b26e436319c05493411d5de0293

SHA512
e3d2b2099b2a795ac160474543c55c17c8e14a5578ddf4d232a8e36ad4da376ab1dde77459e91b98716d875630f09e40a6c82d92d1cc26d7ed9b5989201139ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\KUwMcoAY.bat

Filesize
4B

MD5
920db1ee2e73918c93d449ffc8b927b5

SHA1
d2ddec939a1bf7cf4d02402f03debe369df3e1f0

SHA256
6ffe94c5d5140a7fe0bc83fcef9f6e2a7932da8e89d24901ec3a5121adbc1f18

SHA512
a25a2c836f58cf40db637a059602b8283db0685d81fbded73837b1188d78d669cd5df768103d52c0ebee430827df228fbce2fc8d347cc97a111de3b4b8af8b5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\KgQk.exe

Filesize
238KB

MD5
c8e5dcb0325ff6e5f6c21a7b27075622

SHA1
59cb7de9367c50f725e280f4de73d07f2afc7c55

SHA256
0c1fc081f0e73c7ae962d3209267cb1460168a00df45a08bb9811231da1fb8b7

SHA512
15698ab22e7b21ae11a9fdf6440ef9002771c6dec7b8cacd76f16fd66ff89525190d1244c7c7c0a752c29addee37ce8e264a4ce790be7566ff5567316429285c

Download Submit
C:\Users\Admin\AppData\Local\Temp\KwswQoYg.bat

Filesize
4B

MD5
84c257455160cbd770b6d65ad71c6bfc

SHA1
2e33cba7c5e590da21f047e1aa949d6f42dc9dd4

SHA256
3a634fa900d43cb959e36b6e0ddf053bcb94f4d774b9073d72b8b4234d3ddaf1

SHA512
e797471dad4ac1d1b562181f6059e8f0028ebda6f6c783f80b92c52a1ac7c347885c1141450c45e66507fd98d1cd54f7152027294e5eb7d020ff4a2ff6e343ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\LeYQwoUo.bat

Filesize
4B

MD5
cc9b08d361e8999761dd514e9c823660

SHA1
ddd4663dd380ec823c0b6720864d540de773f742

SHA256
c6cd4b3e377861d939d9609e1930bdc171300eafe36d93f62187067c1881dbf0

SHA512
e8258b26b09f074658007fd83f63019e22f7e04d3f8092274c468ca83db7fb84aa74391e0d779c48b562a1dd1b01101a7f1b1296b04bbf58451e9c6fd6f2fabb

Download Submit
C:\Users\Admin\AppData\Local\Temp\LwwkUQkk.bat

Filesize
4B

MD5
190f6e226d5e6078bfdeca5ef008f527

SHA1
68c0cb1b49b2ca4a2a2a83a84e6147bb4194eb50

SHA256
21ecf1e65cd0eca6f70ff21791d72a099dd31dff0743807db7ebf2957c91bb93

SHA512
cf0a557ca2086175860207a0dc25107a8a93fbd75323b032264c4b04f31ac2d3fba9536b9dad9943d61aabee83fdb125b7c047c2736e3f5804cf76ff791c5485

Download Submit
C:\Users\Admin\AppData\Local\Temp\MAYA.exe

Filesize
636KB

MD5
981ccfd03c6f04bebc21dca944c7b152

SHA1
ec9c68891c0fdb1152fb121b00e73de13c1d2993

SHA256
11e7ced939c661ee9099832dc593393b4df19eb51db349b1034284121ce7f2e9

SHA512
eb2114f8316ed6745ae09a109403fe937d73b75bd4db320c050078485522e7490037f93fd20b4d901b9220b5c09c2711ddb9da5f16b721093a3839c20530b23f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEUU.ico

Filesize
4KB

MD5
6edd371bd7a23ec01c6a00d53f8723d1

SHA1
7b649ce267a19686d2d07a6c3ee2ca852a549ee6

SHA256
0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7

SHA512
65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\MIEy.exe

Filesize
310KB

MD5
dc5f1f423e72b04e454eaf25675f4b6d

SHA1
2c70e78a968b91e06767a41cd1d0e9fcbdcb479a

SHA256
36ba3e7cc0a87543f0ccd76e21da7b18dc768e54d6ddf7c0fdab3dc28e536370

SHA512
0bccd6d8c8a821254dc683cb31ca00f5121fbddbfebc3f40bc00b3d7bac3089205ad7c72a1961e69950d28b085d95d0436b6f9ac7dbc032186cf960f55e1f324

Download Submit
C:\Users\Admin\AppData\Local\Temp\McYk.exe

Filesize
958KB

MD5
6b50ded69cf3c7e0b9bfd4ef31876a72

SHA1
dbebdfdb7a240e42d7f508ecaecfcffd4f7ae1cd

SHA256
6acd425bc1b14fe73515dfde0b2b6156871dfcc1ae2f654184eb442762fc7a4a

SHA512
59f74420af46ac5c0d479f018131d7d3f5e5237853c6437ee0246efc3dffdac0d1688af81612ea65e8ee1192f681cc0b4db469a7ccb67210d10b367a721918d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\NkcQUMEQ.bat

Filesize
4B

MD5
09cb34c4c6a5f4bcbecdd5b7c7a5d75b

SHA1
c62160332cfe1b143178de781bc8f9574e680049

SHA256
226df55c5ade03f12d9a4a8642b69d9931ea2c810942e7a63d2fa497b43249d6

SHA512
600a60d8530a806f762e64b8c5fcd5ea2873bf92c1549674165cd53945a92f55d858edd079369dd881c66d67fab82ea0b3275e1403a8b1e779a0276fe039004b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NmQUccYU.bat

Filesize
4B

MD5
f318a54dc0986f928480a0e10bd53ed0

SHA1
0628e2338d7199b58603035648122e28ff88c108

SHA256
b6d039d0f42c051f4b80b72aa542d81486e9f72da9bc7747c32d6ddb524da8a4

SHA512
43c93593ddefb3c4d0a1b50533f1486fe7fd92020d145296f28bdd2e2db08966c8b4bc87ec6ac8df181992b876e3158c675cf37f046e124c387acf84fa3bda08

Download Submit
C:\Users\Admin\AppData\Local\Temp\OEMQ.exe

Filesize
246KB

MD5
3d33c9e09a65aa1c26e7c253c83aac6d

SHA1
71e0ef38fafea748f24414355a603a3927a719e4

SHA256
bd1389180e7a6b4f7236a58b20d780aa297d15c6489f00b156f40d310c0cf892

SHA512
f258b60d41d836f0504d7f7962e2486d96158a5cafd499b108af3ae1f42166ce8f507e94284b5d9f63f84f1dd52c61cabfbd72dac637f6db840f2f2b709f4bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\OYMs.exe

Filesize
232KB

MD5
6d0f2aa5a5eb78c8938942412148ddb1

SHA1
f609501a523c740321d21aae6e067e1ce89b2af6

SHA256
22f07534b0b59a29e0d1fa200c6982794b394f860aa8cd3cb8479520ad6d8e35

SHA512
cfdc718f6975126143132af60c1e11f9b83e06fd106f59fc5e097e978ae58c2a8fb17fcab95d08cf12794729e83f0e7246f291440e1d29cced064d647996d353

Download Submit
C:\Users\Admin\AppData\Local\Temp\OcssgAUs.bat

Filesize
4B

MD5
91a0b8f653bb49d324f97d2b01600bd0

SHA1
1825d86de2b0a4b6aebfe27c1fb2e21624b91edd

SHA256
06cea79d11b72327ecec38ae527bdc44e13de8de120a43f6898dea8199a55260

SHA512
2b3db9cb3585567a9d9d1a389567fb4463f8d420b9f7a7c9e5603ac4ddf483668e5f5313346c3168a47e3039e555599e1bbfe379fe137ea9717be8b60fb0656b

Download Submit
C:\Users\Admin\AppData\Local\Temp\OeYoAIMU.bat

Filesize
4B

MD5
c963dc1b4000fe641ccd1cc0ba929c64

SHA1
1317e62df382ecb770defcab34c3194801903bec

SHA256
ed9767bb84a761b6f422afc2485fdfe3b1293e159279e06ed409614db5ea7771

SHA512
e19e25b018f5b8206dafe32574e1cc3f31b994e037059dcdbc10f70c5d490f97674a2d4b185149401cbfe4f8288a72d8628f4d64cd9085c7c9b7a4db528777bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\OocooAsw.bat

Filesize
4B

MD5
2c0565a6ed6e3734d3b504b40176f02d

SHA1
0a4a1cabf522620d440f961af02266cb423d48dc

SHA256
7cac51cd0b89800e434d0c15fb565c8428b4089329ef04ad1c55d29e9a3d8a4f

SHA512
05e19a1821fa12635dd9fca31547b7add4fad4f0b3cc6dbc55f6e85554a650ae431125221d0c73157d1c021f62bb4ee5a4aa2ff0bd35453406c9a86a814d9c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\OwsO.exe

Filesize
232KB

MD5
c1fc487d80fedeae7d272b43299fd6cb

SHA1
08834fabcfac2dccc2e6432b5a1da60ca6d8760d

SHA256
bb9f8b84b576f4a7b3064b57d2a29b432c7249b6212b5a569462206498640404

SHA512
f5b30b591927179609e7f88f8be166361b447857f375abdaf1e5e4aca36649e7996e12b2c827a1391adbb3e89f0f2004cfe3ac43e34014ead6e1144606367cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\OykUsQUQ.bat

Filesize
4B

MD5
4a855432d3874675c80c2c847b217f37

SHA1
ce40b19c1b2dd4db372baceb4ece5dc1fbd45ed8

SHA256
3c22457cbf7683820d8e3a0c0c90ed2a7d6c33ba750ec9e9bf03273d796910a0

SHA512
f7f60950f45e696cf3f84bc6bf6abef3c258bfa8b1a27546593c3358083ae0b110978d3a00fcf0a81f44aad2265eb86c4d49c33ee26e6bd54bba9c921dac40d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\PksIYsoE.bat

Filesize
4B

MD5
a4e5b919c12971c27445a6b2994c869b

SHA1
74cd1d03f0e8e9469617175fb8900ed834ae728a

SHA256
698d706d1d1f0c4818fb25addeafe18650efe1a250e24aef54d89ddff7237111

SHA512
e7241a06d16a2942a646d851f002cdf225d81c1822882bea0282e203d505f45f4ba9e4897f9d989cc4dbba5e22958054a7e7b1b5167557ba8d15002f9e9f5f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\QIQMAsQA.bat

Filesize
4B

MD5
2915e372eb130bf3132175c33a82521a

SHA1
21174f5ce6cb385959a318e10dd96174bde122f7

SHA256
6903f26eec03a4fdea0305053bffb7d719f9d4bd38d2e556118d69a7f77d989a

SHA512
a8ca679de20a71ebb8ebda7de44cb6a08d732f6998cfef79fbd10b175d333f8d9395147dc9d75aba4a5c3a820b20d92fe05fd086ce8db4032e95d41e2b2c397c

Download Submit
C:\Users\Admin\AppData\Local\Temp\QIUkEIUw.bat

Filesize
4B

MD5
f3c7d7fe0abe5cd0d31d0da009dba7d0

SHA1
11b2eb8b0d6d9dec0f9a6b09af75bad4a6264c96

SHA256
3ff62e9c1fc8d92d578e92fd6ef7c30b2ec8693fdfe2c3c3105e39f133168d37

SHA512
25012436aee3bfc514934f561c16db9be5ebb520981bd7a90503499ce274aa36fcd16a37c738d587ab394ad51e928450c9650cbfcb7969ce76efe21424517b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\QYkK.exe

Filesize
489KB

MD5
e8dad12ec508a783f4e9cee8c80b6257

SHA1
48a34546bdb5902be5192c8511eccd1d4f20e88d

SHA256
0a45a8441f4b30bffa25a4336f4da73edc47f2c8d27a579576ef8dd5eaed13c4

SHA512
6b760183e7ec05e2520346a7850bc0c2eb1938475a1115b8a6deec7a29fe7859874d82cfb98bda9ac5b990bcd3a401c5c402ff43309c7efeb2744c83ddb6d2e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\QoUg.exe

Filesize
704KB

MD5
54be05d50cbabb57e652a6dfca9c5a09

SHA1
a5f0861a440fd215e29b8219c0b13934b3ce8c57

SHA256
1412a68853e7bcc5fbddde4cd6d8969139927b305d9e5a187d4b2357b1cfc88e

SHA512
eb05381e238d6a33b07264d58c216ef1f2913dcdf489ccec7a4646e96883c3774ec825e0bd50c7c7b79c8df2560c7fd58476c9eaa739946c08082309debc0541

Download Submit
C:\Users\Admin\AppData\Local\Temp\QsEm.exe

Filesize
227KB

MD5
91f8b315a2e426494227b7b8d5f171ae

SHA1
295a8a7753dceb77ee3288b8a4bbf2b42a42f65a

SHA256
1a3be1dbf0063c13797708e87f4bc1e7d3b940205b820709ac83d1ef0c7cebd4

SHA512
373070b8bf09e47b89c6b384a769a990e67febcc5de66bebbc11e41e9547c3aa134e1f59010a1bcaf06bb84025dd53066cf1e8b395aff70836685712fba19485

Download Submit
C:\Users\Admin\AppData\Local\Temp\QuAwsgYc.bat

Filesize
4B

MD5
ffeb694cd30f8316e009fbcf925ab25a

SHA1
e183233ae83a52b3d1bcd9b4fb52a1c31e952b79

SHA256
7d090bfde95b19df6bd1eb9b6bedf6af471bb67b5489b99183373d942f752a0e

SHA512
53f1638941889d341f2d589b81e729d8c4cbd15f0b94dbe3130b3f1b8bea8635f0168c5ec09a83d57599675e86b11f838ad9c1170a1806880b2db4a2fc2396f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RIEgIQQo.bat

