821ed7784b8672643dd327c2a95b250ca129d4469f328008d3fc17f926e8f145

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
Size

268KB
MD5

b8bfed7f47f26ff5def645a67f5e51b2
SHA1

e18dd5a4ebded19b2c48886ad33d8156131d712a
SHA256

821ed7784b8672643dd327c2a95b250ca129d4469f328008d3fc17f926e8f145
SHA512

67636a28d50baa7084f906e4dd062e9735878a58316fe4f192b048108116b30d70b490115480a1ee0c026f575c5754f7ee5ff1d85d9621e763916a3e5f818ae5
SSDEEP

6144:ZLF1uGrQurPTqhI32rBMSEqUyYpXm+t18/yiyOii:ZnCqq2DHt+Ki7F

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

UAC bypass 3 TTPs 64 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Renames multiple (60) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation	qigMkwQA.exe

Deletes itself 1 IoCs

pid	Process
1616	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2736	qigMkwQA.exe
3020	yYMoUAwk.exe

Loads dropped DLL 20 IoCs

pid	Process
2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yYMoUAwk.exe = "C:\\ProgramData\\wyYcEgss\\yYMoUAwk.exe"	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\qigMkwQA.exe = "C:\\Users\\Admin\\ZmEUkkMU\\qigMkwQA.exe"	qigMkwQA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yYMoUAwk.exe = "C:\\ProgramData\\wyYcEgss\\yYMoUAwk.exe"	yYMoUAwk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\qeccggYc.exe = "C:\\Users\\Admin\\gKIMcsIA\\qeccggYc.exe"	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\lmcQkcww.exe = "C:\\ProgramData\\WaIoUkEM\\lmcQkcww.exe"	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\qigMkwQA.exe = "C:\\Users\\Admin\\ZmEUkkMU\\qigMkwQA.exe"	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico	qigMkwQA.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1612	2644	WerFault.exe	318
1540	2536	WerFault.exe	320

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

pid	Process
3036	reg.exe
1108	reg.exe
2676	reg.exe
1908	reg.exe
2300	reg.exe
1400	reg.exe
1772	reg.exe
2664	reg.exe
1192	reg.exe
2792	reg.exe
292	reg.exe
1828	reg.exe
2740	reg.exe
2520	reg.exe
2992	reg.exe
1588	reg.exe
2636	reg.exe
1508	reg.exe
2500	reg.exe
620	reg.exe
2236	reg.exe
1204	reg.exe
2788	reg.exe
2468	reg.exe
2156	reg.exe
1904	reg.exe
2440	reg.exe
2408	reg.exe
2696	reg.exe
1420	reg.exe
1668	reg.exe
2448	reg.exe
1504	reg.exe
1304	reg.exe
1868	reg.exe
752	reg.exe
1348	reg.exe
1192	reg.exe
2252	reg.exe
1592	reg.exe
1236	reg.exe
2144	reg.exe
2772	reg.exe
3044	reg.exe
2416	reg.exe
2280	reg.exe
2572	reg.exe
2872	reg.exe
2388	reg.exe
2876	reg.exe
2252	reg.exe
1484	reg.exe
2252	reg.exe
3004	reg.exe
2548	reg.exe
1560	reg.exe
2564	reg.exe
1384	reg.exe
1204	reg.exe
2708	reg.exe
2448	reg.exe
2900	reg.exe
316	reg.exe
2748	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1828	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1828	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
564	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
564	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2008	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2008	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2616	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2616	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2512	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2512	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2808	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2808	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1692	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1692	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2220	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2220	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2232	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2232	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1624	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1624	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2728	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2728	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1504	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1504	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
652	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
652	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2348	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2348	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
824	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
824	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2812	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2812	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2928	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2928	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1912	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1912	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1336	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1336	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1896	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1896	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1940	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1940	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
748	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
748	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2488	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2488	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1628	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1628	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2696	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2696	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1000	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1000	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
824	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
824	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2556	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
2556	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1012	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
1012	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2736	qigMkwQA.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe
2736	qigMkwQA.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2736	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	28
PID 2400 wrote to memory of 2736	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	28
PID 2400 wrote to memory of 2736	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	28
PID 2400 wrote to memory of 2736	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	28
PID 2400 wrote to memory of 3020	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	29
PID 2400 wrote to memory of 3020	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	29
PID 2400 wrote to memory of 3020	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	29
PID 2400 wrote to memory of 3020	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	29
PID 2400 wrote to memory of 2588	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	30
PID 2400 wrote to memory of 2588	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	30
PID 2400 wrote to memory of 2588	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	30
PID 2400 wrote to memory of 2588	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	30
PID 2588 wrote to memory of 2632	2588	cmd.exe	33
PID 2588 wrote to memory of 2632	2588	cmd.exe	33
PID 2588 wrote to memory of 2632	2588	cmd.exe	33
PID 2588 wrote to memory of 2632	2588	cmd.exe	33
PID 2400 wrote to memory of 2704	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	32
PID 2400 wrote to memory of 2704	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	32
PID 2400 wrote to memory of 2704	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	32
PID 2400 wrote to memory of 2704	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	32
PID 2400 wrote to memory of 2960	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	34
PID 2400 wrote to memory of 2960	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	34
PID 2400 wrote to memory of 2960	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	34
PID 2400 wrote to memory of 2960	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	34
PID 2400 wrote to memory of 2620	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	35
PID 2400 wrote to memory of 2620	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	35
PID 2400 wrote to memory of 2620	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	35
PID 2400 wrote to memory of 2620	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	35
PID 2400 wrote to memory of 2640	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	36
PID 2400 wrote to memory of 2640	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	36
PID 2400 wrote to memory of 2640	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	36
PID 2400 wrote to memory of 2640	2400	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	36
PID 2640 wrote to memory of 2900	2640	cmd.exe	41
PID 2640 wrote to memory of 2900	2640	cmd.exe	41
PID 2640 wrote to memory of 2900	2640	cmd.exe	41
PID 2640 wrote to memory of 2900	2640	cmd.exe	41
PID 2632 wrote to memory of 1548	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	42
PID 2632 wrote to memory of 1548	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	42
PID 2632 wrote to memory of 1548	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	42
PID 2632 wrote to memory of 1548	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	42
PID 1548 wrote to memory of 1828	1548	cmd.exe	44
PID 1548 wrote to memory of 1828	1548	cmd.exe	44
PID 1548 wrote to memory of 1828	1548	cmd.exe	44
PID 1548 wrote to memory of 1828	1548	cmd.exe	44
PID 2632 wrote to memory of 2696	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	45
PID 2632 wrote to memory of 2696	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	45
PID 2632 wrote to memory of 2696	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	45
PID 2632 wrote to memory of 2696	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	45
PID 2632 wrote to memory of 2532	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	46
PID 2632 wrote to memory of 2532	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	46
PID 2632 wrote to memory of 2532	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	46
PID 2632 wrote to memory of 2532	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	46
PID 2632 wrote to memory of 2652	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	47
PID 2632 wrote to memory of 2652	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	47
PID 2632 wrote to memory of 2652	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	47
PID 2632 wrote to memory of 2652	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	47
PID 2632 wrote to memory of 2684	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	48
PID 2632 wrote to memory of 2684	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	48
PID 2632 wrote to memory of 2684	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	48
PID 2632 wrote to memory of 2684	2632	2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe	48
PID 2684 wrote to memory of 1568	2684	cmd.exe	53
PID 2684 wrote to memory of 1568	2684	cmd.exe	53
PID 2684 wrote to memory of 1568	2684	cmd.exe	53
PID 2684 wrote to memory of 1568	2684	cmd.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\ZmEUkkMU\qigMkwQA.exe
  "C:\Users\Admin\ZmEUkkMU\qigMkwQA.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in Windows directory
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:2736
- C:\ProgramData\wyYcEgss\yYMoUAwk.exe
  "C:\ProgramData\wyYcEgss\yYMoUAwk.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:3020
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
    C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1828
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        6⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:564
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        9⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2008
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        11⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        12⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        13⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2512
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        14⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        15⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2808
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        16⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        17⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1692
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        18⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        19⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1400
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        20⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        21⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2220
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        22⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        23⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        24⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        25⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1624
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        26⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        27⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        28⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        29⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1504
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        30⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        31⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:652
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        32⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        33⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        34⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        35⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:824
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        36⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        37⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        38⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        39⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2928
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        40⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        41⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1912
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        42⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        43⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1336
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        44⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        45⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1896
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        46⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        47⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        48⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        49⤵
        Adds Run key to start application
        
        PID:840
        
        C:\Users\Admin\gKIMcsIA\qeccggYc.exe
        
        "C:\Users\Admin\gKIMcsIA\qeccggYc.exe"
        50⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 36
        51⤵
        Program crash
        
        PID:1612
        
        C:\ProgramData\WaIoUkEM\lmcQkcww.exe
        
        "C:\ProgramData\WaIoUkEM\lmcQkcww.exe"
        50⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 36
        51⤵
        Program crash
        
        PID:1540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        50⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        51⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        52⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        53⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2488
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        54⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        55⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1628
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        56⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        57⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        58⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        59⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        60⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        61⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:824
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        62⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        63⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2556
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        64⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        65⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1012
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        66⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        67⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        68⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        69⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        70⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        71⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        72⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        73⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        74⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        75⤵
        
        PID:760
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        76⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        77⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        78⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        79⤵
        
        PID:568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        80⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        81⤵
        
        PID:676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        82⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        83⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        84⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        85⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        86⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        87⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        88⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        89⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        90⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        91⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        92⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        93⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        94⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        95⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        96⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        97⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        98⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        99⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        100⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        101⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        102⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        103⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        104⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        105⤵
        
        PID:344
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        106⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        107⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        108⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        109⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        110⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        111⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        112⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        113⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        114⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        115⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        116⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        117⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        118⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        119⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        120⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        121⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        122⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        123⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        124⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        125⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        126⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        127⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        128⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        129⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        130⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        131⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        132⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        133⤵
        
        PID:344
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        134⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        135⤵
        
        PID:832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        136⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        137⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        138⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        139⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        140⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        141⤵
        
        PID:580
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        142⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        143⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        144⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        145⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        146⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        147⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        148⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        149⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        150⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        151⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        152⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        153⤵
        
        PID:932
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        154⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        155⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        156⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        157⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        158⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        159⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        160⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        161⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        162⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        163⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        164⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        165⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        166⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        167⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        168⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        169⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        170⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        171⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        172⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        173⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        174⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        175⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        176⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        177⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        178⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        179⤵
        
        PID:604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        180⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        181⤵
        
        PID:572
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        182⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        183⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        184⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        185⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        186⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        187⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        188⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        189⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        190⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        191⤵
        
        PID:896
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        192⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        193⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        194⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        195⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        196⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        197⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        198⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        199⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        200⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        201⤵
        
        PID:344
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        202⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        203⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        204⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        205⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        206⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        207⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        208⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        209⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        210⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        211⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        212⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        213⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        214⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        215⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        216⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        217⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        218⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        219⤵
        
        PID:628
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        220⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        221⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        222⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        223⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        224⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        225⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        226⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        227⤵
        
        PID:860
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        228⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        229⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        230⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        231⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        232⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        233⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        234⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        235⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        236⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        237⤵
        
        PID:764
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        238⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        239⤵
        
        PID:784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        240⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        241⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        242⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        243⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        244⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        245⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        246⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        247⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        248⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        249⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        250⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        251⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        252⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        253⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        254⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        255⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        256⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        257⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock"
        258⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock
        259⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        260⤵
        
        PID:344
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        260⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        260⤵
        UAC bypass
        
        PID:1444
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        258⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2852
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        258⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        258⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\PooAksAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        258⤵
        Deletes itself
        
        PID:1616
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        259⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        256⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2760
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        256⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        256⤵
        
        PID:792
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\JagIgAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        256⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        257⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        254⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        254⤵
        Modifies registry key
        
        PID:1828
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        254⤵
        UAC bypass
        
        PID:652
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZgsgAcMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        254⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        255⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        252⤵
        Modifies visibility of file extensions in Explorer
        
        PID:916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        252⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        252⤵
        UAC bypass
        Modifies registry key
        
        PID:2872
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\CwUYMYIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        252⤵
        
        PID:824
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        253⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        250⤵
        Modifies visibility of file extensions in Explorer
        
        PID:864
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        250⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        250⤵
        UAC bypass
        Modifies registry key
        
        PID:292
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\YWIwwYAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        250⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        251⤵
        
        PID:760
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        248⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2392
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        248⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        248⤵
        UAC bypass
        
        PID:2708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AUYooIYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        248⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        249⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        246⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        246⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        246⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\maMkIwwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        246⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        247⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        244⤵
        Modifies visibility of file extensions in Explorer
        
        PID:3068
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        244⤵
        
        PID:532
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        244⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\akIAUogE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        244⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        245⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        242⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        242⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        242⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\BqQcAsYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        242⤵
        
        PID:816
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        243⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        240⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1680
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        240⤵
        
        PID:316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        240⤵
        UAC bypass
        
        PID:1968
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\rWAMogwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        240⤵
        
        PID:340
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        241⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        238⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        238⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        238⤵
        Modifies registry key
        
        PID:2408
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZuosAwEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        238⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        239⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        236⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        236⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        236⤵
        UAC bypass
        Modifies registry key
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hIYUsYYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        236⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        237⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        234⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1712
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        234⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        234⤵
        UAC bypass
        
        PID:976
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\UQwEkoQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        234⤵
        
        PID:676
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        235⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        232⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1732
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        232⤵
        
        PID:792
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        232⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AWcIQAMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        232⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        233⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        230⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2448
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        230⤵
        
        PID:816
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        230⤵
        UAC bypass
        
        PID:2144
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SUgkYIkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        230⤵
        
        PID:532
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        231⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        228⤵
        Modifies visibility of file extensions in Explorer
        
        PID:888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        228⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        228⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\OwgscQQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        228⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        229⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        226⤵
        Modifies visibility of file extensions in Explorer
        
        PID:264
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        226⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        226⤵
        
        PID:580
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\DwAUYoMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        226⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        227⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        224⤵
        Modifies registry key
        
        PID:2992
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        224⤵
        Modifies registry key
        
        PID:2676
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        224⤵
        Modifies registry key
        
        PID:1192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\pkIQIAEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        224⤵
        
        PID:784
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        225⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        222⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2500
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        222⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        222⤵
        UAC bypass
        Modifies registry key
        
        PID:3044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\jCEgUsws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        222⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        223⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        220⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        220⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        220⤵
        UAC bypass
        
        PID:1536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\posAogcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        220⤵
        
        PID:996
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        221⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        218⤵
        Modifies visibility of file extensions in Explorer
        
        PID:3068
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        218⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        218⤵
        UAC bypass
        Modifies registry key
        
        PID:2300
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HOkQgIII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        218⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        219⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        216⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2364
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        216⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        216⤵
        UAC bypass
        
        PID:2000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\GiossoQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        216⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        217⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        214⤵
        Modifies visibility of file extensions in Explorer
        
        PID:864
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        214⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        214⤵
        
        PID:832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\uIgMgAQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        214⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        215⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        212⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        212⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        212⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\McowsQIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        212⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        213⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        210⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1484
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        210⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        210⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AYosUIQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        210⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        211⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        208⤵
        Modifies registry key
        
        PID:1108
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        208⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        208⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ROccEwQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        208⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        209⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        206⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        206⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        206⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZYQwcAYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        206⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        207⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        204⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        204⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        204⤵
        UAC bypass
        
        PID:564
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tekYoYYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        204⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        205⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        202⤵
        
        PID:860
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        202⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        202⤵
        Modifies registry key
        
        PID:2708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\BYssgIYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        202⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        203⤵
        
        PID:604
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        200⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1012
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        200⤵
        
        PID:676
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        200⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\NIMEIUMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        200⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        201⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        198⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        198⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        198⤵
        UAC bypass
        
        PID:2672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AOgkYIYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        198⤵
        
        PID:108
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        199⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        196⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2184
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        196⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        196⤵
        Modifies registry key
        
        PID:2144
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\aGQwskwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        196⤵
        
        PID:572
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        197⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        194⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2592
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        194⤵
        Modifies registry key
        
        PID:2572
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        194⤵
        Modifies registry key
        
        PID:2772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SCsssYgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        194⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        195⤵
        
        PID:816
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        192⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2488
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        192⤵
        Modifies registry key
        
        PID:1508
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        192⤵
        UAC bypass
        
        PID:2996
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\oAIsIUME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        192⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        193⤵
        
        PID:916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        190⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        190⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        190⤵
        Modifies registry key
        
        PID:1348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\XmIsAgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        190⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        191⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        188⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2104
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        188⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        188⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\VkwckssE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        188⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        189⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        186⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        186⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        186⤵
        UAC bypass
        
        PID:2648
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tEkcsggU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        186⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        187⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        184⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        184⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        184⤵
        UAC bypass
        
        PID:1256
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TQMEAMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        184⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        185⤵
        
        PID:860
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        182⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1668
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        182⤵
        
        PID:896
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        182⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\kgEQMgco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        182⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        183⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        180⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2224
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        180⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        180⤵
        
        PID:748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ieAcwAYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        180⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        181⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        178⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1400
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        178⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        178⤵
        UAC bypass
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\kKQMMskc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        178⤵
        
        PID:112
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        179⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        176⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2684
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        176⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        176⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\gegEQksQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        176⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        177⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        174⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2620
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        174⤵
        
        PID:872
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        174⤵
        UAC bypass
        
        PID:440
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\dOYMYQcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        174⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        175⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        172⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1676
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        172⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        172⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZUYsQAMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        172⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        173⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        170⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        170⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        170⤵
        UAC bypass
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\xmEEgcYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        170⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        171⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        168⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        168⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        168⤵
        Modifies registry key
        
        PID:2520
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\dgkwIgsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        168⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        169⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        166⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        166⤵
        
        PID:628
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        166⤵
        UAC bypass
        
        PID:300
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fwwIwYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        166⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        167⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        164⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1736
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        164⤵
        
        PID:108
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        164⤵
        UAC bypass
        Modifies registry key
        
        PID:2900
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\qsoUsAkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        164⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        165⤵
        
        PID:676
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        162⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2792
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        162⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        162⤵
        UAC bypass
        