Filesize
4B

MD5
1dc8a61f6fbefd7762cd4b8a0a9c5b47

SHA1
a2ddb2326aa68f96a94a032173708c83e61d39c4

SHA256
ccdecf6c64150da702c462647bdcf315e0158eff0b159ec076bb3ffc7a4a763d

SHA512
4a8de94b76e75c05934d2e83e75956c73cef4b8ae8dd62ed0403fdabaa5dae272a0aa3a7ab751ce5a545e3d713062080cda6c6bb09fcdd09de7fe1a7a9711637

Download Submit
C:\Users\Admin\AppData\Local\Temp\RQUoQoMU.bat

Filesize
4B

MD5
5441ced72ba3d2b90baeb8f8c1a53ad5

SHA1
0cf08e7caed2059b5e0b42dbb43f9c612cef7b42

SHA256
f20f0705fe7b1115a8d9f76dd6603c5f5836d0702cf95b8a528cb956d1e93b0e

SHA512
0ea0cd5028a2f10cbd36c73c258e81d34316e5dda79ce380516607d6bc70a89a9654683b75af852ff4f94023be7259aacb10b1380053a228337db7f8eff21db1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RSwcMAwI.bat

Filesize
4B

MD5
be5a02aca1e9ce91b6f990d6622c992a

SHA1
9982a28e3f02b8d2c94f1a2ed7d2e61a142fbf89

SHA256
af7fd08b0149994bb1e5ff4e75060f7562eefdc6c1e877f0ae9e84258aa2ac5b

SHA512
d5a4dd3342297e7c80755e799ecdef3a6ab3f4a919021a4ba4b77e3b8794394fde79c3adbae6fd48ef3ae18074272d684d05e5fc5f4197e555c5fd9c67083c0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RcQEIggg.bat

Filesize
4B

MD5
ac8eb487b69c2d26d23bce898ed82e0c

SHA1
57d56e273b4d39b37272f3d9b78f264f4d35b908

SHA256
21ec5dc59ee156f5564e9fd18aa04cf6ed3ce3ccaca5cb775f94d1017695b32e

SHA512
dab9b84009bc783da3a471a916eba413a9b99ee1e980686cd1e3ffa7b559a237d4b704a8bcf540ddd1c38585999ff529306daf556ede2ec785bf5443506702c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\SMUs.exe

Filesize
236KB

MD5
012468d6283cc4dcc0a2d4f6cbdcc242

SHA1
2b7d8f43b285f704d35418334f42b8fafd7f012e

SHA256
78cc25a443b3911aa3465750908d2fee5b3dbb4823748a4e7c313f616b2493f8

SHA512
f0b4c9b7ec1bd5012e65a095fef6ef266d39059359f472fb7325ee6c1285e217c73054cd5ba54b7e4c121a040580c94533f59dd744143c5f3071b83d669b7382

Download Submit
C:\Users\Admin\AppData\Local\Temp\SQAy.exe

Filesize
710KB

MD5
3ec9e281b42c8b05a10af60686a47515

SHA1
b9936db7768202cc75816069c501f3e102f6cba9

SHA256
08c50c919ac3f3a2c5543271965ee48cd18af4130435c053149bdc8be19ce408

SHA512
35f50c738cdb9901a2189b062d268679b7e743dfc02f58acad7b363808812cb2279b2185a6a633468e49adff09d33e22d630e9c96e1051caadd87dff34de69e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\SoEQkkgY.bat

Filesize
4B

MD5
148b35b651575afdf06f4d1996343946

SHA1
ff8e9717840787a7c665ca375b1907eafe4bfec4

SHA256
bd22c8491ac333395d54f56c94f654bd3a54df8f00c5cff7e4956c5103d7737a

SHA512
dbb8002e501787560c0f67cae1701874d3ad682dd400f9e801dbaa43aabbca4462100a0cd70cf431a57b53783118a4ef7c40d140f19a9ef73bf6d8eb458a8590

Download Submit
C:\Users\Admin\AppData\Local\Temp\TcggwEgM.bat

Filesize
4B

MD5
1862f7c9b4803f9cafd951bb76557b42

SHA1
a71fc1c31b7a45dff2fd1816fe94dc0ca5a5a288

SHA256
53671a42993af08b35d5489f9151691beacbbd2947fd2f61690b1ac27ea6ba1f

SHA512
3597b62805bfcc04d16157f731f6860f003ff35476da490881ffd8c6fe4832169e8979a989fff6f1c404e01658c95cf6ff0f174f617ea4d41e039d62c6afe6f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\TegUIMAI.bat

Filesize
4B

MD5
2e4d18ea4c7b2846a6b8de9cff83f757

SHA1
6449f6f0537bac25f59ce5e8783688a7bcbd15ff

SHA256
739c2289e60815f0eb90c72084eed5eee52e4557d670ed20057a8129ecd677e8

SHA512
8a9bbad31ac3418c074d0f530e352c5059c046b92c9c7bc5dcfb1c23308b92e729adc4a1c5d1ab8e66901adc2612c6e8d081272b960b6ca1aeed775b6f7bad97

Download Submit
C:\Users\Admin\AppData\Local\Temp\UIIE.exe

Filesize
448KB

MD5
0830f9506f23e6c41bdb70bf199e959c

SHA1
800fdb787c83af0870640a0989fa5ae3934792cc

SHA256
4fa88ccf3f655b409493bd4dbd722cfef542efd11b7fb09e3cad9207349b68cd

SHA512
773bb56d8b962c663c5d8c725f351282bcbb0e3431b8bb0547ed4c711ff330ef151dbe782281c2b8b2ce9934956bdc5c1d1cf62da249e2ba0d8899ffc0f96d40

Download Submit
C:\Users\Admin\AppData\Local\Temp\UMcu.exe

Filesize
192KB

MD5
0d13b9ee1c36bec3b4b3009785ada9ef

SHA1
538931d54f1dbda1536c5e4abbd65fd589fcf447

SHA256
a1020bc7b61b24b2487001e8f540c518e599c0ef3d268e851330800d78027977

SHA512
923edf7e00b9b91755843c8d728e258d90cd0cdb26244a97e0253db4dd04706b279ba4aaa7fc417c6a7112ccc72318e5a20877477d3764bd15000f6e79785499

Download Submit
C:\Users\Admin\AppData\Local\Temp\UQoy.exe

Filesize
245KB

MD5
344a287c85a78a86d6f3caab45156447

SHA1
1b3f377702d90b3e9b9975b5283155f392f26b04

SHA256
04632c5ac49288548a4ed802c4adc4d15645d824fd4d1cbed65e66eee043b880

SHA512
5e267cec0c0910752bbf97344f244a8ba51759354723879690a1491c991f985765a21d356e923e13905b22e21fc6cddf99eb0018f17fb3e19f84c559c714e6e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\UeEIAUkE.bat

Filesize
4B

MD5
678c87cf4b9363f9a1b9639138b91d6b

SHA1
5ee4a08bea1ff0de1d1b70707cd23da95bfe21df

SHA256
cabc7bea6820c9a7eca87975b8172f9e01d8c38983be77facfba20531f51c2e4

SHA512
16dcd28b5fa4b21bd5a111422ea0564750a60a357bca75d43253a28b930475be5cbac88287910eedd069b6996dec513001a4cbe0c99967817a6c3f1e562606bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\UiUwIwYc.bat

Filesize
4B

MD5
0a96e32f07019f737c2b84a40e06bea3

SHA1
f4d5d1fcf99064bf73f23456e6cd4e03ae9183a6

SHA256
b4290a494c310e4a1eac19bceef9425d19f9ec82a02549cede843fc708ccadf2

SHA512
7507e5eab362fe42d5ebacf939607c0da8233cbaf102087201055847e8463ab9d4e9ad8619dcb369424c072056dc38930ee9d0c18a18576dde4a0893dad90094

Download Submit
C:\Users\Admin\AppData\Local\Temp\UoYMkIAw.bat

Filesize
4B

MD5
d39e83184a33a7c764d83b73e68ff0f1

SHA1
acf5151172176f5f09dc8890ec9b0bbc66c3178c

SHA256
1174bc51319c0b9f54305ebb73db6c499cb9a2c7ae1c70d27eb36cd74560a58a

SHA512
c49c64a07d73b2cd416fcdc20a28456663edebbe22b80d31013b7ca1c39eeb459cada0df217070e8f562121b04735148e928a50d9ebde67a6be076b2ff1221b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\UwAo.exe

Filesize
243KB

MD5
8e9d908357b51b4838c01878a49a0e7c

SHA1
3ba18247e493263fa1de2c0b2284a7dac9a4da31

SHA256
9866407bf595eeb9eb327be259edf04fba8bab6ff8db440d434f49f78e6e474e

SHA512
bad50d297032d74b0374a48c70f2456c9f3e6a5190eae837c58f3652ecd3edffb82a98203c18bce0d89e0ee3b97af5743b8b660f1e1050284109321cc7c8d475

Download Submit
C:\Users\Admin\AppData\Local\Temp\VcAIIoIs.bat

Filesize
4B

MD5
b309d159ffe54dad3d286446053321c1

SHA1
1aa90fcaa08af414a6d5473ebc82f2eef8b366a3

SHA256
3ef569deafe07799cc90ea9b9ad0ff542fd4ce832c93909f02dd48a1e3bd3fca

SHA512
860299bacacdc395d0302584738124abe29730bf9e0a7696cfaf44316c8daf08b36ab4ef40c2f35fd7c3cccdce0c2f6fe06ee8f40aeac20a9b774daf2f1b00c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\VegcYEoo.bat

Filesize
4B

MD5
ad7a3f5323c2173467aef55b1ecef91d

SHA1
3aba94c2b46068106261a272df3a1ffb44f4c0aa

SHA256
4166bbbb53f621007e6850b0a9dfafd890049224c50a8dc022a27de88ce0a705

SHA512
7fbe7a591e579680f388631c126b7d5b9123f427056b66401915cac84787ff3798cc28adb11b96db4a94ad784cefa0d5fa6cd20bc93d840fc3ae1380e0cbfd71

Download Submit
C:\Users\Admin\AppData\Local\Temp\VuEIowwo.bat

Filesize
4B

MD5
2f1cd86cc5e924199662adca74b7ce88

SHA1
7dae1173e0288c0edaaee0f0c0a90540db5978f3

SHA256
e129cc5cb7ebdf7c68acaf06cabd7bdcbedaaf48ac72470662c68dbcd00a5484

SHA512
6ccd33a504636c2735ed88f71d908420e674942deac81da505749565020b045d5f2d04c8f8675c7c4188c3702ec8a2da1074546242480a24cb5d1019b3c3498c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WIoocUYs.bat

Filesize
4B

MD5
87bcbfabd55056820c3ff79331921480

SHA1
109ed2fc3b0ba0f600948dbc54715e30ea3edc3e

SHA256
0a7eca8ddbdc4092f057f82aba78147634cf4d43898efb90e69b01e40c40ec65

SHA512
801d1688d2dfe993326597ba0de86034830b6d1612364795097d803db440a82e2d05c4bbdbbd6ac7580663863835db865a370f5d8969ce9e355203d4a3fb2335

Download Submit
C:\Users\Admin\AppData\Local\Temp\WMww.exe

Filesize
1017KB

MD5
5f65ac49a79beb95a10af81e67f21cfa

SHA1
7a5363181d541ee1e97879cab3cadf345e060647

SHA256
c64bba6ff23668be4b057b0e42dae86fb984cbf8f265d0c155d63492ffe46b77

SHA512
169485b37c6ff78f2a776c28d1905025b4b4d874ca3d290ca5eb10d839543665555951d927ebd136e4c09063d34efe22edf6d6d7945f32809983fcf568f85613

Download Submit
C:\Users\Admin\AppData\Local\Temp\WQYu.exe

Filesize
241KB

MD5
2d629483e09dff4096e36b088a98a7a8

SHA1
6cec31d0ccadf03714892a98a5f51a8301cd4af4

SHA256
df10058ebbaf38fbbca18550fa74a0694e8c05264152af66039c2816be61485e

SHA512
3067563e60bb04b1143a8e20f97d0238656831484c0fdc7f2d490946c31788c530f828b4ff1343f6635f19d122143b2a3a27ed88ebac8bd7b0a89f28b20d70c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\WUcA.exe

Filesize
235KB

MD5
e0809fa4a84caf3887377009f67dc02d

SHA1
b3acc562ef2b4614086563ad8bda326b9dd23555

SHA256
7bc0e18ecb8dfe1e22301589010aba1c866bdf8a3b052500848995dbdaa424e0

SHA512
39eadf399e81fdba0e9109ff28831a0eeb308c6079a76053be51db56e208e5fb074cbb99d2b46aeda29eb434c86367d630b22012ff5560078ba688111bd6ba71

Download Submit
C:\Users\Admin\AppData\Local\Temp\WcYa.exe

Filesize
241KB

MD5
47bec4ceba6b7f1ad65ea4b4b07ab787

SHA1
e2a3c80fc418113095670aea5b559b6201861bc6

SHA256
a537bbe23ba152a1d7d65882e934cc0294733a0ae4b4b45167d7f25d94506a34

SHA512
58296b8d4e1767553ccff060764f9be3447555db4267c0349ed901546d9f6a5f1ff3b4977e78cd1ec544f538f03d9a15af633f6123091c8bf0c13a68a89b0201