        PID:2116
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AegEIgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        162⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        163⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        160⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        160⤵
        
        PID:628
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        160⤵
        UAC bypass
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\WMkgsocE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        160⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        161⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        158⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        158⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        158⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\sgUwgsYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        158⤵
        
        PID:532
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        159⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        156⤵
        
        PID:840
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        156⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        156⤵
        Modifies registry key
        
        PID:2280
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tOQEwsAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        156⤵
        
        PID:292
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        157⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        154⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        154⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        154⤵
        UAC bypass
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\baosoYgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        154⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        155⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        152⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1796
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        152⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        152⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\zEMAwMgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        152⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        153⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        150⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        150⤵
        Modifies registry key
        
        PID:2740
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        150⤵
        UAC bypass
        
        PID:1276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\cwMYYIIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        150⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        151⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        148⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        148⤵
        Modifies registry key
        
        PID:2156
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        148⤵
        UAC bypass
        Modifies registry key
        
        PID:2440
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\giwkMoEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        148⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        149⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        146⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        146⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        146⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\eWwMggIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        146⤵
        
        PID:824
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        147⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        144⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1452
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        144⤵
        Modifies registry key
        
        PID:1236
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        144⤵
        UAC bypass
        Modifies registry key
        
        PID:3036
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\KwgowAkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        144⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        145⤵
        
        PID:784
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        142⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2992
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        142⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        142⤵
        UAC bypass
        Modifies registry key
        
        PID:2468
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\wWIEAYMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        142⤵
        
        PID:264
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        143⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        140⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        140⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        140⤵
        UAC bypass
        Modifies registry key
        
        PID:2788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fUkoEkUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        140⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        141⤵
        
        PID:996
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        138⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1232
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        138⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        138⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\dsMQMgss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        138⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        139⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        136⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        136⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        136⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\JesUYMQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        136⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        137⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        134⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        134⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        134⤵
        UAC bypass
        
        PID:2788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\dKkcEggQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        134⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        135⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        132⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        132⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        132⤵
        UAC bypass
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\MqwEIkso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        132⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        133⤵
        
        PID:676
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        130⤵
        Modifies visibility of file extensions in Explorer
        
        PID:352
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        130⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        130⤵
        UAC bypass
        
        PID:1776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\UkEUsoMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        130⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        131⤵
        
        PID:1176
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        128⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2160
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        128⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        128⤵
        UAC bypass
        
        PID:2220
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\uuMMskko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        128⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        129⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        126⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2252
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        126⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        126⤵
        UAC bypass
        
        PID:604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\gkoIUsos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        126⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        127⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        124⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        124⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        124⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\VIowIEww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        124⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        125⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        122⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2020
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        122⤵
        Modifies registry key
        
        PID:1904
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        122⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\XEMwogwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        122⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        123⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        120⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        120⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        120⤵
        Modifies registry key
        
        PID:1592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fEUoMYoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        120⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        121⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        118⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        118⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        118⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\NQYQAMUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        118⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        119⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        116⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        116⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        116⤵
        Modifies registry key
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\gwYsIEIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        116⤵
        
        PID:564
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        117⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        114⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        114⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        114⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\wWEooEsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        114⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        115⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        112⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1348
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        112⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        112⤵
        Modifies registry key
        
        PID:2748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\qKwgMAco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        112⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        113⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        110⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1264
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        110⤵
        Modifies registry key
        
        PID:2876
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        110⤵
        Modifies registry key
        
        PID:2664
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\eeEosoMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        110⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        111⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        108⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2252
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        108⤵
        Modifies registry key
        
        PID:2388
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        108⤵
        UAC bypass
        
        PID:1012
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TOksgccU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        108⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        109⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        106⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        106⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        106⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TmEMUYsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        106⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        107⤵
        
        PID:824
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        104⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        104⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        104⤵
        UAC bypass
        Modifies registry key
        
        PID:1204
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HEkEMwgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        104⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        105⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        102⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        102⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        102⤵
        UAC bypass
        
        PID:2092
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\rGkEUYsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        102⤵
        
        PID:628
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        103⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        100⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1384
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        100⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        100⤵
        UAC bypass
        
        PID:1832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\asoEsgQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        100⤵
        
        PID:532
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        101⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        98⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1640
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        98⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        98⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\qOQUgUYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        98⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        99⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        96⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        96⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        96⤵
        Modifies registry key
        
        PID:2564
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\aiMMQgMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        96⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        97⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        94⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        94⤵
        Modifies registry key
        
        PID:1772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        94⤵
        UAC bypass
        
        PID:2820
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ygsosskA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        94⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        95⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        92⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2128
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        92⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        92⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TEEAUQII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        92⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        93⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        90⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1704
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        90⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        90⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hUUgEAsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        90⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        91⤵
        
        PID:944
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        88⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        88⤵
        Modifies registry key
        
        PID:752
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        88⤵
        UAC bypass
        
        PID:2384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fOUUoYcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        88⤵
        
        PID:604
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        89⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        86⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        86⤵
        Modifies registry key
        
        PID:2448
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        86⤵
        UAC bypass
        Modifies registry key
        
        PID:2548
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\DyUYUgAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        86⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        87⤵
        
        PID:664
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        84⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1572
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        84⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        84⤵
        UAC bypass
        
        PID:2808
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SuQsckAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        84⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        85⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        82⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        82⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        82⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\QeIcIQkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        82⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        83⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        80⤵
        
        PID:764
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        80⤵
        
        PID:440
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        80⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\IckcIsUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        80⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        81⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        78⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1580
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        78⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        78⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\OgokssIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        78⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        79⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        76⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        76⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        76⤵
        UAC bypass
        
        PID:2688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\UUkYscIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        76⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        77⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        74⤵
        Modifies registry key
        
        PID:1560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        74⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        74⤵
        UAC bypass
        Modifies registry key
        
        PID:1192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TAYUwsII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        74⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        75⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        72⤵
        Modifies registry key
        
        PID:2636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        72⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        72⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fCcsgAcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        72⤵
        
        PID:792
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        73⤵
        
        PID:540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        70⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        70⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        70⤵
        UAC bypass
        
        PID:1124
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HkQskgMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        70⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        71⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        68⤵
        
        PID:300
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        68⤵
        Modifies registry key
        
        PID:1420
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        68⤵
        UAC bypass
        
        PID:2124
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\lgwUYwcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        68⤵
        
        PID:344
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        69⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        66⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        66⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        66⤵
        
        PID:976
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\iYUogUMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        66⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        67⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        64⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        64⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        64⤵
        UAC bypass
        
        PID:1668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\wIgokEgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        64⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        65⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        62⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1472
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        62⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        62⤵
        UAC bypass
        
        PID:1296
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ogQgAUAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        62⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        63⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        60⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2584
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        60⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        60⤵
        UAC bypass
        
        PID:2172
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\pwYAsMYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        60⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        61⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        58⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1480
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        58⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        58⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\bcowEcIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        58⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        59⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        56⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2792
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        56⤵
        Modifies registry key
        
        PID:2236
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        56⤵
        UAC bypass
        Modifies registry key
        
        PID:1204
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZIEgcQwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        56⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        57⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        54⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        54⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        54⤵
        UAC bypass
        Modifies registry key
        
        PID:1588
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\vmoQEgoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        54⤵
        
        PID:620
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        55⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        52⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2156
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        52⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        52⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\EcMcAkgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        52⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        53⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        50⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        50⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        50⤵
        UAC bypass
        
        PID:540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AOMowQQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        50⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        51⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        48⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        48⤵
        
        PID:292
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        48⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SYkggIkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        48⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        49⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        46⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2840
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        46⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        46⤵
        UAC bypass
        
        PID:1736
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SEAUEAEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        46⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        47⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        44⤵
        
        PID:996
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        44⤵
        
        PID:896
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        44⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\qmYQkUkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        44⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        45⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        42⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        42⤵
        
        PID:620
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        42⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\zCggAgkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        42⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        43⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        40⤵
        Modifies registry key
        
        PID:1868
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        40⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        40⤵
        Modifies registry key
        
        PID:1908
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\nQgIYMYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        40⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        41⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        38⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        38⤵
        
        PID:792
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        38⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TGIIoQMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        38⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        39⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        36⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        36⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        36⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TEYEQAEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        36⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        37⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        34⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        34⤵
        
        PID:764
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        34⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\twAAgIQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        34⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        35⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        32⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        32⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        32⤵
        UAC bypass
        
        PID:1676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\uuQoggck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        32⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        33⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        30⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        30⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        30⤵
        Modifies registry key
        
        PID:1304
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\OSEksEgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        30⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        31⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        28⤵
        
        PID:752
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        28⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        28⤵
        UAC bypass
        
        PID:664
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\MSwccMco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        28⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        29⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        26⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        26⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        26⤵
        UAC bypass
        
        PID:1544
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\USgQEYMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        26⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        27⤵
        
        PID:540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        24⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2812
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        24⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        24⤵
        UAC bypass
        
        PID:1252
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\dmAAgEwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        24⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        25⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        22⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1576
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        22⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        22⤵
        
        PID:872
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\lGoUYUIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        22⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        23⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        20⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        20⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        20⤵
        Modifies registry key
        
        PID:3004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\bSIYoAIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        20⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        21⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        18⤵
        Modifies visibility of file extensions in Explorer
        
        PID:652
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        18⤵
        Modifies registry key
        
        PID:620
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        18⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\nwsgYgkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        18⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        19⤵
        
        PID:976
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        16⤵
        Modifies registry key
        
        PID:1504
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        16⤵
        Modifies registry key
        
        PID:2416
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        16⤵
        UAC bypass
        Modifies registry key
        
        PID:316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\WmQskYgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        16⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        17⤵
        
        PID:760
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        14⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        14⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        14⤵
        UAC bypass
        
        PID:2472
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\OGkwwggI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        14⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        15⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        12⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        12⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        12⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\asQUIcUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        12⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        13⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        10⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1204
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        10⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        10⤵
        UAC bypass
        
        PID:1536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AEEQQEAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        10⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        11⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        8⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2220
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        8⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        8⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\xuAIcUkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        9⤵
        
        PID:3040
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        6⤵
        
        PID:480
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        6⤵
        
        PID:652
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        6⤵
        UAC bypass
        Modifies registry key
        
        PID:1400
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\dcAoAoII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
        6⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        7⤵
        
        PID:1628
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
      4⤵
      Modifies registry key
      PID:2696
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
      4⤵
      PID:2532
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
      4⤵
      UAC bypass
      PID:2652
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\vcYgAwEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2684
    - - C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        5⤵
        
        PID:1568
- C:\Windows\SysWOW64\reg.exe
  reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
  2⤵
  PID:2704
- C:\Windows\SysWOW64\reg.exe
  reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
  2⤵
  PID:2960
- C:\Windows\SysWOW64\reg.exe
  reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
  2⤵
  PID:2620
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\TEMUMUAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Windows\SysWOW64\cscript.exe
    cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
    3⤵
    PID:2900

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-813897785-14999806041797822704-620215041811064709198959042-189072457-683299939"
1⤵
PID:1708

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1433591893-1376055858475990540-346817984146766208-1942836117-1300148546303435793"
1⤵
PID:2180

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "718127808-202424955385484992-1404574676-1116603370887800136-98089135-1167996657"
1⤵
PID:1640

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "152395396-1367349516-61090183018042095275907537715965873082133966865-2046080481"
1⤵
PID:1992

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1804918926106150233560676851855208281-10381347781837916091-6638754481819544131"
1⤵
PID:2584

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2574760391673906944-5147591571478555358-1214284760-1580927582378381326-159446305"
1⤵
PID:2104

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-128056529097314998315033854381752425609-12754581041271490216-1456176246-874458889"
1⤵
PID:1532

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "231940033-641134218-1664462480838096614-146727766-1014723186-10061713931222129219"
1⤵
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe

Filesize
223KB

MD5
093e2b2206bf7358fbc91d15103eda71

SHA1
f3156100c6c1bdd05537141f179901a3b31a6d9e

SHA256
855dd56a8e57c4745ec7c6d22dc83ea97acfe06b8c652c285a619ef61066101a

SHA512
d9d03a733646cb1e4e5e11e85dfdc0b3dce13ff07012f432ffd62ce2202e62f1bc8988d67acd07bca5851130f54fbad4d822bf161b1d95957a8fb9e621f03a97

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe

Filesize
249KB

MD5
4026fbc21c192349231bdcd0ec951e62

SHA1
d702117b360f6ba683c85a97af46dc7f66ac7e46

SHA256
5269c61b8788a21468d24d220e6d4d47716af7a7846c89b0459214a159790ebe

SHA512
f67768d71eda1af3b86c0534508ce50dee078de8e88eb4c8a5b7576d143b419ed86ad124779b4e1794a0b6f031fe29c678354588b4044d46f05aa5ffa42d20e1

Download Submit
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe

Filesize
633KB

MD5
c29198c361fd8cd6f08f93f8768fc42a

SHA1
c72cc2d51c1715edc23e1b68f9a65b0b576bcc66

SHA256
787eafbdfd2e173a4a1dd68db8d44c2055812de1daa62988ad2c5e011bca1a0c

SHA512
47fe7a07ed2489edca68fea43c8ce2c32ac239cbac331f92612c9f400f0bdc441f7f0298efd4f4e87a5ea0dc1a318c538d7d22d81b3cef3bce26b1a8fded26fc

Download Submit
C:\ProgramData\wyYcEgss\yYMoUAwk.exe

Filesize
186KB

MD5
377e494c0365aca4dc279f67a3f1744b

SHA1
87ebe4ad8cc706118dc3668cbc5726d9587a0611

SHA256
ae784eb2f5d5fe0f4c2aca6ca8fd9540a8c889f15ac79af8dbd05a56e7f0ba9d

SHA512
5b12dccc528cf6a77d6160a9f698d256abbb3139e5c5b3b811f7b7433a28e13a00418b049ae10bb7b78ab24ba353bf14fe04b1a6a4a5b24ea281d1853dad826d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-06-14_b8bfed7f47f26ff5def645a67f5e51b2_virlock

Filesize
81KB

MD5
070cf6787aa56fbdaa1b2fd98708c34c

SHA1
fb662cbd45033e03f65e0f278f44f4206a3c4293

SHA256
e073f22bff5d22fdbf3665855d2f979d300c4e28421a7edf5d616dd92c71580f

SHA512
93adca8cd47db7fd07d1bb0834c92ef0460d86975ee17276573223eb378d3cc7bc8324c0cd62c024664159b0320501d37bbc97d266a40ed2a51fb3e8e163ba52

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACUcIIEc.bat

Filesize
4B

MD5
eb1ae3c6105d89b2685016dec647c417

SHA1
1d1a584760c664dbba4eb5234dc4425bd5f16f72

SHA256
f6ab5ea7531ae8521b39356087ec95be9c0a78a03d67146d8a3ab2e7904a64b7

SHA512
fea63cf28243e1bcccaa94ee6c3dab4fa918ecb2ebd156c0a50bce78447187af2389ba94f215940411499ff5b7ded87b0e659fa283b55fee669ad44b09bc7060

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACoUkoUo.bat

Filesize
4B

MD5
c335945274c613d3be2e7194c422c89f

SHA1
937ea7051ae34d6291f9bdfc7eee08ef894c752c

SHA256
04d7d1913011cf656f3901be5c6d0e48287ec3cb8482728d320eafa5f1878e95

SHA512
442463122865cfb524e6e9b75b240d2afa8c69533d37f101e1b16b9afe794234e227577fedeb0da02581a4d7ca4b96c3c94c6f9f2fd2f06fa8b9a4f7eafa6377

Download Submit
C:\Users\Admin\AppData\Local\Temp\AMgi.exe

Filesize
186KB

MD5
610b8b524273b1cf45c99f04b198a800

SHA1
f95030c557779022cd9adbad120ce8023c4644d6

SHA256
d356df7385653c40dcee3f814409a3a7ea742fc0e0d854d2dd6aafd8d0433f96

SHA512
4f6c0bb620be2239dcc48a921a98c490f6a9852cc1635515324826ba9dbd8b9d29923b08b9dea652137ebefabfa51b3e157495a683f959ff05441f12d2ed4a6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AUIe.exe

Filesize
246KB

MD5
5991fe7025f6e11f6d1025d76ab4f071

SHA1
8e596ebeaf1455b6211d7a85725a2072c7f61858

SHA256
2e853f90c02dd3f59c9a909132da15b04993934b5a210af166f402d2a09a1c52

SHA512
b6ce4a8e4bd273fb217c6dcb45d0295b137383e8ddc4de17851c85478e2e7ea779dd0eccde37d33fd87593e2ff65bd70eebf801e413f0389669a02a7d7a7395a

Download Submit
C:\Users\Admin\AppData\Local\Temp\AYIe.exe

Filesize
198KB

MD5
2607a0844702e98575c610423262358b

SHA1
7674870dfab5a7355902a661b07987f795d36096

SHA256
3c6f4a2fc5e8cf724a2df440307766b1ce0290e52bd8ffd67d759a4c1075f70e

SHA512
6b603d0bc23b3941082e650c5f69dbb1e4d97ab436f43525aede2b6ec97aae1b2ff918ac37aa6b7623c063253e2ec3862de286e500e5c924391f9a269c36c435

Download Submit
C:\Users\Admin\AppData\Local\Temp\AcMkEAwQ.bat

Filesize
4B

MD5
6efaff2f43a257886c7045dedb79875f

SHA1
4a9f58732bc7f92df35b11e07b94f2adc33273f3

SHA256
3752c84248135b8e169ca488ca458fba313655308f9a5295162eca2e47d025d5

SHA512
c0d830c5c9667b51039ab42e98a7e25bfcf455744a28bee07c3a5743bfc30ccca0da31e35f6bb281103a9adac0e9c160f93d2fc75cba829fb7994f0f91f57992

Download Submit
C:\Users\Admin\AppData\Local\Temp\Agwq.exe

Filesize
235KB

MD5
b50fbcd8b3c6a5eb26996882f20aab11

SHA1
47c82341aabe228db2a8f8faf9995a7f432e030d

SHA256
9a28cbcd524c664e0499ef39be9713c5134039c56031e81099b7085a9474f8bf

SHA512
6388e2a9206d5e1a9b0c8f7095f5304ca65229303e84ae24756a619c6fa38c285d9b27de1cdae1e6652afc6f50c021756e3b2304397861e2629cfc82ccc6095f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AksQ.exe