Download Submit
C:\Users\Admin\AppData\Local\Temp\WwQU.exe

Filesize
232KB

MD5
c6c667174c6fe7f325025d80daf6c96c

SHA1
957ee9a86655188d2ae0bbfd33307baaefb7a818

SHA256
a35b19f4f8457d18dace6cdb1b99c9e7d9932cf0fda6f64642d125c74bca2bfc

SHA512
9bad865cfd88418fffa689d54b2f36f51c981bcf4de3049f0aab7513f213bdb378e774b241feece8937a3925b10cf101b7a598f7eefe2d2ba4b4c180661973aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\XmgYQQgw.bat

Filesize
4B

MD5
c571e7f2a69a152069b285ebcdb2b1c6

SHA1
167d1f3240c3614697978cea26847329d55004d2

SHA256
bde41a098d041c24eb64bbce74d8f021102d34478c0e1449d4e8ae0d2b8234ea

SHA512
a0ad60e48f35cab4b00ea7d1154b0b8d89e8d90ce6e87fd04bfdc2a4653b8691f69d617b54db4765ddc897a6209cee1eedb3284ca8cad72579c54a787373a04b

Download Submit
C:\Users\Admin\AppData\Local\Temp\YMYa.exe

Filesize
328KB

MD5
2c261c387c87ab75349db022e4bc7ce6

SHA1
4452cc25b7a4d0c3d967988541a25bf34e6184bf

SHA256
b34f865665a7a314500a3cd48a584565c7f2056ff3e1916eae18ecfa6e8e3c2e

SHA512
792a04e22f137034d40bada9a42251f4599e18769a5b256c88bc814c6a9205f4f2aefee1808d92e8bf15223813f9ec0fcf14409ff805550f2f59424898741020

Download Submit
C:\Users\Admin\AppData\Local\Temp\YMgscwww.bat

Filesize
4B

MD5
303c16fb88940ec99c984e656247eba0

SHA1
d0f3ce9fd0d0fb0ba08f73ec04c5145bcc0f9481

SHA256
a7148f022df8f833bc7f852859fbe2d2d3ec4b021704926cfe7833a034be6359

SHA512
def2af6f7ec0dce0e1401d1f1acda587ae9c99861f407f69f82625ee0d57a1dde53ce805f1f953ea97283233ddc95ffe8bafc8efde910cb9d42c552006935d17

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZCsUoAQA.bat

Filesize
4B

MD5
6f47a9ed7b94149f88af7d625de6241c

SHA1
28e5ca38e5010f932e5d7bb4f3369be6805edf4b

SHA256
479479c4a15d45b657358e00c68d477d126df5cff98e88fad1e256d85be1355e

SHA512
a628b59505afdbb1adba1ca545837118fa30a99f51599c4ba4e1f018a63e8d2a2f979b044b0207001dcedfe78198125ed2b7aa2d9df49f6497dc72a290d46aa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\aAco.exe

Filesize
319KB

MD5
8338e4c113b92542f57e677353ba66e4

SHA1
4e8d75d3d1b5e7b932c1cd675281b8f6a84c375f

SHA256
cdd0eeb2f3667f50e4c2adbad50590e73e45f6fbf9fda70a31a9aedb0956a89d

SHA512
05e526c0e932ff9b30e739e6f5913e0a50e4857d52f89278c5bd558ec0763ac8d620d821251ca2a9fa7232533dd1063290cb02f6d91b704c37470027b9ab462b

Download Submit
C:\Users\Admin\AppData\Local\Temp\aAwQYQQs.bat

Filesize
4B

MD5
1c3a2efa3480661bb48251d7713d6285

SHA1
c64bd1345d1b7ec850dd71e03b43813743b8fe23

SHA256
1d338be1359d847203d52b6542e29054d6dab749d89f8086565d15e57da6b557

SHA512
c5990c11b95bcd81a9a61a9cf6115e88031fc51a9153281c8661caebd2abc3cf313a10b9f6662faa43663b26e7c840bcb91cf3569b358f91c0d989cb00254b18

Download Submit
C:\Users\Admin\AppData\Local\Temp\aMoUgIgo.bat

Filesize
112B

MD5
bae1095f340720d965898063fede1273

SHA1
455d8a81818a7e82b1490c949b32fa7ff98d5210

SHA256
ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a

SHA512
4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

Download Submit
C:\Users\Admin\AppData\Local\Temp\aYoO.exe

Filesize
231KB

MD5
f8efe6687f72b10d7981667abd8bb288

SHA1
307b6b51eac47d0326dc4c487bbf2ab848c897d2

SHA256
3a1c9f5e78a5c06b3c1b49f6a604a4af68149e69ccb37bb4cb1eb23eab4d2b75

SHA512
a6cdcf654e69524c03a15d3c09473b76f73257597a1308b7e81461b34e932415aea14790c93f20cf6c0560e8e0b0061cfd822401e4efb5b1d7389c13aeed66df

Download Submit
C:\Users\Admin\AppData\Local\Temp\acMYooEs.bat

Filesize
4B

MD5
2cfde06be2e67bcc9dd4708494449485

SHA1
d02498ed66ab83d75994966275a7daa3532c5c13

SHA256
a2816d8ded7ca58b263a3e127325cf478778c78c4046f1b4866a0b1247ff6e08

SHA512
3c30e354338712ec3a8a5fd0b39e4a675d7de1842450d21021b128f8a8faebb505331a2ced9a2f5995915009c925f176a1ad3aec7b18aea277571e0d57844010

Download Submit
C:\Users\Admin\AppData\Local\Temp\aksa.exe

Filesize
237KB

MD5
5ec03651f9a1eb90d32f37d3e6660bc7

SHA1
519fd66b8fd3e31b6f362c53b51fdc65a5b99519

SHA256
980f76acde5f93cf4bedfd465e6b7a6d64b4a3d433fc71b0a9fbe563dcb0d516

SHA512
f71833842161e2fc68cb7d3390e18293adf5e6424db1f1a10a2e5bb6f10d180253a634d5493543215da980a840cd3989027bb532fb22feeacf4db98b0d9f1297

Download Submit
C:\Users\Admin\AppData\Local\Temp\akwa.exe

Filesize
248KB

MD5
f72bae09a2b79828af3934e744d725a0

SHA1
a76a44d8ae3dc1ed5614ff04442b3abe5de0f733

SHA256
19ec4e36f9353582035d83ed50adf46b11a1d7fab02be783ed32afbc690e3398

SHA512
312eea9cda44752fe73f7b3b46c7dc14506282276d1a24cfecf65e5d26ef1c94a936936254c672b6500995972fc18ba9e8659fb0806f00251beea64e54c875b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\asEa.ico

Filesize
4KB

MD5
f461866875e8a7fc5c0e5bcdb48c67f6

SHA1
c6831938e249f1edaa968321f00141e6d791ca56

SHA256
0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7

SHA512
d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\asMQ.exe

Filesize
209KB

MD5
4dbc0841de2b5ce63a80af1e4dc3bda9

SHA1
f86ef91ca1f8701b6f3dac1143a27b40d46bf9f9

SHA256
9af7f330a1c6c4a896f9f31a59032a68ef5a4e8922b42e94ff695a7e5a8ac4d7

SHA512
13a8af23373db88a4eaab89d84de17dd6839bea5a025235a834daffc3932318b1c70e3303313313315b985502ec2a1c7acdb25534fbfa0a9e5fae4711568f3c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\awko.exe

Filesize
655KB

MD5
90313fe9931ddbb401d2eb7353d27dbe

SHA1
8a7d98f81f19dbab12d147607493419b5bf20d3e

SHA256
15d1522d9e95fc9dea041235753eab26c2fcca1c20ed4d5cebc10ddc85b35638

SHA512
ae0b8f97f42c5452a63f0580b1071aa0f04f8ad6388dce5fe967242ee1fb00083aa6fdb9322624f64ee91c1b0aa7ae9bc6d912850f490d4d16ba637d536fec11

Download Submit
C:\Users\Admin\AppData\Local\Temp\bGkYYEIQ.bat

Filesize
4B

MD5
35ca314a018827add0dd2ef629364e5c

SHA1
e7aa227a7cc46aa8f7fe1a7266fdaaa855f984ac

SHA256
295d5b228f131b4153a43a1e8333adf7027383773dbe03907b7a969adabec662

SHA512
dbd65538496a9798fa2a23e1ba9f0c6295dc7baf2c282872145f05626403c2e8391c77101e27a42692e4b2e461e990b4fedc740271ac158e4bfe1eee0824a7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bIwsUcIU.bat

Filesize
4B

MD5
d96f01c872e75ba53a4e8de703825f50

SHA1
3220b666258d7521a29149128523c030ad8a13c5

SHA256
bef6e9a571eda8d42487f3de744d481e68c256e041405787a959459ea65c0bbf

SHA512
1f103a536bfd3c7928987db965f28aa74d5cd4c47da83249cbde2290e56377ebbf41988da732a5aaea7231561aa5fa7993a75fa51a2deecedcdf2dea7b10e9d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bowkQMMw.bat

Filesize
4B

MD5
e7beb24c51e7e1f51e8deafa90f70c7b

SHA1
0629bfe4b7656fae84a0fddf8e5dcf349a8cdca5

SHA256
0405b286143e888dd8ef1b7feccb56b56e4ac11f4c80baecafb3115f758e9eca

SHA512
033af2e8ddee1c1d6506061f6d6c11201777d588809ecf4ba7a749ed8b78852412db125e322b49f0b944a2b5e0820da85ca4409c532aa596b8680059fd5c2248

Download Submit
C:\Users\Admin\AppData\Local\Temp\bqQUIEAM.bat

Filesize
4B

MD5
0428a09904e49eb04b17b564b9381e7d

SHA1
20fda609ef66559c9f5cf798acff263cd03e571f

SHA256
1493064f7e1a47bfe350b6ef85d0aebb484453e545fd593ae9d88b683298db6b

SHA512
591e612eccde332afab38959f68a114b58c4b1c8cbca60b65a19cb73688bf9b95529247442cc9fb52c632fbcb3d7a81f661bdb0a8d48998bd2cc43b20b84af47

Download Submit
C:\Users\Admin\AppData\Local\Temp\byQQMQQM.bat

Filesize
4B

MD5
0f5adf96f3b48b829275897cbd6dfabc

SHA1
b4302d9b700054510a5e8be426c33462e0700225

SHA256
f5e0e0d6654f2fbf6b03b4554a90f42065bfa47d0ce1ccfcffce98bd26237041

SHA512
3850f88cce0fe135744ca75cea6918c33ee4ccc61873001207395c2cedffaab38c6e62ddc78818b942c72b71c218992ad03bcc8d4cfddc1fe99a64554829f120

Download Submit
C:\Users\Admin\AppData\Local\Temp\cUom.exe

Filesize
448KB

MD5
b2fcfacd20a84fb97eddbcf8628af5c5

SHA1
d00ab6d7db8e5042388987a26841423fce20fab4

SHA256
1b5a7ccbf768bb239abe2677a07150f7aa73198c1b55b1bfa453aa4fdd825413

SHA512
84d25770bf23b37593b5fc7f2542b153fbbd77acf546c390bceaa6776fc216c9b80cba7c804024e4984a01bfc647019ef1e38c647b58738ec36ec85bb8bd210e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckQW.exe

Filesize
222KB

MD5
4a8e6212f61c5ae27e9d7068ba9dca83

SHA1
ccee5fd2b451dd2e41c1150966f7168c54f76da9

SHA256
1e44bbf06c04e66cf3ad363a4f5cbf912da94960f0acc93e2a493ed315d9e4a6

SHA512
c4feee9806335059696f281be8e53f3330547081251226dd4bea3031042d0a773d093bd7cca5a982b5f5f6e403ee43c52b950e17076d56ebc66cb923d6f4146d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cooU.exe

Filesize
242KB

MD5
0cde638877f1503ac40b21b093a40077

SHA1
21df036b6d17af0f51424a46e735c73a00d8560e

SHA256
eaf39d4c4be4942130e65b01b604422836078591783bb05922b75d1271e87fb7

SHA512
2b788fae774b393bf5b77de37aa4064f79cd8fdb44353cae92d7bb873971b11936e5009aa212c38326222b5029f9a2a46a2465da0b9b7a91b967c61c73f9047c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cqMkIoMM.bat

Filesize
4B

MD5
d58707c17734afbf0636fba090a0afb3

SHA1
4406f59ba3d4d1265e3fe588152c1742644fcdea

SHA256
49fee09610c3b503bb9202efd4c9bd0f95bac7dc4117285f6bbc73370b17da1c

SHA512
ae57f09ad713a7e6e8c223ba1b26db90764d58b08541dccff5fb25b3cb0dad6d627ab535d5b228eb3c3499dc75d6de68ef12ddc30b84d05df3023d3eddcbbe8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\diIUwYIQ.bat

Filesize
4B

MD5
845c6117df101c29916af95cffc45551

SHA1
e6a3f87acd619237ee1e20c07bbf39f0899362d3

SHA256
ed1f28ce0801d652210a3df546f7a8e2a54e0ec1ffcf950d2c09c17fb6c7dc75

SHA512
58cf7c617956dec6ca140c775afb952cdbe164822cc0ad63887a79c7c1a18a5f6069ce5d2087029d2a09d4d3be2a0455c2294622967fca566aef6ac6f3aa5deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\duwIQUoo.bat

Filesize
4B

MD5
f2d098b2f8faad927d0cc7dd98f4cff6

SHA1
08de1e0e108b617c740fbcddbe2d96930b8a7efc

SHA256
de505545f4773be9191a4e17bf511092e30b5825ee69ae7b7740e8fcd9be45d0

SHA512
fb9626139c1efcce3548152467de6de8379851268456345fe7ec9662853ca31269eac95a40124f4a7e164510beec612dfbd3d46e25d64583628a3321cc442755