Filesize
242KB

MD5
485d8fee99495a8a6014610e98192891

SHA1
54ecc2c2a13739ca916373d28fe63c56c601239d

SHA256
d84fba3716ed1237303be5a23592a159b84cb7e6e6d966f5037c17583afeca6c

SHA512
2cf8c8370777a6ae290116ffd09ffe10b91d8f43379129caf52e7850406a4a49e355ddcd07420fc0e25b36ae011fa146a8406f1a723fd1134f5aca92c665ea70

Download Submit
C:\Users\Admin\AppData\Local\Temp\AoQQ.exe

Filesize
241KB

MD5
628526153f7dc9b4306942d8e137164e

SHA1
f32947d13dc171ecaf47a7126c992291230331f7

SHA256
87e2a38260fab3666f1c328cc91dbd6a895c9f349431fac76ce2e5ea254c81f2

SHA512
33b793d3d303d3f871ab779c55b40833814be5f5e6ec1c602eb47b59e059a34cf3a165d0161295c9efaa12659e4e500f2eb78146d64c8a4f3cbe8239300a3d99

Download Submit
C:\Users\Admin\AppData\Local\Temp\AwgC.exe

Filesize
1.1MB

MD5
dfd2da900b87ca23a16365fd8161be6d

SHA1
7b0d71c04a84352cf26ae4cadf42b1905aabdab4

SHA256
afc9d99ccc7fa0b4372d1ed5778ca97f3f5cf21fde99b7ed59b54c1f7a0bd4a4

SHA512
84f9b3ae6cbd1b7062522ffe917651b26a2583caf812f73ec2920d896b05a7ab6169a0f1612f4de6f3ef19df43b0c34f6183ff0162a2dff855f82e94c48a0c07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Awsq.ico

Filesize
4KB

MD5
47a169535b738bd50344df196735e258

SHA1
23b4c8041b83f0374554191d543fdce6890f4723

SHA256
ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf

SHA512
ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\AwwYccwI.bat

Filesize
4B

MD5
1478fd342ec9f433a18cb18f97299ab3

SHA1
f032057c27ba45ce336f50f4c47728fb768e65d0

SHA256
abe7309a1a34e439c13197086760a0500b9c0490acc6b411142365c66c536a81

SHA512
15ea333543cc35cb4b6587dfa28492ef46e60270ae91fd82634a54f9307f3b2863261d0ca4765dd5ea41e9459ae5a79a768e9f6a48fd711ab61f3aee86cb3a90

Download Submit
C:\Users\Admin\AppData\Local\Temp\BSEUAgIg.bat

Filesize
4B

MD5
038944c2d3e24233c136c9cc9edc25e5

SHA1
62e42880e72b0baff5b3bbc45cf1196c1bb031d3

SHA256
cba284dd2a358efdd03905ed596181a522736a00bad8fac53dea6fd953d09385

SHA512
aec29406eacc5e8aa4417c55f864be45a29256d07d4d68c71c08b9ce119eabe6d20af516bd4a6f006f8dd70e3f7cdadb659447d0518ca5f03799888aaa3edbb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\BiYEAQYo.bat

Filesize
4B

MD5
1cadceb80234ee5c0536c3051d960c84

SHA1
3ef29cec84a1f78845844d36d543f4f13ffcb7f4

SHA256
532e4cfc4ee49558691c1594c2346f7cda5fe6c3ec08bb125cb25adff2a54364

SHA512
f3eae10aee071199c42e4fef30159893270e15fd90928669fa09559de4ad3ba4235755714dfe523a9c86db8e2edfbe023fbc238164ffddf679772bdb264a8276

Download Submit
C:\Users\Admin\AppData\Local\Temp\BooQUgQE.bat

Filesize
4B

MD5
bbe106879fb5fd582e20faf41395d111

SHA1
ca262aec0cb158e9abfe85265dd78c2ff6c90c41

SHA256
673032cebff42717b324dc94eac6eab3e6e03e0582947ead3a8bbba6b541bcbb

SHA512
9bdde872f12d04b17f73deb12703beff105ce6105268fd6bcbe1bafa3e14695e7646321e9592133e160e484819ecc6fefc64c2f02781ffc16456d50ef0fb9cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\BswkQEIU.bat

Filesize
4B

MD5
c8ba1c8c0472e3b943c3cdf492d579d4

SHA1
cb651eac82d6e96fdf86392e4a4939790589ad0c

SHA256
4555714b1e06d4f49a814ade198e056662c41fbe62a492e07bafed489f02bccb

SHA512
8e86c6068dcc1969ae01c73685a669ebda33c07e9c04fce05f7f621f449e1faec66036edb5031a5d4713a6534df2638505139932da963d33ea9f3f04fbe2013c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CAse.exe

Filesize
541KB

MD5
1906ef82da0e7c4f723822ea9134cd9c

SHA1
8b9cb8dd0e3ff67d303a1459ad903183940b24d7

SHA256
e5a8f9c2eb8f1b68cf475a60129d7bb7eacc07b94c1280daefc574b7c1d93bab

SHA512
931ff550354f0e91ab960bf663006f6c4cccc4f9becbc3d4f431c52b157d52fe40f3c4570b86f43436875607d59f9ff6e4dbdd34294892df627d451b3af5bff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CEMs.exe

Filesize
224KB

MD5
7c5729f090230f183244a9f97e6ec180

SHA1
65c65aa300324282219369cec162215cf565be2c

SHA256
9438dfea76ca01e6fb457cbc89982c300986bb523dc226e03f187718a65059ec

SHA512
4a76c2253a6aac6df6b8b24c2db8b519fdb9bb38b529c5b967a778cb74717adae74ccff084ffb4fe56007f04e60c8c01aede09aba7b0d2b124a26d2120479d36

Download Submit
C:\Users\Admin\AppData\Local\Temp\CEsE.exe

Filesize
246KB

MD5
371cdfd201a701c789fd55a93c8a3111

SHA1
f7b37f140cb9e2905289522c6923a8c8f56d44eb

SHA256
103562521b40b837c615d71172031ea26ace940582db2ad0d8e0864c34e17c47

SHA512
dc17d3833edc3175321d47c21351459ff96f5d456619acb7a660064ccd6d7b87aa6e34ed6dd65014b418c50d8eb783577ab70e51fedb69bda132cf726a28f2c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CQUMookw.bat

Filesize
4B

MD5
4028fddfed5740a2fdf4132dae83613b

SHA1
6435bb69d42f8315e613d4f0acad4e5ed0d84755

SHA256
1b7a8289e8265df7b7d69436a107867b1cb51170e5e2a0303a40821fe6ad7c6a

SHA512
9f3d924e9daf2531b8eff53cb18f0dea3a61f1683ee180054924297e9b2418c52bb494df2b87979e792e0fa673700904c47e1069d18ebefc8ea9f43304f56e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\CQYO.exe

Filesize
251KB

MD5
8ef00fa9f8c4ec2aa9a862de2cb586c1

SHA1
aba6f0801c73348a747d29dbbc3141af53ab0012

SHA256
761817dfc3427a3118a47e4c732b2ef2827ff94c203ce88eb7c93e1b0bfd3b18

SHA512
4a603e2cf78ef666f39d857cbe81142f149e9c1ff98b4f22cf2ad9b69d653177b709ff913da67f5f25877c5575b39d07ad5d758bdc94a03b1d4689c44f1d76f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CQgW.exe

Filesize
321KB

MD5
66152907be84823566c5fddcf9480787

SHA1
70722767741806ada76136a00e001b37feb637ff

SHA256
85b0184ed4030f12eb11e2af92c41a6b2adb21843544b632e955f52ec1bb00d5

SHA512
f4b60bf886abb402bc30b5e54c239f18ab7332449508604decbc3eb6032fdd399c64281324bac3e2b3e80a381705ce3c20945cfa8b2056ebe2b59d0976a1f243

Download Submit
C:\Users\Admin\AppData\Local\Temp\CUAQ.exe

Filesize
187KB

MD5
dedf67c9554458973ad30b86a7d48023

SHA1
0555abe58e31c40855d0e7e97e9cbae66eeed4de

SHA256
71f3c761521915ae3412a6f85b0c9697ca9f667eb3d4b9bdbd5c833403547288

SHA512
fa347872fc36ebb3f13cab658b5a981da70e6604331526ca2bda6190f7da09ac3dc0e8dff1d81451f9ec05960206c4bbf03c3def37f586727c85c37296e26d61

Download Submit
C:\Users\Admin\AppData\Local\Temp\CYoK.exe

Filesize
240KB

MD5
3eabaa9bf8b397d94939b70bf09bf905

SHA1
4607dce4b1841ff2b44e2b4ecd910ba7a029fff8

SHA256
36eb6e05c1c7c46fe129317b9fd554f6ce01db25f633b64cae7030b1363683a3

SHA512
f2f253d091e8e97f740871a4d7092bf6db86feb30d8e02317166a02fb22ed2169e31656a5aff53e9e4048e178717456dba203bc1cf8978a77903406d0caceb9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ccsi.exe

Filesize
186KB

MD5
e0b831fc2ff58f6d444aa59ed2268a5b

SHA1
09df0ed3881030bf8ec3a930dfd447d92a6a75b7

SHA256
df98fb89b3dad75f0278b71a04ee595d50b6fffa13ff895cf3d96d4b8c9cbc03

SHA512
a28026a4ea5b02322aabdff6f8d6b731a3000788b3b598b4303d2f5f2a941077ba3d62e594f33371c8d6a4097b20fa505717b02160c5358fb9b040a1187e268c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CgAQEsgY.bat

Filesize
4B

MD5
3d3d0b83bee31b9a01b8ce27106edce9

SHA1
9febace7f05ece94b9d53071c846eaf2997d6c05

SHA256
ef2520fa64ce5edcdb1934c984e541a78b70e08a9ad46a70a5927bf96e963db1

SHA512
4be019e532291e7b0b1fc028fc755b2abf9be9bddccc7bf64828658e3921885916080193b02b85031d4791a726b6aa3b54de1a7cbf06630c6bbda1cd0089b678

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cggq.exe

Filesize
245KB

MD5
7f12a43728ff819ee88b9f53b590ab83

SHA1
8a132140661bfe2327977f0f181febb41e1928fe

SHA256
7163232c7777881e32fc4c84f67f96546254adb553780e1ac31b01f71eeba680

SHA512
d27918ad5bd0c9431139521d328cb2907a3bfdccad5d7d6c001fca3318b3a237845e75bcff72969a527ef9c52668bdda9ec91b5fe83935a3e7456e1bff78d74c

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAkAgcAs.bat

Filesize
4B

MD5
f3ae23b1ac9ba83235efb0854302b545

SHA1
9b4ee68ace108aa16d91cbe7dede9c2e0496430c

SHA256
8c5979d9c43c09a685d51ebacfd5afb9b7c372cbb5460a358ac74953c2efc6b5

SHA512
626065106d513e75d5e60fce9bb06f6a26901ef0cfe3b89b632459c6f829b7fd3c603d7844ead54be20cadfd20f093604571f4085145d84583c0a6fbc44203ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\EMMs.exe

Filesize
250KB

MD5
203b360cc3e8e92fea85c9c68ee24508

SHA1
f928fe75edfbf4f34d324ad53de4a963a0215f5c

SHA256
148c683f7efeecb83843497e9d9864439e19953bf0b7aada39ed46cd55ad6fa9

SHA512
5107a9d96daea03ed93e17c070fcda03c30dc3f7abdb704fd8a9c0172ce743ecf28840d94e514674ae92bf9a2b0b9d3013b2652022d0bffd392bcbc33e61acf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\EYkU.exe

Filesize
246KB

MD5
82ae583036872a263e8905333e7de4c9

SHA1
0037ca013248ab1c4d35281267e6acd1e0bd0bd5

SHA256
71038a74ee39502c4a886c2db101b3fc47fa191242f0c16d570d0466f9a0f41f

SHA512
1e24c8a2b2032698d3c73f40139677148a11a5d7c894d37ebf9f0e73089b391b920e375457a79208c2d12b1a460fea83bbc9d16c29ef63ae22903c00b4c171a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Egoa.exe

Filesize
196KB

MD5
83d722a1d758c79c0238db4c851794f2

SHA1
42e1514ca0a8e3d4e728f656aac5a62d2c5cabcb

SHA256
7096f5ace8589caf369be11365a4e2e1936cbe1b937d74ba2c7810eda7657801

SHA512
ce75425c012dc45eb4c2b9ebe8af2dbb830bd6485b3d8b6640a83abeaa1decfb00a70dbea5431cc2262dad3cbf269c165a18938f65d3abbdc46d4b2e791f1bfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\EskU.exe

Filesize
227KB

MD5
adc7b8840b76805b32aa424d21309409

SHA1
c78075189bba235e0ba1377b6e1b1d68173c954d

SHA256
9cc8df3cfe1eaa03fd0f36de107644d6e3b05126f12fee7fa4ebcaf80774bc10

SHA512
37e1f6b23d2da87276f5acc70897a8b400d0ed8cf502443a8a8313911cebdf7d17edc05d6ffa694c740d05ee1c3c22b92f15e9c22d98520919b349e60804101a

Download Submit
C:\Users\Admin\AppData\Local\Temp\FEgQIccE.bat

Filesize
4B

MD5
5ddbe92a2f7f43991804a89e325659c3

SHA1
a5c3ae8dcfab8ba5f5e08fc5b5fb856d8c2d59b8

SHA256
47d19b21a1582359a86438775ee7007c005c41da084db8e80d3b425d224ea6c4

SHA512
be6fdf96fb8ef522f6f388ad370ebbd5164217dc7be28e213caee8b03bde9da0f3d7d147b265d109879cf7eec1460ea6b83479e3b82779614e7bbc27b8c34bb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\FeUoIwcQ.bat

Filesize
4B

MD5
a0a2ee2908b079637cf30c266756386f

SHA1
28d5bbcfad9690822d7f3c812ab20e2b11992df7

SHA256
e596ea824c57c11473875f93a11fbb552e96b8980862d48bd912bccb124622bb

SHA512
a6b4657430c3f02ef91d71d89140ec80b96f7c7f18ba30bea0c585ea4118e31d19adf92ae1141cdb7ef56abcc15f270604d512a07077e5d6046eccba7a5c4d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Fqscgook.bat

Filesize
4B

MD5
c1be98ed9b8be4c02b17e8fd8e2b3eef

SHA1
52b06eaa0c4f188caae9034cbe6de4f3963a0d43

SHA256
3bf7651529dca36670986304a85679ed4f7704d26ea4e5a2ee940171436add26

SHA512
b2ebc09337c875934c96cf40add2865f51e998b582a87992e5e878dc5e3ae162a8e91a1450701190fc566c093bb3164b8aa0a44159dbbcf4594a5c5f92ea6910

Download Submit
C:\Users\Admin\AppData\Local\Temp\GEII.exe

Filesize
511KB

MD5
86754b8d3779f3939716b65f3d836d18

SHA1
468d4bb7357f5eefdac3c1461fb08b53b3083c73

SHA256
b8ef97f04096b8354cb15e0fc62df9706d195a01922a9d506324da5b47bed682

SHA512
ca6f3027a40e42bc53d55d65df6fb18159adedaf0de99283f8f9f48742e1cba721a004e6057a2bd4845dbe16c4237f96d6120f1e053245cc3536b7fe1ab90d3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GEUs.exe

Filesize
199KB

MD5
23e9d21d6e2892f6d04f9e6de6d59b67

SHA1
dc09bad99810bb8004dc99e21713615a7087ec0a

SHA256
35de8f36edb9d66193fa932243f5c2dbce9d471b77f7b0c9018bc2c6d21f2251

SHA512
1ef24cf1c5dcd00798199a822c21359c58a57e1bd2ec1c13c541d365fd9fbb38d46e3a2b46abf1a20713c19c60ff1549545faa297cd987b355fa362f93df609c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GGwIMYsw.bat

Filesize
4B

MD5
e2940b8722fce8c00a47dc6d7b8417ee

SHA1
d71ce7a1d6693c1fe6661b1abac0e947e2371fbb

SHA256
ec5cc486d3e8f61763f28257adeabded00b299491be55436acd800ffd056753e

SHA512
6a82d13706b168c5057595835c978427058ff0d94e1268a3f2ea5e0eeb79cec0d6b51b0098eb28a698d06f3d40e29c3ca435fcb7e9c16e5edb31dc9eda2f633a

Download Submit
C:\Users\Admin\AppData\Local\Temp\GcEy.exe

Filesize
327KB

MD5
6778f9266bd75e5165c54a7e9776959e

SHA1
df4e20ddfe800ed5b34c7a2804a116335a71fc67

SHA256
3284d6f71aadf6bf5870d48466b29a8bfdd697e223b5ac81a92d6d5072f8187b

SHA512
2c31adb71744e7b48420b94a0dfec5d05c27722507008133a342bf3da29684933d7fc9dab7062f2a58103eb42614b0c952275b9da985f4e4698f6809a3dd12bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\GiMIEMUg.bat

Filesize
4B

MD5
62d5909ad3a79de825e679e402698924

SHA1
0bf4a2f0634ed01904ee5aef7094fc9424d81e27

SHA256
c89d7481435da3cff0f6e3ae510630bd5cd65fd7317c35bc54f40e8c91756e19

SHA512
d07fd1a7039aaa2de3b98409e842c67eed0b4d7292b5e88e078e118f2343ec64e124cfa05ebb0642c7113d64de16a84e8055c0a4a172176844c807eadff7e6db

Download Submit
C:\Users\Admin\AppData\Local\Temp\GkIM.exe

Filesize
196KB

MD5
4a9a45dc529b2621078fe68a7e594831

SHA1
6998e98d0a5b603ec19047b946488484509ed985

SHA256
d773b6e1875b064e1b75950ccfd01d4f563f408f1610be6f73b7878ba77f2bf6

SHA512
f55ab133a10681c8a4b1931f8cf7d8e0dd6b957cedcb479b5559f9da9604ec6db58df48b4fda145f7fad6bbfbb85ea1c75edeb9b25be73f3413f9533b8597ffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\GoEs.exe

Filesize
192KB

MD5
fea628fc5235354e93cce1a7e2c607a6

SHA1
05bf4a64715ccd1b93a757c1514c3758aef628a9

SHA256
ae2b7d6d3f3ccb1d5ba4c1cc06fb5c12b42f1f53a174a6b1125987e058205197

SHA512
2c7ba8fc7e453d3616c12361718992c7b27495a675d48bf92cadcad39a780882c61a904ca411a706cb3eb0219a3c5bd6874d0042375a2e6bfd9041187487fead

Download Submit
C:\Users\Admin\AppData\Local\Temp\GocE.exe

Filesize
236KB

MD5
fd57308f895887e530467cddb3c08fc7

SHA1
234654e0d71537b563653f2e2379362a97158008

SHA256
3d73530a3710fef5b3b98dd2dfee80c9d2e56c324c6863a2d8086944bc82582c

SHA512
11db4c83514ec52fbc57362d9f86e082d668442f691d3f1273e04835d1ef2e81a7b4821af640defeb379f33bd928b59216d7cabfca679ceca84785e5e13bd856

Download Submit
C:\Users\Admin\AppData\Local\Temp\Goks.exe

Filesize
188KB

MD5
a9b57b9ddeae99f5253549f13aa5730f

SHA1
98c56f8a27b0d06cfd4826778f619122ad7597f5

SHA256
82011db1df4c4d4ec53da29089b27a914a520560a0a67d541e130b22fec18f97

SHA512
3eaf92e4aed0ab0802183698f1698c5bf3cbb133a2ff6f37c0cf1c575f718fe378a5611f0133dd2da6ad7f87c17774da4009780cb13119e2e618a6e292eb6dd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\GowA.exe

Filesize
242KB

MD5
492896cf67935ad9067163de19a4f8c2

SHA1
4cca0e168b5a0643e064e50195b8e10ea0b9d6d7

SHA256
88a9e02848659ab262cd4a4110404d977e57349f21e9a9c0947ae3bb7b29a2e4

SHA512
04ad3adfc439a3b07ef9f8907901bc92887209e36458486b14128fe55cf4f8ad4d393f6f485b63f8c8095527b1832512048e6765ec970fe8dc87a814320885e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\GqIQQYQk.bat

Filesize
4B

MD5
887e8078d52366f15d0b2c98323b664f

SHA1
42c69ee33a00b9aa8a9ad7881587bcb6c92889db

SHA256
4b85d18fdf9695a4389149f9fc75126a5bac9699949e9e0d5cbf733bc74f56a4

SHA512
683280bb7a0d67a3ec1a1957b681aae9ce21b818e3f0001dde97ea62e5e0440a766e25c35f4eb7bc0b10d32960012b9105ff57314ebb125a6a70b94026010d3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GsQe.exe

Filesize
829KB

MD5
574ac6858f34adc3761bca657c3938ce

SHA1
2bbe4610ec10d84793e2204a36769fc06710bfa9

SHA256
a56cd2503e5fc9b0c1b3735bf42df4991df62cbf68c7431307fe633a543c71f5

SHA512
eaf7ac0e2127fb7c3244820861a21cccf1d9396106882e04c2a954ed3f069b7729e3f4d760c75919257a932fcbded032b12e2736278623c0d349e2f6350d6305

Download Submit
C:\Users\Admin\AppData\Local\Temp\HEscMAgg.bat

Filesize
4B

MD5
fe535fe874651796a5c44aeed4b78d87

SHA1
0c78c2fb76ff88dcadf06ea37b9d0206f63fd416

SHA256
bb42c833a73a46be514d56635a530ffc803ccfbdef5ccf7a34416ef4db31dcbc

SHA512
e3e65ce992fcbe750078f46183466b4c9dc577e2390577cc85457fd68672a7d27307a52038532bea312bb57baf2ed5d291a467246fc160718df86c60c16fca4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\HIcQMgYA.bat

Filesize
4B

MD5
2f1ac7baab912413bcf103fe5fcfc630

SHA1
bc7153277cfcbcd43c590472fa969416455a5cc7

SHA256
07fa9918243f46561c6b8075c647bc4c44760086b636dc18b40f8cb2e13c4616

SHA512
94717864209518b5b7f3a6254154dfd4e92d3f348bde7bf11c362cca2a13ce93ec4af55485c4eba15d896d40e3f3d7e239adac68536af92c9183f7e72f43996e

Download Submit
C:\Users\Admin\AppData\Local\Temp\HmYQMwgk.bat

Filesize
4B

MD5
6a72c9dc0ccfd2a597b9e9180b869e3f

SHA1
b2ee161ac02f9203c2ed7a29918377a7a6b29576

SHA256
efb944e615c444016b37b98058e92f2bab7a8e146083f9e9f1cea141bf87275d

SHA512
ab95efb3d6e37ce86c72ec764423edbec4b2c5343b4199c6970d8d043577ca5ac46ba49cf343f63bb0f1e9de1bfbdf5416c9924a4498bc1ec3ef94c48883eba5

Download Submit
C:\Users\Admin\AppData\Local\Temp\HoAsEMsQ.bat

Filesize
4B

MD5
06e5f1cb5bde0aa38fef859231d4a3b1

SHA1
3aac3aeee69eefb4ce58186dc33547284296f7a4

SHA256
ef3139afba75fb2ecbeb164b1bca89a9aa9f0f203c9e4a5057039cb14c2a66a2

SHA512
086409282b0e441ef76edcb549df3d478bf03ff88865afde1a2097d990b4ffe32fcccbe9bdec38e99816568db5a57a138ad2350df418b89ae1b925c33425b9b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ICIssUUs.bat

Filesize
4B

MD5
7eedf651707c969346ac26fc18177f66

SHA1
ece6c8c535a09648ba0aeb113028b702e3fb2fdb

SHA256
c08fe6b64caf2e2e6b9d6c7115fcb21adc35b47a8fd40ee786fa12ca74f06568

SHA512
74d063cb1ab9a3844145651c64eeb077d3716b296acdf351035266f2e621cbe858f7b2d427aaed68665a8926766bf7b36f62c22c74ffd00cd1d75f47977bc1b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IEAi.exe

Filesize
245KB

MD5
9cfa73e90afe2a34de306881e8b57796

SHA1
5526c3158cc38f29d30fde6cbdff96e13ac280cb

SHA256
3d8ecd93b13a477cdbae3ebb696cfd5e625827193f0f04ebfaec41423c4b483d

SHA512
519d8834c4740c394d84b1f794650f6e367ed2a1914cd2527fa16984386362897761a5b0acf193d4a6cc2e5fba2277283bfdb4bc31bfc2447ee27151121ffa0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IGYIIkcE.bat

Filesize
4B

MD5
0338c58a4d93afb1103d6410d0f32de3

SHA1
95edffdf7bc51030d8f7bda105d4f996bcb757d9

SHA256
af0517983c42160f1edbcb8378cc9b9c44b50c78e59e68a37d7916db35e8b658

SHA512
269fb985b20bf9badd0e2e3bb4b2fba78d32d8f58135dc41680033aae6cd5f7e8490a31c94f02f61ad817baeca3c3904595998fe8a29c1b0d953f6cc1cf4e911

Download Submit
C:\Users\Admin\AppData\Local\Temp\IMws.exe

Filesize
235KB

MD5
45b0c83df549fd378ff7737cfbac141d

SHA1
c8c72a6c3ac54fc74428c951c0753f245ea7a402

SHA256
f0644e2cc481030bec5e3c41f3133949dbec13acafa2ac80ff0cb211dd91abf8

SHA512
98d776cbb10307ecbf1058b5da3c7a183b72910b9c9cd8f3aebbe1ddd3ac1cc09f96cde9c76dcde22c1419cce5078917a7a861c41cf941b39bdfd9b5546f785e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IUUO.exe

Filesize
193KB

MD5
fd21441610696d523acd1bb973ea9cde

SHA1
4f1853ebdc869254206e905516ad77a6842bbaf2

SHA256
389e861065cd4db22c9b969627b90a45164111cd38563e3af73236fdde88b3e4

SHA512
69f7861a0bc0f757dbef45985924e6c8260ddd0c4d1ba00055d56f0c0ce3055955a07e67d69bf887ca5619c9b33ecae24ad977c00d1972a5b424079dc319473f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IoEk.exe

Filesize
199KB

MD5
4306abd5b2a69aa654d4fb521c101e0a

SHA1
5bba0cbd414b5bb1d277a33cf6c15478dbf0225b

SHA256
35317a70dbfdff73d35e145712649cf5ba9b739e79eb55b3fb67f0ba9a53fb93

SHA512
3f7f1861552d6ac8d2657e0a70b427291db8f0950058704c0ec5e151eb1c522917d1747c474e6a3a26a907067b6bb52669ccff8dae66b923e025c3ffb2f434c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IucgcAwU.bat

Filesize
4B

MD5
244e947ce03ce3efdb12bc3101b26562

SHA1
2f1c5291eefad71170a8e09709d553e0613444a2

SHA256
2b0b3b0b26f19b320bd4f365d7e9e38e6254b2283f124b4f17a764af3dbcdc1f

SHA512
f3e0eff7d0bbee731dd9864cfaef21de561be86e9211d62f8d4484bc141b091cb9fab99669527428e193ac32492e9a6ff9d56c8f364bb6c6d02b40255c2cbf68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Iwgq.exe

Filesize
240KB

MD5
7b45f3f3ccbdf185e0b17f5918cd93ad

SHA1
ae9dc6ae1b281a8d190007019aab6ca803e7b450

SHA256
f238a5053f6ba4b0924fb5db483c6f3d9c5337d4d2e714991f3e82c69bb25f76

SHA512
05286c5599d90de429cd740da0b9447683b3b351b062dcc9bb70c39a6a116b9a125324b17211ce4385a8f85aa37479506469655699d1cdf7b7c7c5ad5fe4010b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Iwwg.exe

Filesize
636KB

MD5
325b0ec7c126d006768524e5e9d11a78

SHA1
ff9ae28a2883fec50c484e83b5dc18fb2f7c67a7

SHA256
4b8792ed9bdbc73463137d096c9a5c18c2d97d0407ff945b1c4cd300d9caff4f

SHA512
f28368275ff7e780fe1ae40bdf52b79273b4a943434e6d8d066e9e30ac8452469f4f4c031dcf10dd7c46ad69c8df0bca6d5cf95346317c2d5fa7ad6b1a96f23f

Download Submit
C:\Users\Admin\AppData\Local\Temp\JIEgAksg.bat

Filesize
4B

MD5
68ed941f907d8bde1cc6ad4b6b2169d0

SHA1
83e79ade244a0d03aa2543b35e9c353e58f54422

SHA256
b744ce7756107bc0e679ab349888be35b2bdd3ce8da1c3975eae56c0a5968477

SHA512
21b8b282f7b4ca7a7b480bda7abf2b61069fb9de595039242e35a004f6e3bb26fe8fb00121873978c8905c972dfcdfd3064a21dc5bfd574186d00572f08e3f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\JSMMIgUA.bat

Filesize
4B

MD5
acbbb8e2f5185341d0d2b5177757dd79

SHA1
a62c4648afbf565ba3cba5b7905565b29323d2c6

SHA256
460fb99c42619e4ba0a350201b831b4982d9395f92b56ba7ed56eb076870fa38

SHA512
5008fe09af0e3db9465f4e9b6f1160719a65074ffceb7a9320b87be4dac131bde08c4fc138983cee95a3924d1e6f23886224b19addf1ce25fdf5539c152cbd95

Download Submit
C:\Users\Admin\AppData\Local\Temp\KEQIgkso.bat

Filesize
4B

MD5
667b164406846cf9c4c4b7c093956c76

SHA1
bcd425e672e2ad5c976cc76495cbbe0c01f76b49

SHA256
1821d90810c741437edfcaa993a411ce51801a7b5f01ba4b4fa0e69434406ae1

SHA512
b132a67a70c6cb840f6e9dce8799ddae3e771cf6cc40da883935513165f35ebe96ba8ee952157fa75bbbdb2db24058f80325ec94c816334c21e43f71f334f5c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\KIEe.exe

Filesize
252KB

MD5
9329450fbc5f7878d7b32d82d5d1a0e4

SHA1
6cffefc6b37cd4eb562cdfe29c119fc70aa0f01c

SHA256
94ea3852704c3f1bfaff7f6cf2de423c13e99be4b55a447d3be0990ed3b8d0f1

SHA512
1f23eb7ac352297301b0785b8d852103a0d17ae958f632610d86618a169374a90a5717477165914f9aec9172c2f471b62848ddee93fcf55b033d64cf85d9b6f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\KIYYUogo.bat

Filesize
4B

MD5
ebba98e7d0b4e569e26558f054e58066

SHA1
264952b19d5708ea2e0d998f008b76fc4ea9e5d4

SHA256
bbb555078d6218b7eafd28032ec9d92ec1ac9ed4f8554a81993a0fdaac7ba2f1

SHA512
4716b12c5539b737c21c3e182d61cc1b77a239094790c59b6d5e7b84c611ca6e056025fd90d33f48d6c7bba3ef5caa87beebcaa0fd914d869cfe25d064c2a894

Download Submit
C:\Users\Admin\AppData\Local\Temp\KMoE.exe

Filesize
244KB

MD5
a8b506f90c8f36409a898274ce994b72

SHA1
990b0475adbda9b50358d9280a1c828894854eb1

SHA256
a2d6c59521f06e5e7ba88995942f6ad5adc6157d002a69e45ca746ed076e33bf

SHA512
ab66fd285ac357eb2c30f9d90376dbbf0a0ef4da0490fcc8fa6d1275fcf738291aad2480c7c2b3b67edeec3c2d8969b94594f4466cc9f04c6ebcc3e3cf4c1a37

Download Submit
C:\Users\Admin\AppData\Local\Temp\KcYg.exe

Filesize
250KB

MD5
c04a30bd03317d4e43234c3bebb698ea

SHA1
32536ea05dae1b2261e6f46261fa748fc0b3b864

SHA256
ad8020778bcda195a2d7795d987d4e7801fb95c752f23c629468c818a2c353f4

SHA512
823623a9d543ac953c7ccf8b997b6bbd466ce2ecfcef438d4c3b202cb4380e4360b20fc89e7106ba2db3bf8775440d1d55db08d06338656947ab41268a56b881

Download Submit
C:\Users\Admin\AppData\Local\Temp\LsEkgUcw.bat

Filesize
4B

MD5
70fe0ee9c3683d0e7b920a8ab7030ad5

SHA1
1937bd8b553a3fef4b40af5015eb23c6b01ee995

SHA256
541c1423994659d2f5268092f3655008492758e0ea70a0dac7a2bd11a636c6b1

SHA512
c9c9ab15ddc961cb07b1bc76ad57c6bc8ef3d79ea7a70a13c3a095816b1d67ce00d19a61390013c12910c0798c377282044a225e057ad635c9d5f4fff3cbef7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MAIU.exe

Filesize
244KB

MD5
720b701f040e08fb118618c167ad5f84

SHA1
8278f82cb247502a62dbb6b69556242b43825291

SHA256
f4425b0fafcd0a8d521277012ad096e1dca59d75b1288eb6547d2f285c55c241

SHA512
d0bd80d5609f72491b1ffa8711f928fc9d122faa63e2988ceacc0387c2ee08a24b8554744adb335a6b8528db25961de55a7a30e235fb1b2c98a858e4c6e0a301

Download Submit
C:\Users\Admin\AppData\Local\Temp\MQkS.exe

Filesize
739KB

MD5
538abf573d1d6c3136002f244a74a34d

SHA1
7973feaf7ea74485f41b4d1ba2acd378c253aa49

SHA256
68656c2f917c62215de8f6885d9d92a50f642d344e469f6aa017bf94ba3ebe6d

SHA512
340d6aac24137e8d46710839a8932460efaeb183068753b9848584af5969ef56b8f50be1d7495b74eec559c2d12dfb13ee37543bbb3fc89387ae1cf883d26f35

Download Submit
C:\Users\Admin\AppData\Local\Temp\MUkG.exe

Filesize
244KB

MD5
0092418c3be75385082e8c18242b29d5

SHA1
4e3cbf68643e748d5d91c05e02f71986c15ab46c

SHA256
8e889660419607932a28f4cb8d5e056d239555c0454a196347270eb85ffb6ffd

SHA512
b018640f0f27efe8fbabb9bbfc3be14b69f1ede182f0aff726142906aca3e5adfd6afcac1eba20ff830316767df78fe4d69f15f2671e58258cfb43afad5e2221

Download Submit
C:\Users\Admin\AppData\Local\Temp\MYIO.exe

Filesize
245KB

MD5
2da4267cd15d42fd36dc1625bfc5df63

SHA1
146d790267db6da29e858075592570b0e57625a5

SHA256
ac07abfaa5b92ace347f32e528b7762220822c64c01fea3184307f58d43562a3

SHA512
650c8a84ce694a5cbb986299e950f62fa3b7d3f48dee17f4c1b5744b16881510a86e849b2c268fa905a670a1d0dd3f97791aa709ca361dd6236cf3379298e23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\McgE.exe

Filesize
250KB

MD5
b421f8bba5d080a73b8895ac1d39fa08

SHA1
9937dde9ff55bce491888f0ee22baefdc9ec6bfa

SHA256
597ae98f9668424af659efd1a185917185817492778c5d8bb0af5b54508babd0

SHA512
0e2c82aca6b8521432e67b95dd65ccc1aa3a783f6a96955527255a02771931cc3b6a3390f8f2470bad66eb0c9f0a456fecc4537c486e9beb4af55fa2fa000377

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mcwy.exe

Filesize
251KB

MD5
8f1878f361a0db3da2051d6aa4366e72

SHA1
7c3665a4c66951793752419dd8b8619d0384b8fc

SHA256
d59f78fd2ef6c364bbcba375989209902cfd7657ced205c64fa3856f92fff3aa

SHA512
bb5989c429947a7a50bb49b92cb70539523cc50ba58652f57bd36633076f4a699333810933c3d75664e9921232afc23fc3593daaac378e66df92fb9535ceb495