Download Submit
C:\Users\Admin\AppData\Local\Temp\eIIS.exe

Filesize
236KB

MD5
10fd2e0681c34fe4e6b05eef20adc3e0

SHA1
7e63061dcb7a17a6104ce169ddde9dd22d7c9307

SHA256
9e99f72cea48f6250331e7ac61e72f0c816207410bbfe59a0984a0e83ba3aaf7

SHA512
01aae72972f6dc3ddd0730982ebd60ec18dc87889a5825703be0417f2a0f2a546c00aaf628786d4a2ab5f8c48b2b4f204f039b9b4c29ba4b2b761558a752a248

Download Submit
C:\Users\Admin\AppData\Local\Temp\eQgK.exe

Filesize
237KB

MD5
cd4733b65a73043753119c5f730a3fe9

SHA1
651973653bf1d6343cfbeb117355603511db53ad

SHA256
30924643b56b3cc45104903a97225edf4497f5f3b38f212262f65b4e95b512d7

SHA512
af169e3ab49a6c99166cf233a9bb0a0a164b4cc03ff9f875126da0b4694f4fdc012c941e656f361cd7a58263ab010496f9d1b683f84a31a6cd5d27e4b7aef7bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\eSAwoUok.bat

Filesize
4B

MD5
7d7a65425c9c2a874579eba5ad5ed319

SHA1
d67e7d733a0c8e6cc74535103fe927b27297c57d

SHA256
bed4bd2a833a7639df21df9169985e3e49774b180b752459d0cb5147b1c00a74

SHA512
a337606d35fe5f1aae28eed978b96ad745ae0fc2f2a97a10008b7fe72922eedd2172cd7aca698a82818a791a3f57b35b9fcc1abe4323c70d8ded7c4c449897d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\eWwAgQIo.bat

Filesize
4B

MD5
6010fc8e753d675d3abaf6f8b9d5706c

SHA1
59c01ecf732348d4121666f5061956fb3d1767c0

SHA256
645527224dda80fbd4a0bfaa1f2a0a37e8c28ee62a6c82738cdca9045e5c8349

SHA512
64c317f9f639dc18609afb516ca42c443a218d425d1b0e6aef9b99ff4dfceca5e82c9c7083a4c6eedd2a9051d6c36dafba507146d8fce1182d4fcbf3bd254812

Download Submit
C:\Users\Admin\AppData\Local\Temp\eiUYkcss.bat

Filesize
4B

MD5
5169b1b98c9844f7a9e46add1334791a

SHA1
d59f5ce2bde43af0d71319e11feb932b94585032

SHA256
c34a7a6ec64116994a6d1ff55a4c105462fed043acfab7aafbba83e97214c02c

SHA512
4db3aa88d564902dd6c265edd470537e7dab1d0b49ae72923e4ca1bad9b75a23a063f47b54744ca5a01ef5fdbb56ba0b56efa24cb5fac8f76c9f1bc5445e5e82

Download Submit
C:\Users\Admin\AppData\Local\Temp\ekgskgoI.bat

Filesize
4B

MD5
036e9cdc085af3df2bd971f8861648a5

SHA1
d6ed42753f160ef20be250d9c8a7e6680e2078f9

SHA256
ac71137d117e852ac0f2ff61a89c3c0b203e3b6a0236734a17ceb62441b2cd91

SHA512
f28b1323650c95e7bf59413611a4f9c23d3791349404910db78d1055870049a11ae8ae5967d4a50536b2642f000affecee8830c55946d800aad0cc11f8baa2ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\eoAo.exe

Filesize
231KB

MD5
8f33fd737a9d276b840b0276a607941f

SHA1
a0261b874d353489023329bf5a9f5097925adf35

SHA256
0b7a842b6d34555858989818ec06926024703e15ff50120f931e6e0aefa18941

SHA512
5272bec8471c2500f0e3d64dcea5fd787e6ba97e13d0214d352369082f07b9acaaa54fe29a4f4fe892092329c9e6e907fe3ab0d63f44b41583d263be54243bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\eosUUQgI.bat

Filesize
4B

MD5
a45e95d3dd8e280914fe0d28d3278fa8

SHA1
859e5b4a6fbce404fb6bbfc44bb5b82c7c05c3db

SHA256
281599d3670cf96c49daa9d1d87b4071c748d6987e639381e0407c3a4c199b99

SHA512
96e87834da07b79e4ce5e1f909bbc154cf6618bf729ec6717265ca7a015342a5daf4ef3e0adbab6d6b3cc4fa1462f9faf582c8ab69e8ebd887957c1c2a9d173f

Download Submit
C:\Users\Admin\AppData\Local\Temp\essQ.exe

Filesize
587KB

MD5
2feafad88f958fe4f2437f8f35c0cc80

SHA1
c661016624947758d4eccb5a9eb2ad4961514d19

SHA256
88797145e802a408f2dae042f0bafa8e89b2c17ff9e22c0633dd50dcbfcc9b31

SHA512
289c7089e31b7bf8f4dac59a736ea7dcb1e40ee33e150301b7eab547d056e8bbc1884f0b7c6ef710465db920341ce57e623e3fa51ea7059126973423a062b273

Download Submit
C:\Users\Admin\AppData\Local\Temp\fCsEgwog.bat

Filesize
4B

MD5
bf5c44a3beb14cf8e627c75cdb22b63c

SHA1
bbe045d01c748323cedaa3813fea2f576181e532

SHA256
3a5bb533a03d59e75251fe4778505376110642ea0ba475c6136810a894288a1d

SHA512
c37f0af93417c65a341e5c3827b7df86d13fa48cb417cfd3f7b18f70b9b2f41b5384204c25d2cc3c5299a31b60b66263b0550d0ed7b1b56df9b2ead60e784967

Download Submit
C:\Users\Admin\AppData\Local\Temp\fGwsMoIs.bat

Filesize
4B

MD5
67a43529274251f113c253205730ed30

SHA1
ff39d25aa6f7d02de430587f1621918662e79a2d

SHA256
4b4ad30fe336b2a5546e42e0ffec6b90d2ff4b651306683ea4a7d8ad3ce3362e

SHA512
5b34788c5ad0e76951cbde8b6caacdcffe57b79beccf9618167f529f6bbcb97afa7cdc8f839ff9316dc8b542deddaa9c315e5ae530fb2b32b38a54f340479c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\fSoAkUEA.bat

Filesize
4B

MD5
b751e641fd4882492a4b9ad03e86d3d8

SHA1
b51ff73653c877a6c7ed7213854866e24be458d8

SHA256
0abeb0fd05e7bbfff65232a80a0f3ac06af9bce0a58761070e609d6a506d84a6

SHA512
03e6a7b0e9ebecf32fe235a4f9ce189930e4048468d93f17fac41a8d6d9daa00f8906cec123dc0f893f64e4f0cb7a218227a011dac1b6f85453189988dcff314

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.vbs

Filesize
19B

MD5
4afb5c4527091738faf9cd4addf9d34e

SHA1
170ba9d866894c1b109b62649b1893eb90350459

SHA256
59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc

SHA512
16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\fukQwkcU.bat

Filesize
4B

MD5
91fb940cca82eb5bd17dfce16cee22a4

SHA1
fb34e97272d895449990fde8fa3c817f80728dfc

SHA256
1ff233b09764659ef3238832583b109f2df506cfd24ac6cb06290ec7fc10fbe6

SHA512
1c2543e0fc543b95aa6eeaa46edbc7bbf91445bf064bfedf0cc8043ddf4299802a378187425962e7b93cf12d867d60f3599a5afaeed45e7dfe7b45d81f7a37c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\gEQw.exe

Filesize
233KB

MD5
ab7060c70c17209407b9cdd242e2f4d8

SHA1
2c386bf60204adcba4e0aace3277be8e03c8a487

SHA256
73513fe430465fa984601c91b6c92a84102e5de22fbc3c12b92b9d25417d8b85

SHA512
a5627da6441d606312a3a97b968921baae0d910b175ed1952855f3689b27c019a580870b6e993e84e15248358df3fb06ecf37db47513ee4c0f9c87622946b6b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\gGMQEsEo.bat

Filesize
4B

MD5
7c42977c2cad36732a2d7d899017cb22

SHA1
f6f130c2281bf0ee6bc30cec08deec72d822317d

SHA256
9d8282bae41490f9700d9693c57783eedbed0a9014b97be7a62e920634b333c1

SHA512
0acc71d8cdba2be21eae21785de94dcfef8c0486f3b493baa49811f27fc1edb8d50e6cb2123ec0db6174ba7bb56a25c9a9a7d3aeb6c8e41ca7eee96fd3a8da52

Download Submit
C:\Users\Admin\AppData\Local\Temp\gIIe.exe

Filesize
232KB

MD5
e1e767ce89526f87fa7497d51104acdb

SHA1
376e3b702f30b7565753b48bb99e33ec2b6f819b

SHA256
7bdcefe864ea971a0caa8cce171cb37ae771b0bbda3a1f24ee09b83a4fd90787

SHA512
ea55778a58cc2ae8a401cfcc48e34bccb6f694c2a5a878377835b896b48f29891388ca49ce33cb25958585143fed020df72025e70bf42696b57a25da2eae68b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\gQIm.exe

Filesize
782KB

MD5
1c66e6e0fd1ad8e8ff7309c6eff33b74

SHA1
9592225bdde3e8ed70fcc26dbe868dee311141fe

SHA256
564976724d4b25752ee57b4a3a728a27853b5ecf2a3523b487a90518f6f62552

SHA512
90c579996d35c33a03dc5d4131e4c432bd9b1ef4f14233559ba641bd43121863abd93f6434a85c0009f9ddee23dc120ca3e1920ee6c532b0fb20bb0448fb4515

Download Submit
C:\Users\Admin\AppData\Local\Temp\gYYW.exe

Filesize
245KB

MD5
8f6c7e9d595b4d3d11799ee539d46999

SHA1
33fa51e46689a68148a98cc56afb7dac756670ed

SHA256
ff15185b0b401dec618cef2bfd079ae1173aee1293e260328bdedd0903b80ffc

SHA512
4bd4b7dfc90a346dfabf5286e135dffb443b1e0f0e8770d7a6a5b426a46b802293f66b7d623256331a9d8bb7f856e85cd8adc8f1517e855f26a4a674adb72a08

Download Submit
C:\Users\Admin\AppData\Local\Temp\gYsgMckM.bat

Filesize
4B

MD5
3569635438e2b6d4a9a958552ebc1cef

SHA1
eccefeb33280b48f330bddd9f2fa8287847de777

SHA256
1f15651d7776f70a3d444623644891329999e1ae3bcb6fd0e71db76a07237b46

SHA512
b056e299ef49b688a59007beb407538654edb0e9b157640eecf74a1512b956a820de8136b8ec3c5ba0e04232ef87362520ec62b73bc8d4f3190c90d9047f653d

Download Submit
C:\Users\Admin\AppData\Local\Temp\gkMswwQM.bat

Filesize
4B

MD5
2fe6a85d061eb50cf43ce9d87f70d0c6

SHA1
6e6665c3bc5a4e34b3b3e45800ca61f09d052ed0

SHA256
09d58d20c652f6fc50b1d258cf467ca34bafdbb29cf22c6f0c12e14f9bbf1e26

SHA512
5149d904ee2d30242504eb39235336e78928c905f13204bf7a82bd912b05a7a4aa2e1163005880e7850d5d98c3ba3bc4f2c6dbba1d92c674b4ca34ce9e351e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\gscy.exe

Filesize
237KB

MD5
26d4442f7b5d97cc684bf7d7d61135e8

SHA1
f115e1728ddc997e7bb1362cf7641f3039eb2e84

SHA256
bda71589bafbe549809200e8defc0270ddef0e7ab9d5117fbf882a6aefefcbb1

SHA512
b3039114e45c2a66fb5a5fc2a2854985d193e6fc62afafeb696123465fd49cf118384ab7e8d2c8bb5dccbe0b7a32bf9b14f1993438943d96374b46419f0aadf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\hUgwUgUM.bat

Filesize
4B

MD5
cd2b4dcd33c0ccea922783fbba1abc7a

SHA1
0eba254ccb9accfbb4a68594df5a8028161d4f4f

SHA256
29ad3d2722755162a11ed4419397e7c021bef9ba5833effc3faad2c448746766

SHA512
f04cee4f4b40104a8af4499003dfb3b5918e99661224672134038537e4794c10ef4539c74fd264241de4e4b14c8400505eb6345c6c6b4c3d35a6499edf0dea9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\hiAEEkww.bat

Filesize
4B

MD5
178709042418e6efcfd5cbfa967b00b6

SHA1
ca6e7749032a2367a6a7ed0211ad0156dac32498

SHA256
28f243c82a6d14cf8c4400786842dd16f8e693f27fee8394c3778c8c6fa8428f

SHA512
40e4cc72ba4aa07e99f60503b4630eb5fd0b1425cd4ba0a7d1cfaa84df07d1caf96fd60e0aa94927587b924be7ca0d97dc455a00098525b4371778b6e9632b2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\iIckcocE.bat

Filesize
4B

MD5
083fb96761865a074c05d8ea0b6a995b

SHA1
e92732c321c2723e1dda1eeaaa32c1c3d8ae918a

SHA256
ba58f6a651294e24f52d3a89b2f189f9c8aae4b4103e792fc4b82422b52b6b01

SHA512
e70fc211595c84cb9227e52288db5fd541dfdd7dcea0d074919d27c1cc4aeeeca198f23d93af0c984ba8fe990a9c2de285f41bde0507496257a1f634b962cb65

Download Submit
C:\Users\Admin\AppData\Local\Temp\icEUUIgI.bat

Filesize
4B

MD5
9e1180b63b78f252d8f8e2b6a3cf1b1b

SHA1
f79059f15aea3d57afe9b4bebfbe860cf7164161

SHA256
198bdfa1e61376bca49cbbcc934e9d534c78a9837793037aead5dd275f0f1e98

SHA512
d13aae69daa8c04d055d4713b3715f43bfedbeedbd6b340e29c9cf4d76c7efc97f8a00ecd68df8c1ba6b577c0c8bb4b599d7378b7cf454a6ecb7f4f9fa93f3ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\iskc.exe

Filesize
228KB

MD5
a46797ffd09448eb022d406cf0bcb361

SHA1
a4fa293a57cd9e723ced9d26d369a132728f8420

SHA256
65c0591632d4ae2134cc413d14d6034dc7f03acb0870bb9558df155a601be655

SHA512
cd7d558a42b1f9b71c64d033f4a88bfe8a42056ef180b2fe4af73539715f13caf2dc1e05f8ccabc618e5ee3070d39a25d7b912a360005874d31bb319bec913e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\iwoc.exe

Filesize
248KB

MD5
385b17d4820a10911d8be2d9127c2552

SHA1
126cbd62f3eb9452fbbe618bcdcaedc227bb0ea5

SHA256
1abc9fb7ecc5ab02c3c0da3c297fc7a41e38aa8f0707cde0117bb83f721fbcb0

SHA512
f037035ab3af023b1c01e54a429bc55af54666dd2b392afcbfcff26f3a91d15006a2d8d106039e43ad4a95c62914baab7df15195241022dc35e0873e1df7d094

Download Submit
C:\Users\Admin\AppData\Local\Temp\jCIwkIcU.bat

Filesize
4B

MD5
00e68fb3ff7fa4301d4d9633c63c17ee

SHA1
a51515b0c3ce36b3cae967a242bc43d53e48020a

SHA256
af0c327d741c9134ac2f053955c8924b20ae818c0a2ae9449adaba5dda55178a

SHA512
8b5580aadd5c5548360cf1782113b685e5dfe85b392089640ac076259a222ca6294f3a8b3d6c4f246139201eb359ca09e964cf15b4313c956987c17dac5360cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\jIEAAYEM.bat

Filesize
4B

MD5
11ce60ffa2cc31667dc044ef6dc75a41

SHA1
3c8d9a2e55b39ca00fd0925e818bbba70165ff38

SHA256
889b65bf8cfb3ac06626358b16e15d75fb047378f6c2457b419653eec0b3cff9

SHA512
ca81ef31c0a3b5c62b1d6a83e20d5c7badcad6ddafacb70ddb5dafe56c1eaedab32b76d0f54412a7bbc1ceca87ad3ce7529228ccaf565894c9b6634012b0ac49

Download Submit
C:\Users\Admin\AppData\Local\Temp\jMgwUUUM.bat

Filesize
4B

MD5
fc39f62c709a286ce259651a256cebd0

SHA1
1aa5527432d9808b70bc5c7dc1702643c964f23e

SHA256
877be0449e6beca19b349e3250e09d94ae99d31eadd702958ae695e8e7573ccb

SHA512
f2167fba05c9a7558ef233ae1db4672986fbc5985b2c129672564eb9ac444cb38b5adaecb89f12812b7328c4661dab45feda8b179781d0eb1d5702390b7bd87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\jegUUMwY.bat

Filesize
4B

MD5
03229dd2521ab71349227bec66b1f4e5

SHA1
92086987129d82efceb6017a38aa659343993240

SHA256
11af705f391a2cba201d567c94cedb33a9941c23891023b9a101bcc3f037ed59

SHA512
f3f07d0678d6e9211d1a4208cd889c38523fe8da519e57d57341b723394f49d4950e348a006a63eea4824cbefccb478a9a51ba594e10548f805c7b76218c8b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\jqgocsIs.bat

Filesize
4B

MD5
26e8229aab6c70269473ad3d1fe4e908

SHA1
6887999d853f9c9680864bca537fcdc035b9a68d

SHA256
9cffad00a0a2bddb4d42e4d26f24f0dca8fa0f27991d4c60ebf86b4d75ac9022

SHA512
ee59ef00304967fb2440c17cdcf0bf86b3cc6920e4ff7435c5814db87368a06f93448a6f50277f5d037fb6f269e7a647c18892834a01acb0538e99c05079c647

Download Submit
C:\Users\Admin\AppData\Local\Temp\jwkMsAsM.bat

Filesize
4B

MD5
19a721dd230bb1f2b50225196260ca8f

SHA1
652b60ae85f42b950d49ed4a878991f119a7aa39

SHA256
5ad2ed9899e874a00d45fd5797090cd41e277020d6cf6454177c7031b3a29508

SHA512
97e9e409e8462535066a2cab4db0e4849d401795f13315e9ae8119fa24146600895b42e802dc7320252970f3173809333994e92e06d82c8467c90a989b331c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\kEMoYQMo.bat

Filesize
4B

MD5
afd6774b9b392d33b64091c35c01e115

SHA1
97f2925085dc1ccd44a1bdc3f5f33dd6cce26002

SHA256
30481618556a171b85ab52ff547f0153cf64672f8dd4547d27aa2921531b9d18

SHA512
eff3efedf354a738c5d5ae858c13732b5bcd7c9639526652e0527c44ef2d2e0f8c8c1ce7d8a342786aacef3934c8bc4f9d9d96ac134032765c33e18dd8c6c160

Download Submit
C:\Users\Admin\AppData\Local\Temp\kIQg.exe

Filesize
825KB

MD5
97115f93a5d931ab51f0d97fbdebd89a

SHA1
047608313f5541e8c88920ffb6d6200497e9622e

SHA256
29936b0d5ad28f267031c6003c1ae76490e5c8c22a3ebd355edbc84dfc5e4797

SHA512
6ecbaae4686b9520a342f1a3a6f6d4c3c4c8208f3816bf6e352c8d519529d7dc05fee8f793ede36b7882aea50008c2a3c3f56f4960997b4645dece04513dcb84

Download Submit
C:\Users\Admin\AppData\Local\Temp\kMII.exe

Filesize
728KB

MD5
6d595455888367a33a1cca9a33f8ea6f

SHA1
7b78a2788bd9293ca22f50c6619ebc256dd230f2

SHA256
046bcdfc49358e653d93a3dfbf1de0c8646a46fc696607497858792ab1973f9c

SHA512
dae0db1c42f7b70daf65af927e6e318dbe5dc4c056bf46c62d9558fa6214a28be8016de70d10bbe2b1282506df34a223c96d1557346fbc5902636d66ebcea63b

Download Submit
C:\Users\Admin\AppData\Local\Temp\kUYYsIsY.bat

Filesize
4B

MD5
743d99e7888108ee71e7edd78a21da5c

SHA1
3ba4488be0bd8b63d58e5e3512fab643f6b82904

SHA256
1f8bb62204184ee1e745e1b6d123497eb651b0c41f32390376e38b1bd376a782

SHA512
4db89db19cbe7636c83a924967de43fc1503d24c4b9e7719c0ca5a702724386331884f53ad11a980967c2ad274414b67d7524624dc0c7a3b7f58e8d85a9e2bb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\kakkEIAU.bat

Filesize
4B

MD5
c7691b47d5c979a88bb08077c637cdf2

SHA1
d2d689d950e0a761b891c5cfdb7acfe8bcecda2c

SHA256
7ba0ab27f9c11c36a0b1cd13ef0b9b7cbb5e4f7b848de9b12fe305afcc93dd59

SHA512
0ca1c73c2fd44a4824a4c38ff902c79e30582898a14e24c53595404f5e8a3d2a47c92098520795d10588a01e24dc66fe048a277c6397dc57581d400d308101ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\kgAw.exe

Filesize
232KB

MD5
8fc5cf0dcf281a183fa07cdd78b1bcbc

SHA1
50cc9360efa2f45d55f90b24eae32010dd7b63f0

SHA256
6c49c9414ab24502497233c38484835df43d03799ecf804714af3318d1e99484

SHA512
8edea6be43195ea5a47b6e49c9c92e93cf2a1d3559a83e749cd59cef15fb250382e7c558691c48e8c6f3ad58d7b093df8f4bbec5bf11f5da44dbf1903c4bbc7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\kgwMMIMg.bat

Filesize
4B

MD5
0fe738522c5beda030b0415222581207

SHA1
969d2540f48d1720d5a1bcbcce4fbc8b17c54e35

SHA256
d7db42dcbd03c8fdffe96a1a7b9ef86cffae2afb14ad51043fdb8971e661c99c

SHA512
85aef36b6cce6f7386f47cd5c7dd5e4b21a69b3f90b4878a8d647c59160e0d2c7a178312980c4983651d770bc4d75ed633eab350a461e1050e59fe88188014d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\kwQC.exe

Filesize
956KB

MD5
48a24fbc770dfee4dcb5025dd17e2442

SHA1
1fd82648b194465063bf9e22b01193b70ff1920c

SHA256
490f86ae853c404c2345b5ebbce031ef8e31060a68f1848195a2b049b84e9481

SHA512
67f74d0bb2bbd98ea31ec6c7f959c44aee2449a1d86741f5d93070b65599498cf93ef08baf46350a4e5f6fbd47127a50e1e7997f848550dde5a9a4bd784c3c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\mAAi.exe

Filesize
240KB

MD5
0ae0e53cf693a8b86e8ca776eb2fff0a

SHA1
7e3388707a7dc1d6254e136d46cfb609f8a4ed80

SHA256
2e9c975ee4cfe92c29f61e5cea9f23db8155b7a8f56d850d15a874f6b1c3aab5

SHA512
50a2959eff466b89638dd3f465ca7282cfff6c37e9c2f75ff103f38cc399ded855c3057aec2dff30cc162e6c88503cbddfdc0db2da09b0ef6033f081c1edc041

Download Submit
C:\Users\Admin\AppData\Local\Temp\mMoMogMY.bat

Filesize
4B

MD5
15eb2610dea6d8d21d16fdfd3292da6d

SHA1
653c9dad69eb0aa0bdfecd5d799d7d8e6a1e9ea8

SHA256
5fe3138231890cfb335d8785710521d09974c64343c38e88294538b4a01e3242

SHA512
ce55101072afcd4fe6ee48c1924d3677eff0fff41294a4205de62f0399264afbcbe6141def5f91f4c4908abb24c15732bcf448f7bcba307ba7c2b8f92cfd66a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\mmoUUoMo.bat

Filesize
4B

MD5
4096c5519e74eee10ad6781251b20dfd

SHA1
010a66181f98c1d0e6bdfa623fa9ef3a96f07a6f

SHA256
ba00d82add7264ecd4a9e6287378622e79b354b107ba1dc6119c2bc6f7153f22

SHA512
17fecc0fe8e342f2c992fea40e337326020a3972f72975671041cbd31a18f2efff33ca3eef28a7d08c956511a5322dad8c80a5618771121e9d61bcb43cfd3bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\moMs.exe

Filesize
234KB

MD5
6a94a400e038f0d1716c65ecf5fe7891

SHA1
6018d288648ca2e86fa2e9ffdb621d29fd976113

SHA256
46bc9f1569beaa5eff4366c908643072d5f7db76ace4105760e26d0309bdae77

SHA512
5998e332eb16152f0e892d28359ae00ebb69fac3b8f22d432e8fc75ebcb7beb4dcbe14bd7512773221543956d2e748bebc2625d31d17a4ac2c58e03c97a033e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\mogo.exe

Filesize
240KB

MD5
ed7d2a9600566ce8d009299d059e7fb5

SHA1
19ce188267dafd17e391e8676d25d86f8d324fd5

SHA256
d271cea299265ced75280346f5dffca7d0a1607a06951a64ba523d3d922bc09b

SHA512
f1b55c229c339811b47c1cb98d19b96d0c479ee07b2f401a268a67700272d335a1a6b59ef8bc63ac6f2d291c6df0ad40cfd2ffa2e9cb73496979d13859d5e40a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nCsoQEkc.bat

Filesize
4B

MD5
241e1eb30092dbb47501dfdd516638f7

SHA1
7591691c9468296270d4f1cb71a4405ceff40734

SHA256
d1ffeead97079ea62b5c50ea2c1ea377f7278c7cf9bf58b8fc84fbfd2f9cd2f8

SHA512
2770878474c374d978e6ffe6dc3ab040d2b73bf003bb1208c37a4342ee2507f234fb84cd71eca7558d7d83850fdbad2aac2a138cf4d5793c383fb300f8850812

Download Submit
C:\Users\Admin\AppData\Local\Temp\nMwwYMkI.bat

Filesize
4B

MD5
e3ff76857dc8eeab47ccc098e84fe593

SHA1
6c76efbfe816ef3b559fc16349c489ad5e8e13fc

SHA256
c1181b57e1c60711eb96761b105fc20a9f330538dc173c3ecf20cf05f89932b2

SHA512
01bacf3fe87a037b28bd9041fd754aa419ca8eb077f6845d5e431de5d04c2135811d37fe9b2528fd6914c893646523c089a9eac024f15615fb53980da39c8073

Download Submit
C:\Users\Admin\AppData\Local\Temp\nqcgQAQE.bat

Filesize
4B

MD5
8225d2c24510f76c5e1e1a2b1cbd8acd

SHA1
29be5aa97ce822003a17a9e8c3c1b5f2b9e0a5cd

SHA256
b4d8fc699be901194cc0d7b81bc49943625f91872f1db42d58516e9679d11348

SHA512
b8bfc7374affd0dd985bf8fbc29462260f67003d25b16073d1f563b4992d19ad727b1ef6a9a8205779052b609e9dbeaad1fa11fb4e7a73467837e937379db26e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nyIwQUwY.bat