Download Submit
C:\Users\Admin\AppData\Local\Temp\MgMo.exe

Filesize
248KB

MD5
40f7652b69e179d1bce4095fe0dc6af1

SHA1
23eade23e983eeb5472f6da8e97fd6f4d634d070

SHA256
0001b52c9afb063539d53649d2257497ffd5606292dd28b82d959a58eb32b25c

SHA512
4136593142edb70964becd4988e92c062fe377a699def40ff387e02df46c3b8d4aa4390da23260bcd9f1f73b0b35af46674f11a18aee1ce8686d4c0ae016411c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MkEq.exe

Filesize
634KB

MD5
81c8080412e3d0f627d5e5d8c9dbb0c3

SHA1
7e2a674f208248708b1180e9b0880fb3c133ccb0

SHA256
548ac1e4d2b5fd21f1d5a290f4c77e82dd73ed4abb13683015ab2d3ecd463de8

SHA512
15a2a15f6e619ed70a538d3b520c3f4d89f1fcf08cf306cdfeaf1b60668d00f2d6656a8df1d54f4559e28fca51d41ea5e81a9fe719f63b9590aa2496b80c7863

Download Submit
C:\Users\Admin\AppData\Local\Temp\NSMEYkoU.bat

Filesize
4B

MD5
b752eedc9aee88d268c00c73570a59dc

SHA1
b0e29239cd0c50aa5067cd8d402281c2b9b50da4

SHA256
ec0fb948194c79e30383d129fa9b174f9396b034ffe9f2cee27ce5f63e2d68fb

SHA512
b37fd75a122a71da4033d6eb5c9fb80f6c2508b9aabf4584437775faa107177c7e3602aea18d66acfa4de634488b2e9a673918aa2f4a1fb0f7a68b60460423d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\OAwwYYkU.bat

Filesize
4B

MD5
b91097670e44507c3f29d505af5c2cc7

SHA1
2ea7df7d8e8dbf217ac19db6c0e3a67e789abec6

SHA256
3c4b85b06250493d615f0da65a95947e3163b5209557fc22bc12d79d70518954

SHA512
1391016f47c99bdb76f22858378e48e59c1615ead07aa07ca844676ef15e27c138e8851b4df9c24bf5d339d0de4bba08f7dbfa52755e0c1c81fdc3fff743d250

Download Submit
C:\Users\Admin\AppData\Local\Temp\OIEs.exe

Filesize
802KB

MD5
400d261ffe0fd0ef322aebe00b410c2a

SHA1
3533c432dcb56d306ae8ac4e40d15a66ebeceb50

SHA256
7ad9b3ef9a0c2eeed37e955fe6acbb6b2b4a3a88a0c368d465eb4bf0589afa84

SHA512
91ed2a94b95520bca9b588c10cb092bceeffda5196ea090b2e1cb3e9f1a3d9a48713be074c1c82293a962c6024c26212c7a08f1a32d1fa894fddec619e81c35c

Download Submit
C:\Users\Admin\AppData\Local\Temp\OMkk.exe

Filesize
236KB

MD5
ebc5fd0c99c775af53cb751d7ea88615

SHA1
366eb1d6cded1785b94d4bf4c9c7e83dcdb38ca6

SHA256
8ed5dc9429c133976090d7717c57ce79a2b6755df42d44e6b90dd7dded12d0be

SHA512
bf27ab5d92581e56aefe52085bb1af041330456ce65eba884166a72353f95e46a0036b5d2acdde477fb7a0a70310d9470a1c65ad6125b04d18c5b44c71653146

Download Submit
C:\Users\Admin\AppData\Local\Temp\OogEgUwY.bat

Filesize
4B

MD5
24d9634dff2976f2ff06c24706b600d9

SHA1
46a12673f2ab7e6d5238baf6444482504f1c749a

SHA256
d0aa2532153396209f95dc7ea237a49d0497bb4f252a4cbe64963053142cf332

SHA512
4cf42718c52b5e06e5ee551cd25b9bcf6eeaddb07d158cdc1cb33f90413533b9c567214a6b9b6429f2a0948546a5947572591baf7fb7c5bf769dabc69222df62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Oskw.exe

Filesize
1.0MB

MD5
5afcd68b746786e16e615ad6bf193318

SHA1
9690baa209912a87d9145f78db3febc34153b9fc

SHA256
42acf3f1aa4814045a3e09eebc472b960e95b52593fe546b4b2a150aa2482c9c

SHA512
af0de18e87dedd3aac8c2a08ebfb4a146dda8a7b4565cefe81c13799a06efc822aeb39915628e71ce5250d6bb0dab9130decbb0583c459f169fe2de7418308ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\OyEkQIAQ.bat

Filesize
4B

MD5
437611515259001418ac139a08a34d37

SHA1
0e24f23b2a862d0c61ca2b71a8080bce31e4e208

SHA256
f41e2789e8e470089c00970037be7ce2acc0cb9b651e1525333f4bd8a633223b

SHA512
8bc5fa35a7601a1aec45aa001efdf1c4785666650c34f4e7fda820ced015ec25212684e55f7b276a96672813ef83bfd367bd310f502b0820518c5c957fb4743c

Download Submit
C:\Users\Admin\AppData\Local\Temp\PcwsogEk.bat

Filesize
4B

MD5
b9dd32a4cebb6af2282e6df9174da901

SHA1
17c3387b00ead5bb3b4391af3c9ed334baf8dd0c

SHA256
fc0d2cc199066569a40a3c9be492250bca237b6324f6818826dfaef2028ee8c9

SHA512
cac5d188b1ff3eff051a8a606d6d0bb2cb788ba314ad862e7f635b6082d497f8fd4260495795c722a47bce51389170d0d915c17b88b37e92e7e2933b9a9377d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\PiQUMwEs.bat

Filesize
4B

MD5
e0e208154ceef16e713e61cbd4febefc

SHA1
cca98781182217b2c94efbbb8bdf2966c4f6a185

SHA256
05d7fad386ccd2d8be76ba5696b97a13e39ab20d393eb8174bc4faeecf3035ce

SHA512
8191ba921455b314accee05bac04f0cde7313c14b3c46ac0cfcc2eb7c99f65044dd69ce81b07dd2aafd5d50aa112e5d99c48fae63cff1795c5d30f2a2d4ec3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\PkwMAwoM.bat

Filesize
4B

MD5
68184e3c0b3142224d7907d64ed821bd

SHA1
f72d5c5a7e9a4ee7bae41ee5f518e81052aa6c0b

SHA256
28a16fc125fbb8a61b77b9e6788a519915487e4d3f1a9009eeca8e97bfdc8d48

SHA512
0243b136fb3e5ec3b1cd5013a9ffa65c238beea8461c11f471bef46f6f0690877ebdfccbc9fa03611263f7d45ce751f5bd6afdd11e24c8c06d178bc8f5139177

Download Submit
C:\Users\Admin\AppData\Local\Temp\PmwAcoEU.bat

Filesize
4B

MD5
200b6026dab4d0d6ce93c1427eed2d51

SHA1
cbe321bbaaf9abfef65b1e51dee835ae957aea4d

SHA256
c6a18c683ae08e6cd03ce50f541707c01c8c4b44fb1274eb16f3471f3d01332c

SHA512
17aee20071151fafca6af4e922de8efbb6f570a318350b31836d1f10604a0acf5a45f25edf8f063ff262ded396864dbf063c07d7cc0ea3a4b5d41b66ded778a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\QcYW.exe

Filesize
625KB

MD5
ce72b5f0b450e9d7d66206faacc30888

SHA1
5dd40fed589ff3c3664e1bc2420b7c79f8dfe2b4

SHA256
2514f8e3aeb4ffbbc167695e731d05c5ad4c04e631e2cb4088b1036d7c1587b3

SHA512
14f5c2e991839b4135dc9026f3882134d245a752c772e64879c86a0682d00c3a261ca843896283a716c2ce10e8b83e5860794f5ad26ccd012fb576d352089272

Download Submit
C:\Users\Admin\AppData\Local\Temp\QsEe.exe

Filesize
201KB

MD5
752a186e37e403c799c76afe2cc9ee49

SHA1
c362d6cf0fdd74be20df195ace032552041afd21

SHA256
6fff935ac781ac3d65c9d18a71b4aaa95351f9d4a88027f74aaed54ee375a1d9

SHA512
b0e130dbf909310c976d69cf51858db82cc0c4ba2fcaf928238b8ad3bddeda08198829b2350b3305894d8438264626a5d061b3a4098d7df742c160f5c939bc6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RMUkAkwM.bat

Filesize
4B

MD5
caf92f12fdf5f585d5ec5b657dba422a

SHA1
e47f3171cad99ea147e0bf0639429cc02b716326

SHA256
ffc890ede62058657eaa64c3fb2f439258251d5d30ee53f34bc8e45ff92aabe0

SHA512
0cacd91fb70b729e19ab06b2a12cd1de048f18dc8024d6341826ea8b0796974826b605de56dc5b45484ce64027ac75d609a81c575c21050f2193b3e1dbb2ca9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RekAMccQ.bat

Filesize
4B

MD5
6b36b3c92303c1e6c1fe63658f1c8833

SHA1
bf4846b2fa03943f68caa0699728ce31611890be

SHA256
e2022859a59fa9cbc12b35d5e4fd59fb7c4fdc2ddfad28bacd22ba9e393e48da

SHA512
8df79c0faccba5b56f693e03aa83e83a0f6357b50c7a17ebc67640decca0b446edf0c10a0fc9d2c728f697ba64948dc165cf3645ff29dd312cac36a41408c40c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RgcwAogA.bat

Filesize
4B

MD5
adf96063af8c2591ad9fc7ec6cb7e1d0

SHA1
3de391595261de79ea9cfc1eb24f279c4a43f1fa

SHA256
422f77671da7a99a319d416ae049890e0940df0c798b3aeb7e3f4ff88974432a

SHA512
f32a31bf9df2f7ffcc0685d882ee1308842b5d874662f82f03ee0b1275ddbc74a843c4ca84dc025b8b7dcf4801ab8b6bdd3b9f374036a7869f68e2531cd44f2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RigcMIEs.bat

Filesize
4B

MD5
3455d180d87ec0f45ac5c7ef90f88aba

SHA1
8f0a55b3802636192668ca18cce35dd3d780c97c

SHA256
e88e77682c6adc3d232230f7b7e8d3619f20587a236116c359c18bf7cbd9f45b

SHA512
22fe259427810f9d8174a5d85f188a5580782ffefac341c8d4c62243f812c84781f5a2c675c23a8f8dc6b01b8e84e2301c866677ff362910d6f12df9c892ebd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SEUq.exe

Filesize
233KB

MD5
f12cca0eb8bf2930d00e14d643bc8346

SHA1
6ed29b8b241f7957257eaf8e0ec78509fc837cb3

SHA256
0cac9fc2416eaa27151bbedc2c95d815123c05d37be9251ac91640cb3c816368

SHA512
7b76605883ab2bf1fee43abb4bdbb5eb73c7c79675a436fa98e951246de0ddd63fb0aab6b3e2b56287d61c49f5d97f4bec4ec44bbff397aa7fac738dbbf7a72a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SEss.exe

Filesize
200KB

MD5
b45e80e6f10eb559a389799a74b2f564

SHA1
c834f10af4e168d809363610d218a50576338868

SHA256
b9d9fb1529b6b6b47c69918794f0184c68e237bec8bb835c48af964c5e55b1d2

SHA512
63f8ec40767720cd072afc2acb4c646ada33105b7cbf8e27b9e337c33e14840a61e67669c6076ea38e9771e12bea905bb59a9fba861270b9fe3044826e0be322

Download Submit
C:\Users\Admin\AppData\Local\Temp\SIEgIMMU.bat

Filesize
4B

MD5
0b2246bd01efac46f00223cdcaa00575

SHA1
b2ab51aaf668de3759b0d27bd89ef382f02c4362

SHA256
54dd3f39d244efaf1fecbe96cbd728efd1bfc8082730930fa680392b01c35cc4

SHA512
15dd6e3efafdea88d3ac85b383159c487279f5bfa3320e138de73288cc5544b6f24c1a9b4922de1bac48f7486bf3f58ca0917f673e9a37802ece9441f96d954c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SMoy.exe

Filesize
244KB

MD5
1b9a49f0f4885d3274e2c67844e6d3e1

SHA1
2d31cfb15069326531c9c42a3c36b7b9ac67866b

SHA256
91990c1ae9b4458cad0f94a43db95bcdd20c900bb3bbb0cceae2bdb6d54e2466

SHA512
9fefebbe5cff328af75a2cb287f69ba8218268690ea192e7f73a6284bfeb7db040354f415bb76b2f9f4aa6a1843bee6f8a95a800ccdb7f1a38bdb0eda915aebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\SQkc.exe

Filesize
201KB

MD5
843f0eaf01a84688e72eb9eef8e869c4

SHA1
22ad1e9089122cc7fe71e4ebad278a34c159afb7

SHA256
0ea92b1fa75fafbafbae333079c21154afeb9044378f8b864be635fa2958da60

SHA512
8063fd0afac0b6328164a9a111d0ae873cf256b11ae4b609e520f9498c5e3cc285146931bd2f43b2dc712ff0572b5c1206f68eb26b4d8c833d431adf8b0fd393

Download Submit
C:\Users\Admin\AppData\Local\Temp\SSkcoIYQ.bat

Filesize
4B

MD5
e25013a391630374e6ff198405879b7f

SHA1
b1dd6582df0731f9e2c7ba91300136be19cf00fb

SHA256
ee3e8c94772ab7a21fe49080d9f55fed7e09400bd3eafb66f8804ff9cd10e9de

SHA512
c9efe9d1b9be323e2c0aef474726d13611c31237e6b995c62e34c6b7edba76d0e712f12029b1b0ba714b18e3cdd6f7280e5b1c9b885915f5ef875509fcb53556

Download Submit
C:\Users\Admin\AppData\Local\Temp\SaYIAAcc.bat

Filesize
4B

MD5
49f1cbeabffbd76eb41e377826399a18

SHA1
5fdada40e99e6dd835178dc2145cb92eabb278e8

SHA256
b1539688915b193414c96f0fb504232e69694b60a808ac316e6675e522e47b65

SHA512
092c59ad671e2daf082ed2e95f24baef07d0d959c5e941bbb403c5c3b7bc749bc2c0f30b44e36a3399745257afb2e5774abdbba55ad6af1a17770d40f9988adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\SkMY.exe

Filesize
917KB

MD5
6484af909f8320bc0c25b36a7b509ac9

SHA1
f04b4efdb7ab4d6a611595240a8ff3f5c83f9bdd

SHA256
ff5467a2eaebb733f2e798fe4e54d5196858d59485d15712512208b97e790307

SHA512
c48f18905be084cd95f53c9827e27360566cd29e494c373fd222569236934d2ea073e8ed1dc2f5c2c5abf49ad9cf86d601ea35cbe8403c24f17f216665c4b23f

Download Submit
C:\Users\Admin\AppData\Local\Temp\SsUG.exe

Filesize
945KB

MD5
7ad17715cc6518db8281334216dc5613

SHA1
69e3a1443ba174de659b0018ae87a22a92587cb4

SHA256
d8e96f94443a16c5ad09d3ba98ba848466e2552c67d0bc7e738957ebcb6afbc3

SHA512
0221b879f72a8a02ff492370b873c606882ee1f5728c373e19619f81eb0ca42082759f98f19090790ad69a4aecd1a803ec423523515a216f8e93accf8cfecd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ssck.exe

Filesize
234KB

MD5
eb8f8a235b68174bb51f5ab8d53c85f5

SHA1
f776a26e85e31bcc92e63a597815952b4c3588cf

SHA256
f5cf6435a6f5a5ba12eed4a76fcaa3628196691a82562e03cd16272e40ed38d3

SHA512
975c6334eefc249c1e4402587c04168d57b377c40e83938cbd2356bfcb2f228b39923f7e1019201964a8807633223042fa29eb7b1887887aa62cf955d026d291

Download Submit
C:\Users\Admin\AppData\Local\Temp\SwIEUMAY.bat

Filesize
4B

MD5
6c4c005fc3a435a7c137d9ee5a6ad3ef

SHA1
e78ad2f86750b88582dacce936bb6434346c4834

SHA256
910752803c25c74dd0c39dd62edfbe5f73616a9b9e66c7551556262d959f0368

SHA512
608b7936aa3c54fe9a456eee1a1edd9c4c898b32bed0aca8753355002805403e3e47d7c1cc0606cd29cc164742428ff6cbe0e528f4e8101206c9fc2ed677d4fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\TEMUMUAI.bat

Filesize
112B

MD5
bae1095f340720d965898063fede1273

SHA1
455d8a81818a7e82b1490c949b32fa7ff98d5210

SHA256
ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a

SHA512
4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMwYkYEM.bat

Filesize
4B

MD5
71302e15884eea8b0d1df3c64a344e17

SHA1
9d2a169707fef3936418def9223b4242ab9934c2

SHA256
f0251109a52e814c2c0f27a0840606c469a15f7574edd0696321c8d1a9336cf1

SHA512
8d6f3ca5c832135f8f906b53bf98b16d211c2e095e52d2051ddc6448613a075eeeb49d13cff6f757fded4361f85a9dd04bcf7613a429af460d3addee60a48d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\TSEMYckY.bat

Filesize
4B

MD5
2d7229cbe0d9880100df81236a9f96d0

SHA1
217381903ccdb4ad7e8f44a44debb6353aa113a5

SHA256
a788bb90791f51610a0aa9d9313e1cdd77452542d62090a7b1ed89e003c18077

SHA512
c3a0ffa743a7ec232d7ea79fae78d6fc1576d327c92a93b955fc3d172f51373fa0d2678c413f06530518abdae94de13366d25e191a45ba595429d5e9193e4434

Download Submit
C:\Users\Admin\AppData\Local\Temp\TSEoQMcU.bat

Filesize
4B

MD5
4cace390823f18823a6c6e9d2727b433

SHA1
62ed1c68893c900baaa7830646791e2163814969

SHA256
4f587ea7e498ef8977e81605e20953b67145abc3f2fddcca4a353f779410c180

SHA512
9a785434c1eeda1ac17daa01b5654a01509d331b0f9c21fabf237a52a4bfd9eee049d207de34ad149028b0972ccd48933cd895f236a8caf891e0de95876bcbb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\TYgUEMsk.bat