Filesize
4B

MD5
9286144e454f631a1762cf3505aaf91b

SHA1
f912a92689a5c33f21203edfb4e4a93a29abcb8a

SHA256
3a4bdf0d3d1006426b253b7cc2eebb43ed95ea68f55f4543b9bfba14e2f372ec

SHA512
28a43846f8e86a5503bcf29445ba5e590d0075689a4407768ea3d1ef4ef8092a58f1b1dc6918293e8f4ab1b7566f7d16410cd3d14436aa204afc8964d73edafe

Download Submit
C:\Users\Admin\AppData\Local\Temp\oCgUwEUo.bat

Filesize
4B

MD5
e077a9059e0639adc44d8ceab9984d04

SHA1
1247aba71e64ef2816e0c8aa08090c1be96dc70a

SHA256
68bfb9d402e0edf1c518de49de78470978f821d0ca67fd8c236df85ff415cc66

SHA512
96bdba6c1c402b6b2b73bc23325a9b83761bd5124cd3632a931a1b24a7133d5765975e7057fa2e9319dcc3e11e681af40fef9eecc78fe96ae421870322ab5387

Download Submit
C:\Users\Admin\AppData\Local\Temp\oEQa.exe

Filesize
4.8MB

MD5
27fb443dce793dbdc5d55fed75408c0e

SHA1
65d5eb0e4893246db9b8a94909f973ba74f8a4a1

SHA256
2a1e4d750024b56f500a081777e7b5cf6710b30f9ba038690d6f48293ea8e404

SHA512
5ccc76829de3ec1a22c534c80c28d4ba957c2450cb5d5ff42129f0c5c46b18e6e769813be171be593d96c131c85094804206ea7cfed7c834579fe4355d7b93fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\oEci.exe

Filesize
192KB

MD5
533ddeaccfe02ece8b586e41c4da9a05

SHA1
01d9d800ba9297c8617d3ea70660a75dbe007947

SHA256
f27e6c2065b8d24e8ac4677ef7e40355825f483e38627a81bef93e6b79ca8477

SHA512
2fe50e38f6752f80262255f66149f1c51d545a805ec416351c39506e1bc62cab79cdc590643dbe1bf3faec931c8bb4726cb7834ace59ff68d1d02d777944146a

Download Submit
C:\Users\Admin\AppData\Local\Temp\oIsA.exe

Filesize
228KB

MD5
87be926af34ec04b463456adf7549275

SHA1
7cc653460013a3e24fb7ec044370190a06a4cd2e

SHA256
d62b342ae93c83ec395ce616891f160c95bf6f2f88d40fa49bbd9df45ec4779f

SHA512
c52a23dd9adfa84b9fe645dbee2f7e78b130f41d75a59b6b685975930916a77d7a1336c87a152e83f17fc9ec21530d0a8d323485308ba311dacfd14100703958

Download Submit
C:\Users\Admin\AppData\Local\Temp\oIwA.exe

Filesize
205KB

MD5
7ec303a6ea88c734c398546451d0712b

SHA1
0094dead376a4f09083fba3d6e1d7e719fb2d59a

SHA256
226cb10b018368da8a8e4d17f26ac18f1854c2779b92596403b5310835f6d647

SHA512
d1bd7debdd8e9f5cd06f3de61cb36b8571158e368ec2b9b73de70805b5fb95a8404bb23d785063a86eb5f3c5802dac8aecc1674902318b53c1a723a55dbaa18a

Download Submit
C:\Users\Admin\AppData\Local\Temp\oQwC.exe

Filesize
243KB

MD5
07f293eae4d7eb76df5aeb68b5d559de

SHA1
b94ef157c821f2f03bd239cbc30ab586d98d9261

SHA256
9250c85e88e0bea0ab5a5e1b4907f0c18061995c3d0113b3683a5dc81a875c34

SHA512
3aa382926c57db98f97bab8d201351b2f1466911f5115aa1ac47bb610648c9be695a3e17697826a5412a290959c7e7206193d017b4d8179626d91ff0ee5a89ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\oWMkEsEE.bat

Filesize
4B

MD5
ce1de68d455d66d79667fe84dcc7fdfe

SHA1
1f4ce8130277b6b068cb73a473f5cbec9f6b2dac

SHA256
a9497b90adc72d671afeb984a98ed984ca8e2beebd80c0f89f7196f1ec146750

SHA512
5797e22370e6374999d7a0c14a12645fcd66873411724c126d90b90c7affcf1841ea1ea3d89ce5ae233e2058de6c6ac71fc7d476fd23a2bdf3c2c3c976fa82af

Download Submit
C:\Users\Admin\AppData\Local\Temp\osog.exe

Filesize
238KB

MD5
3d7f2bbba6fa1ca6b77b1d8aee59eb68

SHA1
faa38874941eb9022b29e365fab21fe2af836641

SHA256
e94e8ebc34b3bed49600a0d06f4c1a6a1ef11ec82f71274fee972a9cab8a049d

SHA512
7f302e4f56811d5e61f7c01698ce1771bc6a27b1f3be8d12a9b4cb5ba2c392a656f6ed0212d32da7b6467d54b43dd65fcc04f32d9298f26164596c4b5ebad7cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pEkAYgwY.bat

Filesize
4B

MD5
9985e20fc0d74cbb42ff482fcfc13341

SHA1
107c8a91bba84d46b7f53705cdea54340bc92f1c

SHA256
4095b7f506df0000bfae0e9653568e6ff98e1df921334b9a5efe6f97e88af0de

SHA512
3c2f846c92ec3c98d707d4cb97d87df20defc461ea8a16fa5c7b30e4c24e71f902218cf12fdb9812aace9fd38e9a2f97f28327eec9ff0e94687968374890a590

Download Submit
C:\Users\Admin\AppData\Local\Temp\qIYu.exe

Filesize
240KB

MD5
11242c76ac79c8b5d6340bb064cd8fd3

SHA1
9524734e6e807c068319f3fe57d131801fe52ab1

SHA256
94ff9bc88590037dec3474f4af429f2491908afc91d7ade1ff20440e7e435537

SHA512
53d5384d426f3dd022ad2339494a2f3dddb6eb55ac86423b3a4125c44bd153e055ff2cec7c19a199379aeeabef2ce53bdf889568aeb4d171ba1496f42a029535

Download Submit
C:\Users\Admin\AppData\Local\Temp\qMkq.exe

Filesize
192KB

MD5
d169d7c204371058cf3513d64fce1a08

SHA1
79b59372666d9a1f8b90237570e9b599c703151e

SHA256
9ba7b614ffacfe15bba732c2478f73231b90d5dec237fe11d85e5603b00bfc64

SHA512
e6a52e1d36edd0d512af42cadb752b09eb7bcb9b7d7a4972806ca9113c050ac4a44c4e4937040db34299a3f7ae4ce934cfb89642b55b049b6d0792ee1420f410

Download Submit
C:\Users\Admin\AppData\Local\Temp\qQYosYwQ.bat

Filesize
4B

MD5
94ff54623004a8bebf0a38a55310ba6d

SHA1
83b8a8d3b23499ed5b2d82956453bf15ca4107f1

SHA256
6f20bbf86f7063605a4fb21716a69f54d6d7fb6c18e174a008f7384e849cb367

SHA512
83d416e123bc1f35cabeb9ab1e93d77c458697773eed268fa64e9645e2fb7ddf846b93548139a060293925e5775b29e1089fcbc7f5be9f5c4db4dcfa68774f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\qQcC.exe

Filesize
231KB

MD5
daba2a0e16fd9bed6c075fc3819be933

SHA1
2fcb33b054ac73740d71e0013d53e23b7244a3b8

SHA256
4ea665679f995053f4a8179f5aad46fee5c9a25049ae40ff440113f2e52787e8

SHA512
1c155844ec2a3ab80649616699afb20d479a2d3271a3da23d3f645fce53f84ecc51d8397b74eadea0c77c7c72b21c4620126feaec79e854c6c6d491d2509a011

Download Submit
C:\Users\Admin\AppData\Local\Temp\qSEEIIQc.bat

Filesize
4B

MD5
6c42b0f14856f6ef38e76a73d1c592ce

SHA1
a1b02ce8634d3e52ebf314cf0ab9189d62c5f07e

SHA256
c915da3de8e447b221f2ab599f6820d5c6ef1e0458145d7ccf90a7841b1f87d0

SHA512
ee81b40a81e72890586a8b8dabdd6040eca50ac9718bcf5cb373c5b074be363bdc1ff0313416eac4b18855266fd45b3f756235728a0af4e9bf5486ad1d41b459

Download Submit
C:\Users\Admin\AppData\Local\Temp\qUUG.exe

Filesize
252KB

MD5
a84a57f01e149e2cf6a00508af772688

SHA1
4077ba1f20f8604add15885a9b7ef236a0a103f7

SHA256
714d27f7149c8239091744dffdead26a84424978d34a4d52194cbb947a414499

SHA512
4d357e03351d5b3a7cd385d0371307d80fc730fc90d367db384e4556f3d7c73311ff51fca96d8a4b2a3f07e590bc5d97002ae3a9e1c5a80778bccbca067e7075

Download Submit
C:\Users\Admin\AppData\Local\Temp\qsQQgwQs.bat

Filesize
4B

MD5
b2f97a7fa357b750ad71934d0bacbb35

SHA1
ac37172fb28cc91319a8c2a6ab9f1c07da8996f9

SHA256
935f9fd7b3d81e9e39b6230164fb3558c0ff09a00a830cc7c9b5c29f68e4e877

SHA512
2083c22d4bb1c4ba96f3f961728f1464d328d9696ebd803fb69104ce72614b744aaec52dd27b9dec06f8d2b7ff4f67920bdaaded480b36f965f5d6a5a03cfa53

Download Submit
C:\Users\Admin\AppData\Local\Temp\qwoi.exe

Filesize
247KB

MD5
5224e04b7b114464dbae93e5d26b6763

SHA1
6dbcf06cbfde6b4f331a43a40ce2d5f8d9ca8607

SHA256
18c634217e12f989a7a156d8a328c3f3062f6dbd8bdb15a7fe13a25da88c807d

SHA512
ce52bc9180aa2dbec8ec3c39dad5eb578279d1c2e76072991ca12c6b3de92ec0c35ec75da1762b16b8d0b4e5fe3f888a736493648895eff2edc7b4349354be55

Download Submit
C:\Users\Admin\AppData\Local\Temp\rAIwMsoU.bat

Filesize
4B

MD5
44ab6ca2974f91678e9d0385b1a95455

SHA1
ce6e056952d4b2b15ad91a285c3243d32abf3b88

SHA256
27e034873354941032e459fdf5b5c2b1c551b96a415e3b89ff52524ec6c1da5c

SHA512
356b83b81cd94682d6224683153adc06060da9aedd27dcc5436d424b851147b1c49c9c769706ec36c0865a927d4bf1d6bc9c788e168b306465436943ee8a71e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\rQsAwUAc.bat

Filesize
4B

MD5
bf3ab454dfa2d5cff5717ab677d7e543

SHA1
c9ab64963d3fd77ba204832286a7ff287e7e5740

SHA256
aacba62c4b611c3a91dfc69617d52f5f0b63b932edcf677dd34e870b73126649

SHA512
7c1e15b10874b2124e6e75114e37beea8486f632c32e0296d02cb488c7ef6122b11bb1480d2c2c8a1454e52f304978e41c761d7f24ead4421d4bc6b8e3f4dab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ryoQMUQY.bat

Filesize
4B

MD5
6d7932e3a8c7d636d9a69cd923809509

SHA1
846bc190dfc53986e18b781e90821f61f87a031e

SHA256
9ed4d069988dfd49c750d5eb8d5c48703e2d488066c73a0661ea360cf744feb3

SHA512
7db65976c5f702012da786cbea3cf92f03d6011e69c4f2e63414196cd9001faa480a8c4f4e56ed2f06ae53f6ded379507bd17a1e447ff6c776742c76cb886b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\sMksMkoQ.bat

Filesize
4B

MD5
37159d2edef1de6ed0b490c56a45bc91

SHA1
14c2519edd48f049e582ad643635aea7b2e8df6d

SHA256
b71535bbb34fcfd77b8171424343fde865e21c57a7088a15eaa9adf3c8386e51

SHA512
b40d2e07fa40f29b2f64a4d83a5cb1c97767695dac343679f5bbc9298a5c7f6c6eb93904dd55ac83f6112ef97e0b5b6d975141cd7d159c46ae1136b6c26581c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\sckIgscM.bat

Filesize
4B

MD5
5941a051c389aa442c187cf2b23bf033

SHA1
24d0bb9eb0e87166f8207d8fd67d89839a682f94

SHA256
a473c205a9ccd0176136d149830e234d29cab4adc82fb0433d5df0317e79faa7

SHA512
934b6edb5a4f942a76740407b2ab8bad4a6d81a54133342c1956699eb8491d08e5d36a9d3fe8d3fa96a1031e7fad558337dc3a0aabee4bc3fdd9f164128aab6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scsk.exe

Filesize
1.2MB

MD5
6ddf4a49c55d2df6128a1d0f9fd9a705

SHA1
c68aab61a9352f4998451b1b630f2bd8de0ed36d

SHA256
99f0e4c59b08c4594ec6d9edb648933a98a4216fb2d9912a2785b22d3f02a743

SHA512
7b73e8facf71e34766520c21dbc8ea8540d75429374b5f06069f9ffb8c8b98a318ff1da8deef279427e0e270814afd1040f5fb3e222199b7fe78f30cff35118a

Download Submit
C:\Users\Admin\AppData\Local\Temp\sgwgkYIc.bat

Filesize
4B

MD5
536ff8612fbebf867bc23efdc9909e43

SHA1
f44c38e3083a094e54ff177257da720026d4a36a

SHA256
25510c0c5ced03c58488bd75dbd897c4dcce07de5680c9b3ed061d1bc8311308

SHA512
648f41166367d7bb4580613d5926db5e3db9d9ab11c03bdeed6cd546652adaa793157b3271bdcb2163c84d9b39f6b7be4f67911cad2573c36190d881fba6470a

Download Submit
C:\Users\Admin\AppData\Local\Temp\soUy.exe

Filesize
512KB

MD5
d7b482bd31202a1b4208e9f832f71f94

SHA1
d606cad36e682a11011d977625d24899ee5a6e19

SHA256
036a129d37a42775d5cd9d295fb99488593b9bc8ff67dd38116c075cbef888f4

SHA512
f2d1db3e9683ef47198700adce0c8b0ac68636678d5fe69290ede2168597d410b017197ded98a43e6bdb7c203c3038e543300f709aa64da460dcf6f1b22f0df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\sowi.exe

Filesize
241KB

MD5
fe6e4a945f1b99fd3a0789d37040ca67

SHA1
86d9b21da135aa93b1f2f25698a3bf58a4bcc4ac

SHA256
9870b584a04451ed91139fdf5a6a8a41953aa565576834560a2ab69086f6c406

SHA512
359a6214af5c706af37dcb550cc100abbb14cc502a91370cbb8fc9a40281aaa583c383bc16dc687f79710a4f9d9a67b4273017944ee464e627ab8dd0d8266fde

Download Submit
C:\Users\Admin\AppData\Local\Temp\ssYa.exe

Filesize
659KB

MD5
c056fb77b2532b2c91aea348c2450774

SHA1
8e3e2fb65aac37d137794b163dc28ab2394b8776

SHA256
c37fd14139f0250fa9798309fa002ab45cc03c08684c4ad6658c094bab0405c1

SHA512
0344b6e5f77a160aa1ccae3f12058994c985b3a1527ef953cf6082c46c4b06a2fa7224af07ad6ffd5508deead89f70f62f489db605a33f9ed118322ab573895b

Download Submit
C:\Users\Admin\AppData\Local\Temp\uKUkMEII.bat

Filesize
4B

MD5
72e0c4f79f50126237a349ada655658c

SHA1
111b37979b2dbe365eecf29d874d49f7264a50e6

SHA256
49457ea01f090a7d1fbd2c33b472f9100d887a12c75c9622ab18cdf0d8adc586

SHA512
683659bbec54a67d1dc62f71c53f1e7d9e1d7c41598735ef7602bfbfb1621a8a510b4350a26827334ff67c83c23281b7eba810c2d606d68516586614a44cb36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\uKwAIgkM.bat

Filesize
4B

MD5
260e3217d83d90d92f9512e8a994a362

SHA1
bbd3f2649cef5f68188eac4d7a9c354f50fef7fe

SHA256
7dce7800a0f8d69e1486cc34de6193eee679d7c9c977a2e8a0bf29c86563481a

SHA512
24446368cd46e9e685c64584c583f41aebc471ca736b726c8eef558902ebf7832305dcfc4d9c19cc763b21876562e10d62de74214a55e9bf160f986d613ae5d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\uQsk.exe

Filesize
215KB

MD5
e7b2d62688c3298aaaa49f9ffd493118

SHA1
4c158f80d662c9c5ed3645dd89da122958753d4a

SHA256
b0c629444b11106536b7b9f1c049c1afde8bc278f195e317b3d75a69ec36a1bc

SHA512
ff229e22e8c112ac0fbe97e3c410ade35f41e8c8c243596da502b89638a541014b151d66a48e99376cc27bcb4c9b0e9de11b4a9d882ed76e445f23e45c64d4dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ugss.exe

Filesize
241KB

MD5
1a87f2daa5c441647b344d3ca02cd89f

SHA1
4086245558ede0f1b7bfcc45b5d2540708aafbe9

SHA256
7d8a63801455bb84143ab9d1618d6affe3aed069f8152a130bdcc3f8843d91db

SHA512
ae1e1a243ac9abfa7be3e7e1895bae61e3a135373217f8ff2fc86715ae3151102cac9aa2959b07348111df85ae71105f080d2e950e55307ad74c20e17ee4bc88

Download Submit
C:\Users\Admin\AppData\Local\Temp\usIM.exe

Filesize
231KB

MD5
86e17073e6548539704a42a78c88024b

SHA1
ba2d79bd6e38500b0e91541a4ff0781c48d5d229

SHA256
8b68cf9b5ffa22cbc2582d95aa71a2c0290df586b3dd0f9b84d9acc3ddf790fc

SHA512
4ecd215ce6c128d77d20857646cca102585d1b68906f61192e88514ff3466765646b26c5892870878c40ea800c608a53790de03c383aa906c644e89114443023

Download Submit
C:\Users\Admin\AppData\Local\Temp\uskg.exe

Filesize
837KB

MD5
6fc80136f76c85abf60f393ca2777179

SHA1
a29313ac8846457516c0468b95365d12ae123058

SHA256
be0473ae6ef56d3de982ae190d3abd50ef9c246668d77cd0d19c8726c40e219c

SHA512
80f7c90ab87345416aa1529b2217f08c1462ae63eef2274a91a11c871ebecfe710f2cf36c2a22a0db4f5439ae10dbc551b586ac6dd081ce430d20790efdb3f2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\uuEwQUQA.bat

Filesize
4B

MD5
420851228da79f1ebe27068b0171119f

SHA1
53a76f279ffbf11a0863d06c40f997ff05c8b2d2

SHA256
153aa2437cf889a3704b1d89b0412800e52485b405def97ec8203aa00381c51e

SHA512
33e2eed79f5d12080ab55ee00c3cbd1f3af89de1540f23f16d26c9ee8d31c165ee8d0586166490ae77889da7a9684c5300795ff185a1cf27b91c49f6a2086e73

Download Submit
C:\Users\Admin\AppData\Local\Temp\uwAU.exe

Filesize
235KB

MD5
707e61580b7cb3db3980a0b07b2f996f

SHA1
fcc2f55312f1d42133eb564f8841eb15f2748524

SHA256
906de00c148147f7a8f1dff30d151007256d142103c82e8064218e8aba4892a9

SHA512
8b2a839948b6723ccaaee8d5f04b6d19ecfb73fe860632ea5117d44a80a9dea8dc04ae661004f9dcac18444ae27ff401e0f5e80c98e85e3fc5005df0752fa738

Download Submit
C:\Users\Admin\AppData\Local\Temp\uwUS.exe

Filesize
326KB

MD5
5e843fcc8d600e8154e640d6cc4f6cc6

SHA1
15179befd4cb0484b44f8a2597a83bacb6fed020

SHA256
524071c3b54bd6e9104f6655597ef53f849eb3efb7b16b6c3f5986e6558b50f5

SHA512
b4624b729e3f07ab1f966d53b7900460546f6759f59edfbd16e38b2df98b85081d6ac11c7d9b4e862a7ab3889c74e503c1ef1869185ee004efc61e113199826a

Download Submit
C:\Users\Admin\AppData\Local\Temp\uwsY.ico

Filesize
4KB

MD5
ac4b56cc5c5e71c3bb226181418fd891

SHA1
e62149df7a7d31a7777cae68822e4d0eaba2199d

SHA256
701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3

SHA512
a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

Download Submit
C:\Users\Admin\AppData\Local\Temp\vKEAEkUk.bat

Filesize
4B

MD5
ad02b45070fb1653336718b339c8a9ce

SHA1
af74a2d02b70b2d2c057ab31985287b0803dc15c

SHA256
539e78ac36462913be7369395dc384f5cf3cc39859248bc495e1a3b6c5fa820d

SHA512
51446246665df62354ffef3a1f013d1af2255fac2b98dc4552d41016e1b9aae06c06e5e44d18168678c4c3e952510dfbcbb5b8f5b924435a2843b6916292f4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\vUQowcko.bat

Filesize
4B

MD5
87514462a8ba121c26249046d93addb3

SHA1
af3cf69d8ba1f5bd571a2589a7142f680b9a6207

SHA256
5f8b7fc0a1600025e96400478b27b912b3efb8360205f06fea566c2748df1cb7

SHA512
44468fe12e3b01927d36764cf3d0c94c4a147868e995a8852ea03e790d9078ce9a3e10d5353ef6f499ecde7b308019a56c1a75c0357505d6a31b66957b464bfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\veAAMUYA.bat

Filesize
4B

MD5
9f954694e5d0df1b32e698c5134a2bab

SHA1
31a6814b4a5e321c20f36b0c28f0b31de40345d0

SHA256
619204cc4a65cd26f945f01da05d10c35d433e4cb2ec9d6513f49a5a26f928b3

SHA512
0d0186bbc065ab8fb6a97098006d943f2ac9303bfb14b5d4bcb1062303e3b48dbfec3c930ce161112bc11985bb84a2cb8c6675d910fa172ab90f05a726a2b5f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\wEAQ.exe

Filesize
228KB

MD5
d9a64bf0c9f8fd6479c20f7a223a8e58

SHA1
79c47a92d9012e708281c9ab0945a0b1a06f3472

SHA256
c6dcf01023804d4e25e4852200764e91f53040dbe03bec0b91b6122f21832f0d

SHA512
6669e811078e499a0d1d4db345e3867349b7d0da345e627c215ca0b7b1f269bc64503bef2a19ae057f2f3db4458adb985fa60d677987f0320e9f5fd4ba2da734

Download Submit
C:\Users\Admin\AppData\Local\Temp\wIQm.exe

Filesize
4.1MB

MD5
8c0500f01e62bde7b830807bb7064bb0

SHA1
c465ec1136b05ce35cfd558ebb869846e4305251

SHA256
53f37707335bdf6e7318fac5e4cc16ac8a052bb15428f1b06d52830c7cf9a440

SHA512
9b1eb65d52ab1304e126b2b4cc80a0aafe2e00ae227aee60cd593341ca6557a38983559312905da84fd5f0aeec9fa107793db2d422dae06f245726e2fa1b3676

Download Submit
C:\Users\Admin\AppData\Local\Temp\wKggcQEs.bat

Filesize
4B

MD5
5d671d001c79703d2456460fee00872b

SHA1
243e9c73242a7ac62853e5c7cfd79a9c1e891bb5

SHA256
1e2adc34afc55763d33908d12fceecaa8a08f225c4de09f36d32087f589474a6

SHA512
98748934b17abc1d09acbe0b54d6aa7bc8d418716621f6ee14ace9d647a8abd5cd692586a18f0babee2105d1267d32c9163c4b6d43fe9e3b5a8dc200d9f367a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\wYMK.exe

Filesize
234KB

MD5
db9c57ea0a7e9bab312beaad8149d09d

SHA1
2f10c15f2c2cfd9a65935b7febc01b3f6220e540

SHA256
5ec1c0d733f27a218e70963a6145ca98e7009f0fb04f3a4b481116cad6117cee

SHA512
1649151b07c72373f1f7faa5dcaeca837ba99847fe5a0df5ce6a1ec9bab5b502f1a274357ff13bf5e6f9d92349d917b2cc03e9917a4d07f3963c0bba97ee8baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\wYQW.exe

Filesize
247KB

MD5
e4f672a46c50c3fe725a484149cc3752

SHA1
1c9a621c0d91464bd9fcf82eac566d1e6932d9eb

SHA256
06d675f37a2e549aea8391f1f0bbb809d098d724b17fa3a12fffc61e79b03268

SHA512
71847d9d4a197c76507d5fb1130e23d9be61cde2cc55f8c13fcd98841cf91224d8076fdfd65730559691fa3a264c62e0407bead1b222bdc8abfd0e5383a9f9e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\wYckQEQA.bat

Filesize
4B

MD5
69e104fba1e8dfe24e02edde87723974

SHA1
6b65c9f5f9efbc91ca16055b2e39d3612d18a882

SHA256
dcded9a14c11f589a662ad5b13dda1aa2adb93ce37e272b7e945529d58eabcf2

SHA512
e6703d3606ea43f3cfcae8213e6bc8ed39c9b524e5e296d23c23d1cd4eea041794174857e9b2ccdf45507bce45881b33301c4979dcb1b217e7a5ec64ca58fc37

Download Submit
C:\Users\Admin\AppData\Local\Temp\wcMk.exe

Filesize
524KB

MD5
10cc0d738550716f8240f32906e38e84

SHA1
9405044100532dba82b0b363ea4aef64bd81add8

SHA256
ef94b04178c48912582acc1c1e64915079c3b2e305d9292aa7573f9ddf0bafb1

SHA512
dff36225fd7d839c515539ea1c9334881abe040e4c0009460fa918c9cae8470481fadc0cd974dd59fe903da11379b9469f1ef80fbc8871eeb06da2bfd216b4ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\wkMoQkco.bat

Filesize
4B

MD5
c61f3920f5a2ef3b8a3c35896f51be1a

SHA1
bd75df2ab711c704c59e9abd8563c32332d9cc06

SHA256
b037d34208f66c7e93f351475bc954600c44655b5d7c8bdc63219019a1055140

SHA512
936f934f9f7cd0901facc939ffdc1d673b554f4347b41b497e0dfdc932267b1e0118e7e20f0bf44945dcbe87b1452987f9adb3ba6185622a99d0b2482b759deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\wwwk.exe

Filesize
229KB

MD5
a7d3204380684f1a40bffeb539ecbca2

SHA1
1fb6ff8d62a7a061de532de07dd52b5feaf1b781

SHA256
0ac499bbe81c0ef5bd3a3c238f95775de3e78c6bb4b150127b0f92caad218840

SHA512
6892903a641aea63cb5e67e4c6f727166338f260beea894527df77129cb93a4d3e8126005a0a507efc294417184847280c803cc129648b2548af2805c8694007