Filesize
4B

MD5
11b6745d85e2f7975a861431169e2509

SHA1
1510f1d69160c0f0771e9890d00d2a5d90b01705

SHA256
bded2d6a07ff55d2f968cfee9f2aec2560ccf954ecc8a378ac597fec5d951afb

SHA512
48826b5e5f4a9b00296ddb62b290055e19ccc2cc76a8f134a66317af133a73ec3a078c37973618f54620977b77557f1eef17fec5d5618440dd2607f944cc2ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\TqwMsYIo.bat

Filesize
4B

MD5
aaed607e6d60a760075651a57365687c

SHA1
387ae39dd51e2c7562cc3cafbaa3b2e45d394002

SHA256
ce915be0f5d5a5a793cbdac1e9ba753e8560bb63b86f27de3516ab55c07434b0

SHA512
7105332484a5b8857de0f9cc5d761b90e8d713a6f25d3b3b9f02d32b3c9bd84d782b576f5e53a65f22ebab9df05a80dd9683321e6082c8d9062814eff5d493af

Download Submit
C:\Users\Admin\AppData\Local\Temp\UAYg.exe

Filesize
244KB

MD5
3c11c97698fd28ca8a4faca60769106b

SHA1
e6e380e595fc338e70c44345fb7fb413d43e4843

SHA256
0acc9ac73632f3bcadbdf3ef37d8d3cec007136b6b6f2968b7941eb69409b845

SHA512
f8115ae339d358d23b1be20e65f7ac47cff2a3512a7e928f4268632fc85671c56369b5b2aa0784d5346d561c84f7a8cbb4f53209fbc27f3eeba59fa7693b5510

Download Submit
C:\Users\Admin\AppData\Local\Temp\UGcwAggk.bat

Filesize
4B

MD5
a324b52de9d93e260116a415db90a342

SHA1
f2a8bedb7f85997d6a9adc28081a31659a23a58f

SHA256
bdef1e3a982a02bc9a95ee41b00cc8038e127ba370e7f432ecb3b61c9710d385

SHA512
89b407e343f76d8466979730e52f7101ce7cc0e835ef6c49af321fa6286f0a3b6d2f2c6abc224361b1d29c0298061554fee69f6eaf7bd93fb1f0bccc1b9fb867

Download Submit
C:\Users\Admin\AppData\Local\Temp\UOEUgsIs.bat

Filesize
4B

MD5
2940f8b3586b29aaba9a44050e28ffcb

SHA1
e344bc9d1ec39fc481e94233df77f969eada8971

SHA256
74419cafef8bfbaee68e10d8f4cfc5d90cabea28ae6909ea5a191b4bb10a4016

SHA512
6e3eb7dfff36baf5581ab83054cf1cba6dff50abc3a4b20b34603e395596005f3b972dfb886116896494231919fbc8c41375caf4590364d05615dfd491db608c

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUAC.exe

Filesize
249KB

MD5
5206b903833aa7faa1c9f980cef2dda5

SHA1
d42f61112c405c7de3064d11de2139884ef0c4d8

SHA256
9eb0fb69492829d03a72a7cf35159c566ace5a7bb78761aa8edcd2c70d52dee2

SHA512
02552d35b1ddcbed257d15030a178ffa349fea03f7135e35ea6b38bda1cc519651fc74bc9c56628cfc4ffc91dd42a37358bb4b39821094c05eb0968a9c0b29bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\UWAMEcUU.bat

Filesize
4B

MD5
dfcc73cc8950c735b49350c02b7eeebf

SHA1
8b6164ce1f995e485d70c942f475770794c99f49

SHA256
5c82f0237a1163912e8f29b36692d5333d4c7363b8a7096d7e2573f5ac8f63fe

SHA512
26f9d004a72e1010e6cb083e6ce583d0522042553c50392179ddf712e7260e57d63dfdebca9e3d7d7333963c7550f47dc336a785750ea3baf6ed631e99b78790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ucsu.exe

Filesize
564KB

MD5
ca39e021838d63c933c79ce2da4654ea

SHA1
d33f2bcc0e5ddaa0c3e67803269ce5e9d83c5e65

SHA256
14ba754d09beedb47b777946f1d4ae31baa3f2fd9c2a96ebfe9297802f53133d

SHA512
a1d15e1e4b7a7804b891925900d2021928d113592d8e7389538dc649f6dd24c7a8945cb066ff620e25e2320b1411029152bdaea58ee9c1f9b4752ee612e854f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\UgcAkAMg.bat

Filesize
4B

MD5
fa8cca77613ca9387a9c0d29b5282909

SHA1
e8bff5e863cb4037f41ebc231764d99c49cb0ed3

SHA256
50cfa32f2b5a42a967a1d255a299f0e3e693dadf322474ef7006c25ddb0c8a07

SHA512
3e032678a5ca4a87e4fd2b17f8ec24ed8df212382125d56d96d118a5e933c8aa64bce83677b0c7b6f7135a0b08968e349814a61a2c497926655c7e47b54ce91d

Download Submit
C:\Users\Admin\AppData\Local\Temp\UkAi.exe

Filesize
229KB

MD5
fb5c0897b7596efcf6fdc403a5f6b4b1

SHA1
2ab0459313ea02dbfa410ad3984d3a3747cb5b82

SHA256
2588df85ead678d0ee997b3087cb2b1664447dce710b7b84d3e5fd9a99dca25e

SHA512
e8849deb8d89e928ddfaa2b92e1d8f8c03b44d2e62b13ba0d5861afd4f0ee35d777b252c67dc850730e811abc4cdf0ae73e722da178bbdc0dae2c2ad35a29939

Download Submit
C:\Users\Admin\AppData\Local\Temp\UosO.ico

Filesize
4KB

MD5
f461866875e8a7fc5c0e5bcdb48c67f6

SHA1
c6831938e249f1edaa968321f00141e6d791ca56

SHA256
0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7

SHA512
d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\VAksoAsU.bat

Filesize
4B

MD5
27f7fc6986a6f6903c1beb2da7be0410

SHA1
f86f245bc557a165f8699f6ad884e8beccafa40f

SHA256
d3f7273d8194f06b730231a49a9e65c4b409828290294bfa28b4a333c1a380fb

SHA512
8fd68f30862511f62ee667eda11cc3e54903e893f2b83b88513e12f5e7bc295aba0f206f196dc0660b232ee03abd13ff60cfd63534466d1a1fdd8ffcf5ddf6e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\VecYEIUU.bat

Filesize
4B

MD5
6f497b751a37240c5bb598068c9f0426

SHA1
bc934a276a35e74fa7742d153be94263ba7db8cd

SHA256
1736436dedd51e45afd486869050484723fbaea5ab0acf590f8073a6f3b579bf

SHA512
aa02a6e9d969a23de312cfccda59382ec8c35f40fb2a83e1e522db52215d810ae854f1afef8e7df4d4d69441ab2c6b6a069cecc9a271669ecd1c0b828cd573ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\WAAYAYck.bat

Filesize
4B

MD5
08bcd0d4eebbae49d72c4dad9507d18f

SHA1
7b02efb0e04b96ca7baddd93b38414890ff0f338

SHA256
e8f211bc04b4437815e4b34d9a4dde4e2b130c8f563d179d68610f876c4b477b

SHA512
966793d84b88a0d6324f9900c1c64c16b6eea1393205e28486d9e7d12487d684189e3a61f9025ac84a5d2a0ac32ce757f935f9bf075fa6843747e0214203ea52

Download Submit
C:\Users\Admin\AppData\Local\Temp\WAQy.exe

Filesize
213KB

MD5
f5bde1541c4128f1e3d3a759ac5f0faf

SHA1
95da4f2b84b2fde8798bc551b98dbf1ea17c10c8

SHA256
da24617cd00abcf26b29509dec3b908247b32f27ae48253781c49bfa1824fdc4

SHA512
ad75b57b63ac9724f4990bfdae79b0634140f6a6a5ccddd3ba4456c62cf12234841d410bded76f80e40fa1233df16e336a06a6379c55a5c0405e1da623c97958

Download Submit
C:\Users\Admin\AppData\Local\Temp\WEAM.exe

Filesize
291KB

MD5
c7e86cfd7c1af1a2b053921802e589ba

SHA1
f426517e9ba44939fffd48503ac5b7bee87093bb

SHA256
1d01569176961ad712c25f1b0f280b9535ea6f2b8ab17fd1d734c1fae94faf4c

SHA512
04dd137f3a575607b9fb134c4fa8226639a8c1068ded9a4a85236ae07c318d569a9b81aa21e34ac76c0e99d8f78115e128f3c85356acab4aeeff23c3d118b1ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\WEUw.exe

Filesize
199KB

MD5
e3413a29f7cbd9a933578ddb6b75cac4

SHA1
357a95b2dc23beee539ab7067f1a63933e992ccf

SHA256
434bf621d7d967b584e9c3f6e243473509c954a55d4e32e1fb32618badf01def

SHA512
4ba983fc18a4a9167e52d5149f845c5f70db5855f1e4d5dd705cc91f44562525d8a318105c6f8c09db7c60ac03ebb5acc232e890a3acdb4e33b5d0b8e4af0b9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WIYM.exe

Filesize
317KB

MD5
17014f4c5ded23d8d4e00a6cd8d191d8

SHA1
cde87b7085b4d7961fd67bf3084a7c4f57f53fb3

SHA256
a96be7c6d2a644fee065956a8a7f7d77df82484a9e62b9d474b78d37fd9ace1a

SHA512
8a0dbbc2fcbecec51d559dd86ac35f25538bd5b2cdfd95ebdcea01a8a6133e652c32f9a33c92030c2fb089f3b1a8009dde599e95f90d9d356ce5306e75ad30af

Download Submit
C:\Users\Admin\AppData\Local\Temp\WMEK.exe

Filesize
233KB

MD5
7fcfc52ee38b6e956a6baad42e7e71b6

SHA1
e193fbc8a84a0a29a7aa6a664b8ce1dffddae854

SHA256
7e0d9eb1e7df258c5797cf8fd04282df15ccfe7335c51fea7a53ec21b17a9e1a

SHA512
ad5fc6f0973b3dc0715f3075c10689a53301533b7707345fcca227dfcfb2018de52a9d1ce4972db04ed8e3ffd1e658e176c09096007db7ebb4624e0d17b5c3ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\WUIA.ico

Filesize
4KB

MD5
6edd371bd7a23ec01c6a00d53f8723d1

SHA1
7b649ce267a19686d2d07a6c3ee2ca852a549ee6

SHA256
0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7

SHA512
65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\WUUG.exe

Filesize
233KB

MD5
1c44bded3de06ee12e89369ce7d25e23

SHA1
6d6110d0732142bf315542972fcd666117b08483

SHA256
b17c1d1dbd025c6b1c37e3291b7b4cab484d9cfc331051b752afb73228f4505d

SHA512
1236e30c5cbb6f3d96a1913f9d8dd21882c4796dd30ffdc6786256a143d9dbae4ab16b66f11b97e705fb9b404d2ede78183852b1caef58a2419544eb79f92a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\WYAm.exe

Filesize
200KB

MD5
30a0535861152a2b2bbd92fdd5fc9b72

SHA1
b193033b95ea1a987a670fd189a286af170f503d

SHA256
f4ce8095d17df4ccb55de549e4d9639cee5498981633dc9c633c789408dc0a2e

SHA512
71d4a635a4426d9ccbc57192eda54b6eb81c7248cff4cf52490dc54266931644ea0452b2d4fd58fa80d1cb1ed6ea67d574dc617d00ffba0330324abcec257614

Download Submit
C:\Users\Admin\AppData\Local\Temp\WeAwYswM.bat

Filesize
4B

MD5
a7522107d56c8f92ddf134aa00708ab4

SHA1
19b9e593f481fd349bb8e046d192055603c74de0

SHA256
68248d271bba4a0a8ef653e903fe590cc1c7593454cb1d3879e8d572df8a2793

SHA512
ff766cfdf59393693f4d9f259e830ff6f749b475647ea90e033ef8690f6c87dcd6aa0c8cdeb9831e2521a10aca655ee198994d891786a5fa90c558123fb30017

Download Submit
C:\Users\Admin\AppData\Local\Temp\WksG.exe

Filesize
235KB

MD5
60770c9ef4843a0ecb7d25af83c3bef3

SHA1
4c88fd0b9d9bfa1f8a720464712e4bd7290f3898

SHA256
9726f802a6c7f46bb4a06efe80e7dc313a0ff15464e0bf23ab717f974bcaae77

SHA512
cd3b4d317eb4c3e1a4806ea3c0ee30c99d0f70e493b352f40de0754f41efe6273527748c3dc272823718b444ef8b7638854389ceeefd4679e3754951ade78c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WoUO.exe

Filesize
764KB

MD5
54bc63ad38ae1bce6338d5d9e6281c70

SHA1
c03a8e5258e500ea4c0d3ba939b7c553d16a2e7d

SHA256
ec29e3cdb5903cf500cbc208f6403ccb0242b13b1b9235922800225972c5057c

SHA512
271306ba21b2dd64fc0d8734cc93673f5ba5a1cc51af09959e485e05cac7c4554744552fcb60538205c329ba2c77e306965817b2d5cc18f4031ed4d9b1bbed73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wwwq.exe

Filesize
232KB

MD5
01bf64dec5b4f7bed5923081ae83e03d

SHA1
c97e1ae76f94f55bbacb991a420bc21b2123bca9

SHA256
509f4ddba8ff41fefa2c016e8108381e41da4e0623dc078436f4299b7ff4bfa1

SHA512
9eaea05ef79eb44d16481b1b1fd04955640f910638a83f8e4aa43bfa8dcef15e5f7c01ebfa97226ab0f2f9e2eb53a6b83625f5cdc804a1013db9323994077ccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\XcAEMAsg.bat

Filesize
4B

MD5
95bc129bd2741e31fc00e2171c75969f

SHA1
16196252ab21becfef968381f3c38790096c2c80

SHA256
52ff7accec1f3663a6ce579a5d896e44d760b21525d0f64a93dd05a210ef7d91

SHA512
3c957d7e93457d9eaf27ef72949011b0decc66008e5dad82ccc54df91aaecc0fee9b0e055bd3895077b7f50cc0083a4ceae1197ab1b98cdbd02c9d2a5693aa8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\XckYgUAA.bat

Filesize
4B

MD5
02f672ee67e91c09c7def470cefccb1e

SHA1
dc37f6a1c22e22465f95aad08b84fa8ccdb86e07

SHA256
0e68d05c3a1bbf14b62b3a1064ac67c03c10ad68eb3209096df7dbf85a2d06cf

SHA512
1ea248cc45b35de05fbaaf59a9fd27c4feec0219159c3b19a41cfa1fa5ddf9bd37c5d0eb72d56f489e81e110e2ee727c46c1b55a91ff60aab5055afbe968db5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\YAoUUYQc.bat

Filesize
4B

MD5
3653e7ac1b228909dd3751ef16e611b7

SHA1
9d94b9e7ed9d06667312326b38b7afcbcb055b4b

SHA256
0e309b396bece476b52874d78567fe4dd1977aadee98738f7dc5da31c330fbb8

SHA512
dbbbfc07f0a114b47d6c33c55caed440fe297a391eb413b5e6043ec90c99dbdb0bf6910dcb5f658548d2d3955e5a9697751ff23af92c1dd70f015f53ef0701f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\YEsC.exe

Filesize
473KB

MD5
c56aca8705235e9c4359046552b0c4f5

SHA1
996e01f69ebfb98cc94ce599368865556d70d94c

SHA256
ef76f3dcb102bbccf65bb3b34be3e294bdc8ccb24adf819704f1f69d977c1f09

SHA512
0198c392880c21496633e0e6790d7aad2c29ec2ef4fe72021c8699d8abab169c3a677c42bc53e18712632e8bfa3d1b476541f13e4977967de5f45b1702eb601e

Download Submit
C:\Users\Admin\AppData\Local\Temp\YKMQEQsk.bat

Filesize
4B

MD5
511b6962121efc88879cbce9e238659a

SHA1
eed53909fee08c6f9c4626cf06be50a3b42aa41d

SHA256
2ad607c294c83ebf58814f5b9eff5b09590e733a07061febe21676657167cf7a

SHA512
642bd87c909e18d8cf106f3fb3b148fef191034cca2958c780d88a6845349bbd56842571e8ec15beb6dcfdfccd55279476827651d2d1799677a870bac933d9d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\YQQU.exe

Filesize
213KB

MD5
162fb2f1ffd11ea65d9029c3961f1cbb

SHA1
afc111a349295c6641705f233271fd35afcceb82

SHA256
3b0c97e6d029df955f5a6b6b9377e367eedbf40555cb4d69a54420436c75afa3

SHA512
5f9ca754b3563708e5395d817b6b62c5799858bb4d67e1c1ec8339046cb5ef057ad8c9f3e9c4b40c8bf22b5219370e81940ac2c2dbacd1a6f49f4f672f5527b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\YgQK.exe

Filesize
250KB

MD5
2fee12ef2076d7b7c4b6e37e2f90ed23

SHA1
d8839aa609699fafcf5fa4918f93e9112a5af3a7

SHA256
da08fad2c7d35f5fb3d0395d7cbe3298fa5e7b6f656484a003f52a04628b73af

SHA512
2e4562fc5e029b749e5a468fe59af1dd303487111f3d2a326bcbf6b05547e484506ded838c3d6bb765175aafae3fbad03a0cfdbe40d618fc33ebc875be819329

Download Submit
C:\Users\Admin\AppData\Local\Temp\YgUC.exe

Filesize
1.0MB

MD5
f0a50ded922e0510e45ff78fde3c2e04

SHA1
7afe5521fc6b81aa615057d2de2aaf3aacc69162

SHA256
6aa57c544e321f4295fa2f3900d890be8da882952f2df4ddc391969f724ad048

SHA512
ef17c33b003ad40516433b3dbaac0a4185afea08980aeaeafadd52c250f134173c67a836c06bd3afd48b7ff2ac72c4b18c14ba5112de88ffa05f7710b579e983

Download Submit
C:\Users\Admin\AppData\Local\Temp\YqkQoEQg.bat

Filesize
4B

MD5
94ac5447c38fc36d93f2e892990d3500

SHA1
49ed5da4e99e54616d3067123e6c979f0e96cbbd

SHA256
bc3829bd468c345502e18d6ff391808f7df9b7f7669c47d1abf9fe1d765f9caf

SHA512
ea57e3cf8bec4287a330d1090e7b01ae933e460b92fa46d613e2c3f6e262cb12f8334f39623dd124d0551898dec16f39c6683abaaa8053a2211254e72adc6ef1

Download Submit
C:\Users\Admin\AppData\Local\Temp\YukEIYgU.bat

Filesize
4B

MD5
9c2a8335f818fdb86255419b00528551

SHA1
bcb32b79f35e98e4b72d8314b37c87c044c11216

SHA256
398195ca0d8c9f7e78ef181ec70894fe1d9263844d3bc74bbfa5bd7e88485d6e

SHA512
b7ef9e1b5b224f603c2569ac6378c17ad4dcbf9d2f5dcbfca23d824b3a75cef312251c8433722915e291e6fa679f3614d06d644e3f2f68a89847078366d88a55

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZcogQcMY.bat

Filesize
4B

MD5
06523b0cd1497957424a46fd26fd100c

SHA1
158798a702552ff9ba10dba45c2a6462de1b262e

SHA256
0fa5d138e46c855321d87855bce9181e6f92318bdfa9c0c8bfe38944cdedeb5b

SHA512
cf0a76341d3bb6e05802fe72b8afad8d4b4d3c1639a6a388b67cb80afdcdc09639885f3acc44ba548b12d2548cd7285e47b1d9bdceb6b13eef65f9dd54ffe5b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\aAYQ.exe

Filesize
787KB

MD5
bee04a8cb3fadf6f4dda66d06f9603f5

SHA1
6952a63475dd375874cc48276b601547a84430be

SHA256
e0a0cb47f7d816ce3ee75122b0866de32696ed7d787f0e9b5bd730b949e3b239

SHA512
148399713baef99e04ae4adb0e8c2ddb484540b4feecc50919d7ccc22db0e8cb13ad8f6fa03a148e84124d842001f96379e27809a41f8f5bb916ae77087a2f7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\acMggEkc.bat

Filesize
4B

MD5
7ca2f51690d5321dab3b370465a6516c

SHA1
6de2b253da873c25f60a93f8a25943be0e17be79

SHA256
ef0276c951394a5f568510550e3c6a10cd330f8143042958f2b8c48baa858a28

SHA512
bc3762b3b16daab5941c34f156ab9d928392252795f6a2b856552c4e4299719b3e81ed97dd54be8543d25983482a51b3f5527e93bba9bebbce94e8871ea9b450

Download Submit
C:\Users\Admin\AppData\Local\Temp\awog.exe

Filesize
228KB

MD5
d22942004841823b173de0610703761c

SHA1
c6e9fae4296d8fd93853c3fb31db8c44e637b645

SHA256
18847147d4d5a0343563e5deafd334500f9e60c26ca8852f7e4682091f01e794

SHA512
9455a8f706addf72599193b04e4d49711b4305e04ed41e752d34610bf4d506b8803e001fc4032d8c59d60a165f67e1d4b5048c1ec907a86eb066467a2e30504f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bGQIcUYk.bat

Filesize
4B

MD5
b5f43487e861a6ab8f13d992e1e92fff

SHA1
3a73d286f2ca477b44a703d55ecde53caeb8122e

SHA256
22671347ca83805949a087315f2f2e301ea031b3c1b051ff330c0bafc9ab3c41

SHA512
338e45fee847cb4214b7b4f25e7b6d516d33a864cbace291d405fefa4f8e58a48010a2c701c30fd504d566b24867000eb8985548a0c0539b4ee364a1c4d8e0b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bkYkQoEI.bat

Filesize
4B

MD5
1aa5332e50cf250bacc3be167addc851

SHA1
fccaaf61831b094c0a5c793005e868955d58bbf4

SHA256
4db834a764088d98f798ced6e0e1a0683ec57cbffd30ee6c0b689a728662ca57

SHA512
1e42770fa824352b8f15cc324a4ba8a64ce74ed2837430a4c0c485a1043fa06a035aaf18c69422353e17b846c45de7de503bed50c856a786b48e46354294a0d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\boQwcIIw.bat

Filesize
4B

MD5
2b046ffe788b3825380079c88bb1fd76

SHA1
7fffaecef3951441d5b4242a121ee3bebe17b8f3

SHA256
0ce3623c789e1831a924c6a1c9ed4a887500ba13f987b265a73f0bd7a2f2eaa5

SHA512
05746199694abb2ec63da9d6c644868a1a9f8c40ebe373fb0a597edd8136c543be16152e6e957c2c1adc158465b68441e484a4edc0677a19a7738d5506feec49

Download Submit
C:\Users\Admin\AppData\Local\Temp\cAcC.exe

Filesize
200KB

MD5
a602bf49db767a230f21e04ad8c1fe67

SHA1
24a174f4ad80b4bdd779877fbdad7d160fae6bb7

SHA256
a9aa61a928fff0db3f363c8473d1373bd5f374b499bfa7429148cbe1e3fc90b5

SHA512
b82652d776b070221ce850d4c4874db11670dbea2b93d63fda484667d0e508848cbba173110b9a09c96da8a873bae0bd52c089bc357bb620bfd184e76325f18a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cIAg.exe

Filesize
236KB

MD5
968d98ed25a5964ea8e0b2ea1198f7d3

SHA1
ea311e5532f02e92316510743c5d0c5358b7a640

SHA256
a17301032fa172434e1112a61cf09f8d9171161f6409fddc5a597c01693ffc17

SHA512
568af138f9535ef1d79cc5013da3d2903ffbcf55a10313a567e6fb0c6359467d6c38ec39a3f0b004f2d475580b6b5c35ace2f3729ce2f7eb690f39b3e8ab8625

Download Submit
C:\Users\Admin\AppData\Local\Temp\cIIq.exe

Filesize
227KB

MD5
7ffcbf051f976ee0e40edcbe7eb31947

SHA1
ce2e57cf8bdcb1335cf75e4db0ca7ca508eb7d86

SHA256
015ca20863d7831a9477537f1739a14e4aa673eee5d20953ce1f9730b5106ef0

SHA512
df7cb900007c705e3a5272b573c59a8d534e50176695899f662e822b6b5975ee2c091fe98ba2375e956f4c805328d62c51873d5d6298f1d3dd62db4b30c229a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cYsq.exe

Filesize
238KB

MD5
669052daf6868534fe4f9945d643088c

SHA1
74a7faa05d6a3e11dd09ffd217d094f77ee3453f

SHA256
b65180f63aa213e23eb3b3c92067ecfc3e06081c5cb802aea2627a68e8174f36

SHA512
38f624ee93a0d6a936a987ebfe8177ca7a4037686a3fe83139611c86d5915b26fe1d7993a7b909d18168565aaef11d7c14fa2ac5e10b1cd25243a536bdb8cb44

Download Submit
C:\Users\Admin\AppData\Local\Temp\cakkQkso.bat

Filesize
4B

MD5
2067482e2dc3e4fb2102cd042d2d3f24

SHA1
c446b4f0cd576eaa063ceae28f35e018a76039d7

SHA256
26685b93e2833149d2b1e21c08d46108e87d76e420022600e48384af7c66cbd5

SHA512
cdd0ec14ba7d5e07e47dafac9b6a80016f62131750c7eabdaa885b19305a4734260619dfcbab6f01a347996a1c07bcab235e7e303084484619fab939422839c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ceosQgoo.bat

Filesize
4B

MD5
3aee50460e057a58f8b3fbd2ec0a171e

SHA1
6a358ee33ba0b7fcd33886ee1d5873be293994dc

SHA256
efd125a6b11f6fcb9366a18eff9eaf4950f6faa5514a7ced974fc16b03e6f3f5

SHA512
6fc13e1e9e43e9bf09377b0c2d06d7af7eb5e736287357dd17fbfecc813e12851fe447cd410de020a006ba10194e9040c1fefda5d470e3f2cdf696805cc17245

Download Submit
C:\Users\Admin\AppData\Local\Temp\coIokAMo.bat

Filesize
4B

MD5
c4b70a8e85163f3b34e6e7c62d72c5f9

SHA1
1057effba7b56690d2e6205fa2314b5ef27ac742

SHA256
2bdcd4bf5a23a3b39ea8ff09e58e48a1d2eb76e901779be601acca506627b8de

SHA512
2b89d0455042606288feca6a2eef8095e791654716166b11c17d84a1e43eb048ad829a4e8c5c0b52c5e0ab5ed03ea2e68da02753f48df46795d78e824fc05adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\csoq.exe

Filesize
267KB

MD5
0936ac80c5ec9d00f73d2aea6b3eb007

SHA1
160cc4d06912f5979922a898f7d5ca64bed44405

SHA256
66077a8bd82c43203eceefd4a99e1127ef9720a80bccab6bb07087d962c2b0b0

SHA512
3b7bd2435d9df43f4659e47103d69293aca575629c21a132ab82dba351e48917e527026000ddd81a527a94d773b1675c57f572b00422e96cf103f7ef71c8e0ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\dqkYgYYI.bat

Filesize
4B

MD5
b8a5219c483e27bcfb69bc6eb18a61e8

SHA1
a0da13b25d7bfce8e58096eefbfcf120ce2699a5

SHA256
bc67c556ea1d9d039c301a524197e8c0e29409f24f27b76658f956aba00cc70d

SHA512
f6da7bd9660639cd5674546429610e4e640083e1cfa14e5f8a91fa85cdb658a06db68f7764bd797e14d3f4c9d803eca32672cffff11002a918a3c8f86adc8f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\eAAc.exe

Filesize
8.2MB

MD5
117c18dd475522ced3ce64f13c9eb31c

SHA1
608fd9024a1e282e3ea31677112566fa127f4614

SHA256
1897e953e3b2c8b76f6f2f56483076613fa6fb61c1cb4fc520f8a7fd6c62a3f1

SHA512
5f66a4b73d62c1c939db55e7288d341743fe3fbde904c21af68c194a5d7e4219be2fd630cc018e9b54853b7f0551a39dad38a10d1cab065cec6d0d3b396a315a

Download Submit
C:\Users\Admin\AppData\Local\Temp\eAMgEUIY.bat

Filesize
4B

MD5
cfae6e4ef964b5d837b6de4023c4f9e0

SHA1
9e60304e9de41e18caac833c83c2317ae5404acf

SHA256
f183cbc9aadd67bf5e523161e8c1a60c07ba2ff00356fae5ea3461ff9d0f349a

SHA512
f09c3700e4d937d3765dc401e83216a2b4e8b7a18a62afd841869b5352fa8632ab9eebefed61920bc98a1d99c8a677d47633593ca5673035790813caee1bc3fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\eAskwEIM.bat

Filesize
4B

MD5
30a6567f5c6ad0fde486f8360998541b

SHA1
0fecd094124fbb73a587b62d20c1eee041bb164d

SHA256
2e5b2d1b0588a5acb1102e2df5ecf6036d3e8e7bc1e8001e0b935ac0877af001

SHA512
02e41f222e966f34621cf27e86c5ed779162b34c8e964c7275380c499e15b10b71bca2f0826a17ec3b959b3529e3413ba410b0b3047874f7fe5d4c692aced335

Download Submit
C:\Users\Admin\AppData\Local\Temp\eEEw.exe

Filesize
232KB

MD5
792de6c07399b1e549ff6e17bcda7feb

SHA1
0d60d979a21a3c5c6010d2692a9f6b45e964b389

SHA256
b9271ed1fc6a812eaa1c6b46fe4e0637fd9a0b1f644b5a2ca38788be02e766b9

SHA512
ec7eaa3ba4f8cab363f97df69a04a7418aa31796c6515e81564f5a884d7b03aefe86909bdf5024d1d1e076a7a39290d88843fe85bfb6b15bed25239af940d5d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\eEkM.exe

Filesize
317KB

MD5
11b89db978b61822ee39ad2268280d6e

SHA1
d7b6f86fb46d1bfe836f336e9b3480002ffa31fc

SHA256
eaa5b61a95836747851f8885c8b3148acb04f10e2f8e3f0254d5cfa78d670781

SHA512
b6a688ae9a58cd68a2738b3fac93ca0f28ff0c3fb93bf292ce05a00131a9a0f7d0938c2f87ff335fc7925c1474068d5670cb220ac8c3b948ce4201a81457ad3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\eQoE.exe

Filesize
229KB

MD5
47c68bff899936c997fd1de2b5615211

SHA1
5fca62e9c2ebdef08763c8855f0ab19a2d5313a6

SHA256
02e341c531ec21379544bc65c74f20508e4445b6d5a02061fd2f6741d9f37958

SHA512
f86eb36e96442fd504e47acfd24e8a83293d057aa0914e3615f8793f2af52614694d00a82167b4da339f23e4ab718101d1a153e71f42ff250044b3634e58717c

Download Submit
C:\Users\Admin\AppData\Local\Temp\eUEs.exe

Filesize
537KB

MD5
45976f588070bab723c04991f5f4b212

SHA1
cd608544a794d2cf363ac3b2f8c3208eb6b5fd2f

SHA256
b37cc53cd11e8546b83125662a88349c9358fd6fee97356f7224e820e901145f

SHA512
e8d3458a33365a8cc5c3b77dbce3a4475e675cda17c78b7abc0d0a12e684feec895fef773d300f22c72c5f470d147b75b303be0632ddf0258ab15926f7535678

Download Submit
C:\Users\Admin\AppData\Local\Temp\eUUk.exe

Filesize
182KB

MD5
218683b09e9275f4f468984445a73a4d

SHA1
00c00b7dbc70920221051a6fa27223ca5f43e3ad

SHA256
aa6d17ab9ed48ac88efddccfd4b6229c6b284fdd8f770040b89d113a48f9263c

SHA512
ef7a3e1c37e74f0af37f517014b163d9033130bb41bd970314c717ccc81b38938c85b97fb666e049956d168a3efd3662f44cf3c27c3edc4206200882af2818fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\eUog.exe

Filesize
207KB

MD5
65429511fd8e48ac28a33814ce8d7cd2

SHA1
eaa5c193e488b1b1bc0322845c2fca806ab7874b

SHA256
cbf12544417c9b697f1ca915d6fec8dc04572d378e8c1f9614a5c1958e57fa2b

SHA512
c852f8f50b0042fb5c2f21fbc034efbf18929546a7e479bcaeb7a236f541405a4a79b346a4ecb9574c3dec82c0bba0bd0b72047b88236f113588b69d1f7f9aaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ekcw.exe

Filesize
1.0MB

MD5
a3e4b90dc2e5a2a8b5866c7a6934054c

SHA1
214623aee544a799f689018d5c321c73db597e67

SHA256
a06cb3893f812ad74b6198ac3a396eec30db95a839cf21300ed1d444e0f3a8c5

SHA512
148539b4f5b23fc85a55ec42b0b28dcb4f2225f754f06c20d08a175917f1197c8f7dc957d21c147821d7658e83484db1a795430a707bbb79b74fae727965196d

Download Submit
C:\Users\Admin\AppData\Local\Temp\euUkoEkg.bat

Filesize
4B

MD5
890b73b21673e3eeba28a3cd47712948

SHA1
926d8bd96018c44b9e9a4b43fb6f3d415361ede4

SHA256
97cb320fc8a0078ce1b948c7707cab34536a3801eacfd214459a8095338bee11

SHA512
b1c1b74f7cebbf93c8e47ffefd45270cbcc1d9b2d2e6db05a14b2245d09514a6cf676840cb540ececb09b14d42a6ddd5030e07da5193b0bfd8498a7820e6f868

Download Submit
C:\Users\Admin\AppData\Local\Temp\ewEEQMUU.bat

Filesize
4B

MD5
a33a0895d30b8cb577fc9ab8bcf202dd

SHA1
b1c9186527308452c7521587fe4787f30d504937

SHA256
29b35323ed9a8c043916cc360ff0a01b62c6909b0a17e5d1f2a982aae16319e7

SHA512
0f81f92fa3a74b2a224ff480f270363d874064e3e1931ad62ec6583dddb4708dc5212981b8522a69a0c9989a1aed62ce68dca5636d620c299efa79868458e57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\fGIAAsUY.bat

Filesize
4B

MD5
41bfd60e5e121b480235bc3d08ae08cb

SHA1
59f58b4cdbe2fdc10e3e1984da4894730e3c018d

SHA256
60ae736184f34af90c84923da9435c84a572ac76c937d0e20d49751836093ef9

SHA512
9ed90252dbe56063c5261043048b7059dc1722e10fc2e89cdc809974e439dc24298667906b04869395db494653c6803f651d1115fb1b8ad6b901dc2cb1ecd78e

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.vbs

Filesize
19B

MD5
4afb5c4527091738faf9cd4addf9d34e

SHA1
170ba9d866894c1b109b62649b1893eb90350459

SHA256
59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc

SHA512
16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\fswYkwog.bat

Filesize
4B

MD5
48b32d4d5c2d99b7c98dacdaed55d863

SHA1
61c0b604ca1274e057e8277c83c47fb8e9b68233

SHA256
2df7815b290e3c34888d71058f686e9d0d735b336a7dac49f9f027ca600ed3a8

SHA512
0d9ecb19cf08caf0525068209b44ef3f7b5970ab1f19e432ea8628068567fb2b4e3a5b4d3e91a8c1dc07999da3a6efbcad02c93ca6f54ce011839022a9c33af9

Download Submit
C:\Users\Admin\AppData\Local\Temp\gEIi.exe

Filesize
233KB

MD5
a40f60953aeac9742211e04e2362e0fe

SHA1
cd55c4644040dd41249a768e67f9e82528a0d8c8

SHA256
e33397529fe5b1a1cd6282d3558b541a90bc5195171943bb434fca41c4bd92b6

SHA512
372fe598374c30b3ce0d4810f462d870ec0ea7dd43c5dbbd7aba66901659a89093ed6fe2551fd45b9eed2cca3081a7e09e60f1ad42e6a4c806d41e604b611610

Download Submit
C:\Users\Admin\AppData\Local\Temp\gGUAskog.bat

Filesize
4B

MD5
375e8a3a281a50265e692b5cf364e6e5

SHA1
27cbe8c9de92bd0ec6e4015c07e5f359e3633aa1

SHA256
a0469f9b8c35c09bfc3e132464eb4f4dc8a6c279a7d199333f08ab3b8a86a5ed

SHA512
17b7835487b0da1273e27dcc7fc004031da1293cdb665a05548b4cd327e17498dda40b835753cff09c50c0da0a3b46275040b67c72cb2439b3513e2885302438