Download Submit
C:\Users\Admin\AppData\Local\Temp\wyUMowAk.bat

Filesize
4B

MD5
b4159a4174fa321140119d39eb9b515e

SHA1
9ca6bf5e079801fde43070cc3f3d6dbd2d52c02f

SHA256
7e2700a2744ead946d6e7709fe36a1d4676b5615a0baedb90d20b30503be045c

SHA512
4a9539b8a772fcad7a4c6a4fa643f5891ac9c02e94a037d59baf5a292beb943e0bc0f736b1272bc271ed514ef146b4d77ef46ff3ae988ef8e3dc6a27e04103ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\xsQkgAUs.bat

Filesize
4B

MD5
90919b51f42619db719e5d501f473ae2

SHA1
b7029229b452f1c04ad0264a9319e4796b2b9580

SHA256
8cfc01deed67f5430a563e6e830cc862240cc61b06379ea0aba7e26e132d1c7d

SHA512
0be67862eb0ab31e1978eb95195412b5c2ab1bd161033ec5a8eb27927ffeda6e1e24d0f6d8723217aba9da1005f80b1fc5854425ac02db0d6b17031dd6ca47c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\yIEi.exe

Filesize
230KB

MD5
b2f736be099a644c3eaf25b85dc09b98

SHA1
2fa33663fd58041678c790dd531b698ad524bdf6

SHA256
c0a220229de6a15c09ccd4074858c38880e9fb504af8a2e268873dc3aa45018c

SHA512
99b7c5b414c38e65f9485515f5b937b550ba244a90957cb321251ebf6dba50b75e3294cc54b427910c72331cec76b4210332daa0a94bfd841f7d1745ae0c5132

Download Submit
C:\Users\Admin\AppData\Local\Temp\yIQS.exe

Filesize
128KB

MD5
2467596922eeb4e94543e4eb3f9a540a

SHA1
31c23a07a438fb534643ba53d989d54faf6a2e52

SHA256
92afb3d7f835ef5fefcf873b06b6b6c23424e28389aba0455a7cdd33df057ca5

SHA512
e53968637400aea4c0898b885f50f9c84a8f8f7f1aa112f845cfd45ec7a32fa0a249c9971a6723221e8e12c372cd1a7747bb6b67ef18b5ea9c0395c7231b5e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\yMQK.exe

Filesize
250KB

MD5
417e0a11da1bb4f5a78f1743541b03ea

SHA1
9c70deddf4571a5f9c0b975b8fff2741ca8afab0

SHA256
d2b52ace2d22177f3ccd2249732924ebc128c3074a2ed34611d36463711d94c4

SHA512
8781e70112e6559e28ac5e4fa4f271b5a59ffc542886f2e3fcad62ea359e24be3ac51113b554715effb62d5c4629755813a4eba5ac728216a24457ff7431b5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\yUAi.exe

Filesize
244KB

MD5
e7f02c69451511be2abeaf763e306331

SHA1
384d653ab59ad1399f8100733acdf2195640c8e9

SHA256
a29346f4b21617742f73e59200cef5ed26e7bb2a0a8e5285241c327c53156982

SHA512
a663d89e1c3c62488ff09151763cc8e1b863fc67265654725de8dcf5ac211c758ead48d36919c5ba509d9824f90797de8f5a24fe253720b9f8736bdc9e0eed2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\yWMAoYUQ.bat

Filesize
4B

MD5
7ceeb363f3da47537c401fa11ca92520

SHA1
321892df33897034dde8acdf913b17ba6e409910

SHA256
b8a5354cf288e587136fd2c4b1cb58deea694f6a8ac0eb9d7b91b86eaec34fba

SHA512
a9156f7bbf86eee4c623b0b8f6ca10f2a51ee0fa8f5635a0cf541b11b54e942330799c49f0aec28bf05bbfadaf07b6e87935e895ff16be7b178a566b3495d3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\yYwM.exe

Filesize
245KB

MD5
821f016f9abe6e91003811f153179fe9

SHA1
23533dae5c337433d859fc6b39bef8c809528e53

SHA256
4700fc68a374568371c8c3ec1c19c00b2456dc3ee65f80ee000f53dd84d1de00

SHA512
44dc9b51beae629d8cf7ecb4ce7bd27d6613b48b8739203030f8c3716af480b67c9480eee867c15a4a9c85041ba84441442f1ae16e1e1b32aaeffa7c358a2f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\ywgY.exe

Filesize
892KB

MD5
3a1dca96dd9874da458a62f33efe3da4

SHA1
10d9b022ca3f8f52336cb3a6c972b4b65e53269d

SHA256
f4c9cf1b7e8b7586e72c6512d4df960a716825b41579471e2bcd13ed49b1b742

SHA512
01bb1cd8e525244ad7cc95334bbb5faec2c3c7185a08963020dc0ccc143df154ad60b95c5b0402f19aad2e4c26819a27618ae42d3f07d7bbe9023fd8d1ed0c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\zYcEwYYE.bat

Filesize
4B

MD5
29c754fa66e90ddd6adba556daff1e76

SHA1
9c3685002a76aeac7f1c1d089aade17a45bf8dfb

SHA256
26305c4c328aaf97a1f261a1b9642ea8c133d02506b8c5514cb04d80da7dbcb0

SHA512
fd4a923f9b5fd9a621eef1886569959861771fd2c746b50d7b6fd60df56f9c135fa779dcf76c4649c61c9d29af65f66759b98bbfacd7a185e94a9c508640d8c6

Download Submit
C:\Users\Admin\Desktop\GroupExpand.ppt.exe

Filesize
472KB

MD5
23ea94e95ede9b22a23eb59d488041fe

SHA1
993807717e1511c9ba0c314ec7d01e8b2f1669a8

SHA256
3f74a1c8ede91c2f81557e36931046501fc591c842d8bc1de097ca38359deca1

SHA512
184c1d6a7c62b97f471a8ed7861819985f92dfbd408695ac3e880d588f0db960600af3e8478eaad327de59596a0826d5dad36ef8ee1a6e0840d7bc648fda778f

Download Submit
C:\Users\Admin\Desktop\UnblockSave.xls.exe

Filesize
714KB

MD5
2ae690e07e8560f6b6b5f0b49c0e91b6

SHA1
0ca2d0e1ee7902852a26b55775bba766e9d288c7

SHA256
b1721e1ff41800517a7935f43290ec3643b44e4eed99e91ebd2c7be16a5c8ac8

SHA512
e958bbdfd216f16dce2756d733e5f3d246f8a21a9662f2af4f02253563d1ca422d087195bd0c7c79300dba48afc67b06af5e5ffc0682a03d80765a07112f7da4

Download Submit
C:\Users\Admin\Downloads\UnregisterWrite.doc.exe

Filesize
448KB

MD5
a35c38fdc8a68602142049202a153656

SHA1
9ce0db0496f4d311ce7379fdf3b9e605c7f7f5e5

SHA256
671622af3dc4d6c507bdd41d7e96fb85bf0b628455025760ada477d90dbea671

SHA512
79b46afcfc62aaecb66527c1b6842d567bdffeb008ed7ea232bf4b9eb255e4720ea10ce22ec0631a488510a707972ce8f3a8ce29f49c78382a996593f9a69518

Download Submit
C:\Users\Admin\SyMQIsQo\jYgEEwcw.inf

Filesize
4B

MD5
b777dca3fb417fbaf19aacbed6b2c1b6

SHA1
002e7b571d9e4021b440fc3d5fe78643acb2cd5f

SHA256
a2cb58a3652690314237e55c8dff5dcfd37c5495144987544f5633b8cf6d2af9

SHA512
09e8ebac6d273de0ffb95356ce602121329143351a6b17abc0d996e08ba8ce38b3019fa1392cb63fc0a38dbc6cf3310f3bf02ca454b3386ee1c4f2d952f6e681

Download Submit
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.exe

Filesize
959KB

MD5
34f6b148d7c0cc4cf42bca08ed1900d3

SHA1
7095ce3408a2526708255d309329823e47947e5d

SHA256
e1755d066d123d00b67ec132c16871370644786c91948e01041fb722ef5f468a

SHA512
7764cea8c39653d0974184ab71082d914cd8e4c2fa70f54ce2b6ed4e7e1b59de96e051950b3f95956b0f61411696e235f77f6651dc15dbcc29b6077721dd33c0

Download Submit
\Users\Admin\SyMQIsQo\jYgEEwcw.exe

Filesize
195KB

MD5
f83edfa356ad42b626d812260c24b3ce

SHA1
24f70fa0701e507df1f791e92bf5e379016016af

SHA256
be3c1ffb4b130750b47236b8eb56f03ce2ac9bf6060fb22f6da7ce33ffae8ea4

SHA512
330ffb875f84fe1bcbccd2cb35ba1e661688a4bdd733cd1ea68fc3f3fa9ccb6a54221dddedb587ea5d425ec0494685940ea8f337fef32677028b789e1d6c10c2

Download Submit
memory/564-61-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/564-400-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/564-93-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/808-272-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/844-107-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/844-106-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/892-713-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/892-683-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/900-157-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/900-156-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/952-446-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/952-415-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1012-703-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1040-228-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1040-259-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1048-226-0x0000000000300000-0x0000000000336000-memory.dmp

Filesize
216KB

Download
memory/1052-391-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1052-423-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1076-59-0x0000000000190000-0x00000000001C6000-memory.dmp

Filesize
216KB

Download
memory/1076-58-0x0000000000190000-0x00000000001C6000-memory.dmp

Filesize
216KB

Download
memory/1104-515-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1104-486-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1140-258-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1140-282-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1252-661-0x0000000000290000-0x00000000002C6000-memory.dmp

Filesize
216KB

Download
memory/1284-535-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1284-506-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1300-273-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1300-306-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1340-166-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1340-131-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1480-83-0x00000000003A0000-0x00000000003D6000-memory.dmp

Filesize
216KB

Download
memory/1480-82-0x00000000003A0000-0x00000000003D6000-memory.dmp

Filesize
216KB

Download
memory/1528-390-0x0000000000260000-0x0000000000296000-memory.dmp

Filesize
216KB

Download
memory/1572-568-0x0000000000310000-0x0000000000346000-memory.dmp

Filesize
216KB

Download
memory/1608-662-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1608-692-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1668-297-0x00000000001F0000-0x0000000000226000-memory.dmp

Filesize
216KB

Download
memory/1668-296-0x00000000001F0000-0x0000000000226000-memory.dmp

Filesize
216KB

Download
memory/1680-724-0x0000000000370000-0x00000000003A6000-memory.dmp

Filesize
216KB

Download
memory/1704-525-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1704-526-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1708-236-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1708-204-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1728-651-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1728-607-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1740-353-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1964-158-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1964-190-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2044-343-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2076-484-0x0000000000270000-0x00000000002A6000-memory.dmp

Filesize
216KB

Download
memory/2092-545-0x0000000000320000-0x0000000000356000-memory.dmp

Filesize
216KB

Download
memory/2104-494-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2104-69-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2104-459-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2144-556-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2256-366-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/2356-577-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2356-596-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2360-437-0x0000000000160000-0x0000000000196000-memory.dmp

Filesize
216KB

Download
memory/2496-344-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2496-181-0x0000000000160000-0x0000000000196000-memory.dmp

Filesize
216KB

Download
memory/2496-375-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2512-14-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2560-330-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2560-298-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2572-438-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2572-468-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2584-587-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2584-616-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2612-504-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/2612-505-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/2620-321-0x0000000000150000-0x0000000000186000-memory.dmp

Filesize
216KB

Download
memory/2680-84-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2680-117-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2712-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2760-671-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2760-629-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2768-34-0x00000000002E0000-0x0000000000316000-memory.dmp

Filesize
216KB

Download
memory/2768-35-0x00000000002E0000-0x0000000000316000-memory.dmp

Filesize
216KB

Download
memory/2784-130-0x0000000000260000-0x0000000000296000-memory.dmp

Filesize
216KB

Download
memory/2804-606-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2804-212-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2876-546-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2876-576-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2880-140-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2880-108-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2896-682-0x0000000000210000-0x0000000000246000-memory.dmp

Filesize
216KB

Download
memory/2896-681-0x0000000000210000-0x0000000000246000-memory.dmp

Filesize
216KB

Download
memory/2900-414-0x0000000000160000-0x0000000000196000-memory.dmp

Filesize
216KB

Download
memory/2980-3230-0x0000000077890000-0x000000007798A000-memory.dmp

Filesize
1000KB

Download
memory/2980-168-0x0000000077890000-0x000000007798A000-memory.dmp

Filesize
1000KB

Download
memory/2980-1441-0x0000000077770000-0x000000007788F000-memory.dmp

Filesize
1.1MB

Download
memory/2980-3892-0x0000000077890000-0x000000007798A000-memory.dmp

Filesize
1000KB

Download
memory/2980-1442-0x0000000077890000-0x000000007798A000-memory.dmp

Filesize
1000KB

Download
memory/2980-3891-0x0000000077770000-0x000000007788F000-memory.dmp

Filesize
1.1MB

Download
memory/2980-3229-0x0000000077770000-0x000000007788F000-memory.dmp

Filesize
1.1MB

Download
memory/3048-5-0x0000000001C90000-0x0000000001CC2000-memory.dmp

Filesize
200KB

Download
memory/3048-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3048-13-0x0000000001C90000-0x0000000001CC2000-memory.dmp

Filesize
200KB

Download
memory/3048-31-0x0000000001C90000-0x0000000001CC4000-memory.dmp

Filesize
208KB

Download
memory/3048-43-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3048-30-0x0000000001C90000-0x0000000001CC4000-memory.dmp

Filesize
208KB

Download