Download Submit
C:\Users\Admin\AppData\Local\Temp\gGoAokQA.bat

Filesize
4B

MD5
fe8b61febee56c3b3fbc301c046a6a63

SHA1
a600e010b116422c06c8aae52c3605712ebed546

SHA256
e03bb598230a54349689fc119a04e21b72a84935678dc1ba60efa0e578e87362

SHA512
2017a17f0e754e11cb46ec75fff5b6d45118f5fb6b8a8f7ddf1a4b245dd1fb4cc6dd9f8ea8c297fb8046300e46f9a42a145c708142f088e2207bf2876af00398

Download Submit
C:\Users\Admin\AppData\Local\Temp\gIga.exe

Filesize
250KB

MD5
ec8accf126877708334d2368087baea1

SHA1
6efe8862770b59d36cd0f6597addf621ae062416

SHA256
01d4e619932fe60765c670d53b2dc9313c0c16adb54a4d2979d242c56684cda7

SHA512
ed8986af6ad624456683533771fbd6960a72bf779902ef659ca71899c0130323f126e5ba206ed46a0234cfdfc5b948d8d5a91fbe983c2dfa0622ade216992a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\gMIMIkIs.bat

Filesize
4B

MD5
d2795ceb80c8a2193a2fe208f2308072

SHA1
41f00f69decb8cb361ab117ba1c5c39413cfdde1

SHA256
13f1a441b2e2c2555292a42e2e633146ab0170275553ace0c133795e8cc4fa41

SHA512
363f61260af1b81eca102733eb9069cf8eec9fa968258e0de8d90ca0dd6c201fb52d71495284b42db334e2c07c5f27d0ee1b75713cff24a00d145fb1718445f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\gYUw.exe

Filesize
192KB

MD5
865dd16d456855d2a670884c814e5cbf

SHA1
7482ac9482be0c5a46e2572a1f25b48fe9c46730

SHA256
3c7e624c9a1ea9bf7a4ad6d06041a0788394eed27fb10d617070824692a84154

SHA512
bf80f1f5ca9a4390541c5e5a558e87c819fe9eabb5957e6fa400bfaef73a49e93ba1452eb340b0a4903de897237d9c6cef0737cc899e7771eaba429c91bb3fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcIC.exe

Filesize
235KB

MD5
5deb9d1d07865026d9e17e52403401a8

SHA1
d375cc9d195f699326104983abc9b8c68118de65

SHA256
f8e56cce0d5bf6f91ed5e879844aabbbb87df30be582dcb6789642d96edf928e

SHA512
2044372751988e6e3b40a05c48102be2860e43c6cd3b3550e2bd9e0867878d9a06ca8266c24161ee6ef7bf9f65b9fcdc02276637e5b4f3594ac6f7df3b48153b

Download Submit
C:\Users\Admin\AppData\Local\Temp\goYgQMMM.bat

Filesize
4B

MD5
81928be18a963696ebbefcd2ad0854d5

SHA1
258fa73702de7bab28a8540546023a320a595d85

SHA256
e055b044fc4438628306ecea6432ba816b7a0026b6b60e7f69ea132c1e5d07f7

SHA512
0f4e49ed3409bc79f5ce665bc1768bab7690d77d26b30051d64c7d54bcae7146a37ed2f4404202ccbbf82cb63c5e0dbfb3005df25fb6d0c5792313f81a447923

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsQYogck.bat

Filesize
4B

MD5
5e609301a1ad5001dd854a037e0860ec

SHA1
feeec0d16c62a5198a0a298f7b24b10edf97297e

SHA256
11741111fa330c13708281a48a04164ff35626275cbc787a5c875104322c8c26

SHA512
593e6fe6eed0987112ac0605d26defeeb6e69ca60952016d171ba37f20fa94671f16495a09f8d227eb259d2a866ce028db393202aa07c6a0e4462819acba5aa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\gwcQ.exe

Filesize
246KB

MD5
7312b3d0e3f3147f260b3dc2c951b5f5

SHA1
2b67dbda59edfa1ec62e036df1d5fc1ffeee2516

SHA256
ab16f27a6691931f0a34fc7ea8e492496a75cedc859ed48bb3d204398e21ff3c

SHA512
10672b00df8e6ef7efb5e8c23f870bb574f6aa68cfa048a46adc356792b314cf84914d1ae6963afbf30d917c8a7dba394843927fe1b49dd4e66d060e2de9b761

Download Submit
C:\Users\Admin\AppData\Local\Temp\hOIEYMgw.bat

Filesize
4B

MD5
f9e91e817a1661bbbf6d8319056ca89a

SHA1
37c2de52918853de15c21dc55139e131f25d7c82

SHA256
1a3ca71f2d8fc940b0818f20d8bd512bc371c1b916841cb5b8c06140eec2ac72

SHA512
827af46ab8b42315c4d889b2a69dd94eafe2dc671ba159614fad6bc96f3067678fd09bddfab72b6a414920d5d9786bb9fb08e93c6a47e7c492ae9fdf94a389ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasAIsAs.bat

Filesize
4B

MD5
9deb973895e1d5da8b5a19a0d9927e77

SHA1
9468723135d96864d63f8ccaf00e599b9a0940d2

SHA256
fa8fd1e45b233fea06a28ca3887dc463f6e0f56bdc29fcfb285099dab8adc9d8

SHA512
35cf63c67ab527c9ef808c7130b9d8cb748e3f20e9026b31b889ab25da70154283631be43a4c0896919ea2c970bcb0cadf0d540c2aa436401d37efcb58f52130

Download Submit
C:\Users\Admin\AppData\Local\Temp\iAkY.exe

Filesize
1.1MB

MD5
7bc0b4e40e2c202b03f9f124678a382e

SHA1
7f3bc23ad0b5bd75cf5ca081c3798a5ff9cbc585

SHA256
51f72cac611b0d6b9dd64eb020cebf0f71d54ee4a56744db4118d1792c8c9068

SHA512
7383bb3523e13e08adf300c0dd653f94c717e9023e444d944febecba4882b9d50ad2a3cd88605fbacbe6506e51c9f285a5481347c8f2ae0f83b95ee28960b3a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\iGkocsUM.bat

Filesize
4B

MD5
b754909754fef15798acd957df24279b

SHA1
5d1f870b101e6e37310a3b30a14f2a829b9f14cf

SHA256
5cb12b5b6729434f3f183eb4b81e606ef90cc65485333d9c285fcb5d67052bb5

SHA512
f217427ef0fe4b7b2de3d2ee124f4ffb596dfc08f528173a8936efe40a113d359187c4e3b2831a814995eca20dfa1c0a5bcbc4b60c84dd09775b21b4a4d3cfd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\iIMa.exe

Filesize
235KB

MD5
ff75013faf492046c075184a3277de95

SHA1
a2f9102dbcb2d5262f1b18d58476e415676477a5

SHA256
bc46b82bf9cf386aec1d3b67dcf1cc595ca23b112885737a32c77356c28e4641

SHA512
b437a7baf3b568bd74ad2c9f51e0111b001e6430b50ea050e812ba128860c84957bcc3d91282bd1aa0a8ab9ee3388b69a24242c4ce6cca6a615be169dc279f6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\iUUg.exe

Filesize
229KB

MD5
a4f29881ce57283dd9eb60c2d77db9de

SHA1
0fd1f4ee1517fec1f57fe0aa27ff1c4aa0430908

SHA256
eadef033fb943aa9ac66f1daf223b96f3a56afbd7cc9dceb26a71127a7975337

SHA512
9683c48a28500d2a8751eac44d5d3f4e23e6b915cda4c9074de1a76274f5a6b1d40f2628fa7a1f92fd0ffa2b430527fd2f20a33d8fb32ef6309c2ebb5d5e0445

Download Submit
C:\Users\Admin\AppData\Local\Temp\iWQoYMkg.bat

Filesize
4B

MD5
cc4f308a6dc3bcb3782e43809d60abcb

SHA1
127b353954a8cd94bbf4a0ec2d2a7d74d197f513

SHA256
d0913e37ae24bbc161cbe3ac441d288a8bc9412c6cdaaeed138eb111a042d209

SHA512
37f074725f4ce0ef33fd7896bf1a38b9191757f872b6f7ec6a34739ab7dedf8cbf1b60616f18789dcc8cca5953ed1e8bef34e4bda89d7a0268496f6399cf2c3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\iYAi.exe

Filesize
237KB

MD5
535dceab0d9e761641164da84a721d6d

SHA1
f2993ccfeaa907c8c9aaad2ce4b1b65174d31a7b

SHA256
97018361719e8a2865bb754d0f6ab5f67910c2917940b42aa649c687f6963047

SHA512
dfa31b3d6da50ef11fc024e2944f1837f48737116fdb22e1d7dedb88bb54a9ff0c92b3abea318383c5c77538c2e461c15d6135d84c924b610c7e76c4df3c6426

Download Submit
C:\Users\Admin\AppData\Local\Temp\imIEEsQY.bat

Filesize
4B

MD5
a69b81856a4d449fd79ffba3516f1555

SHA1
469571e661a9f5940d2c9a11762b0920464a4877

SHA256
ec5dd5bf316d2a74e7d29da53f910aefb73a08995f5f735ddcc310db0d3055ec

SHA512
7e8001a5defae554735229da7af27852d07463f9230cbb6297a82995508dad34b77d937e63e0ed6f45609266765abd0a77f353bba0aa080514e0ffa412c49a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\iookIYEQ.bat

Filesize
4B

MD5
65411ca64001ab8ba7db12d631bc5b15

SHA1
719dcb9797c78de632fe79a7172a5ea8476b1a70

SHA256
28dcb8b3a4fb39a5a7ab5f62e5f6f1b956fd235b8cddc7bdea34c196db7eae64

SHA512
d5ae81cbcc7e4571be00ec8b7f274d45100f0b5cec0ab2a0e4389d88840d551b13f8bd284671d9255bf86de013576fd828bc80e7753c7b41137fedeed493f495

Download Submit
C:\Users\Admin\AppData\Local\Temp\jEkwogUQ.bat

Filesize
4B

MD5
98ed3e273df223fd618d8f22e1f40a16

SHA1
725297ce36ab03dacf93f5be84b79261b939d08d

SHA256
ca9629aec7217af1ffab2cafb38ee61152192714c775ddbc571fc1a36da69253

SHA512
a3f8c95c03e23494bfbba6795c10861ab7ed3b2d772cbd7ba605371f1a64261c1e2f7c73f2ff28d68839ed3ff455e990dc4f2950e2e3ae7e1cfebb5db1d5fde4

Download Submit
C:\Users\Admin\AppData\Local\Temp\jOUgMgwE.bat

Filesize
4B

MD5
1fab57aa91ac908f5e9796f8b461ec9f

SHA1
3ce05f35012cf7034933515ef8965146fff23857

SHA256
582fec5f1665635c12096ed4fbe41e6e25898fe022bdd4a090862045609b61d5

SHA512
fe0758709b4cdcb2d90bd2a400d1e78d6fe79b92aaff56b07ac0a732f123d19fddde64110882899f9190bda3f3bc64d6659ce9876b39c26baa4b5a724d210e74

Download Submit
C:\Users\Admin\AppData\Local\Temp\jUUUkYYI.bat

Filesize
4B

MD5
39b0dfe65aba2108b80ce52726ad2ce9

SHA1
2351720a9659667af3b8e79e0b24cf65e3527717

SHA256
03a02b45f26d7c5b563f7134d1a3b0315d2a49a4c98d366a72bea547dbcbffe4

SHA512
8ec26f6d5db33e182cf0735bbb0a605acb0ea671c5e78980dc39f95c116d62a61556f1d84fb0b1e376e5025e3a5fd6f47e05f10389ec264ac02c8fedd92aabe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\jUYQQIQw.bat

Filesize
4B

MD5
1469753e0bf89c28c5af1399e0e58a5a

SHA1
1f4946b1c0c2dfea39319f31052921d9dc0957d1

SHA256
2d916d7413e4188204aa4d3550515c8e8b004510beadb1853b318311e8a4718e

SHA512
8636eedd0da8f35912ffed11e171943debed926adbc990ea292b59efc98e82ef4aa23f985b2a1ffa100be95365594fe78a0085ead054d588fa9ccfe6ed4df625

Download Submit
C:\Users\Admin\AppData\Local\Temp\jgkgkUYc.bat

Filesize
4B

MD5
c41fa1e747eff33afaea2da08b652288

SHA1
faa4ca457fda6698164cadab2b860849b064fba2

SHA256
0cc3298f374ab21cba54e202978a5643d20a57b1e2877f4be828e0ad559f0320

SHA512
224b85da273fe4624815cc663c931e7b94bed1d86a9d87e84ee7759471c5c6b7d29f2b50e435683f5144210e88666a44680175b428c075e251200696cb5d59fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\kAEK.exe

Filesize
197KB

MD5
5a0f1e66599b66d394e4b875e7c6b043

SHA1
936ccdabcb66a573b709ccb00694acc76a11e44e

SHA256
896fb52a575150df2a11999560bc8f5f509e2c5766b9fa672dd4232a37469efe

SHA512
cd184bc32cf2081b8e4be11fc71c1115506bc8859b7c53a33201acfc22c80474a41dd4b51433d899da7d64373d2caef478ffaa8a8a2f4b322f311f85b1bb36c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\kEsMYgIM.bat

Filesize
4B

MD5
933fcd9b6be2c157cf9014090e03faa8

SHA1
c46105818aafa67255da04ecf61ad5767e548b53

SHA256
026a1e5e7506a66f6e457f79bfd05b994b11b8e8fd8b96899bb0945ff99b0ea1

SHA512
24905362b07705a62da0219f54fd59dc767fe426c03bdcf6ac36a47e2284135444c5114c89dd2fedbcaedca6532a2445429af48eba49e84d0e5f50e94a20471a

Download Submit
C:\Users\Admin\AppData\Local\Temp\kMEG.exe

Filesize
243KB

MD5
e14a52474c5a771a6226ad8afade5104

SHA1
2e91635aca14a803b2569cd490944c9fdf4eaf9f

SHA256
f2f2a8a93b83bbdbf4d7b1f81ed0bc49c7c4fe629bc4d6537c51d62cffc90b10

SHA512
bae3158c060f55cf5a607c14303f03090bf2adccd76bfa78ff987718b9d4a82c81cfe44349c6a2b830d6e65bdc7535740c8dd85ca794f004a70f95d02f7bf6b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\kUoy.exe

Filesize
205KB

MD5
591f2e5390903a17d3240911a7cdd4be

SHA1
79503a2e7186b7735e08415dd6c318e00f797989

SHA256
5350e6fe10f12da648e5efa7e1bccb3714cb335c0b72322dfe68b547634f7a33

SHA512
795fb2d2daaf53818361934e5fc8396b80bd8ef0fcd40ba2d51b0f570e30aafdc76fcf37bfaffd7bbd86af30772989f33c1974cf1e021b473480899e019eda0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\kikogAcQ.bat

Filesize
4B

MD5
baa80ec4e76734d710c5084558bc2d5f

SHA1
3b55b765725f874ac5421250a71175623ee325f9

SHA256
d0cc4101c015609d3e6e9bff2cfcf643ec4b05330949c658472516e2220afae1

SHA512
8127ade132f07dc3fb1413256cf9b90355d6eabbd05803a748401f8ef228d88960b3daf6569cf46d147305d00b8bd019c1d316053538b2b2d3958255d15956ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\koMQ.exe

Filesize
1020KB

MD5
26882b119a9792d42179c260176a8722

SHA1
99ce24341d9c527c5a82bc32a2904296f095cedb

SHA256
0fae6d44f515115cc844ed8a139408151e472252144bf6124b5c823755a64845

SHA512
de2b2402c6c591671c8344a01a1602e1f6b3a211f3565407b28ebe292caa1dac81c2b0f84a53a6c8aa9888ddd137fd9b8eb2375404d652f791ca976bc4d36107

Download Submit
C:\Users\Admin\AppData\Local\Temp\kocY.exe

Filesize
240KB

MD5
aea70be6a5261f08e5baf198bb697568

SHA1
20ce739d82a34d1cfcaddb143137626f07a5e0ea

SHA256
42cb4624aaf2d033c82e4726f4dfd4516da435f235fd05b56cfc4c1e786c2f8c

SHA512
5cde4392f527fa353d85f0cb349fb3569c945cf61294b43682a0fd0c11395936e7b03106ec98016e05d2c06afaa73122a4b6cd46ef6b284e3b643ca49ea92262

Download Submit
C:\Users\Admin\AppData\Local\Temp\lKEAkMYw.bat

Filesize
4B

MD5
e0193d64d4e6a3397639f54069963ff8

SHA1
9885e24e0eaf8c9cebd92c7f2071cdd443cc1cf4

SHA256
a41705cd10421c447b62fe8069177499f3ba93e10842ac8242a95b15ffc77c1b

SHA512
7163948c47e15be752877245149fb155687a99d3399b680d94a5b2bbf388c3596ffb58b089b6d15fd725c2f817b3785ec2c0372827a2c477d8cc65548ba46eb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\lYcAsIoo.bat

Filesize
4B

MD5
a95f332fee936a5df184e2dd5f4bccef

SHA1
5c92603668ab285b52169cd3834c928581d66c2c

SHA256
eabfec4d12f440dee6d945c56a3fa94cb5c72936d4312656d1aaaeec243aa0c8

SHA512
5b8b3c13badca720bb1491da7c1fe2285ffe3e64ca45aba4618cd9053bdf45a7cd745ad5127ff7a27683edb7b28a80f1ce3b8a139053cd4a3623db9a5d14062a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mAEkkocU.bat

Filesize
4B

MD5
b2ae62c333c4f28b7dfba87927f6ba35

SHA1
1cb2919abfd64fb4ff7b4710226798ee6a331ac1

SHA256
ec9d20de4954e3f3292b355bcc9082d9aaadd0db7eeb85d342dfda34a3d57c6e

SHA512
41b4587e574ada061c70c18e937cfee56d6227b361b823c53d6c84cfe072f64cf8e5d77f0f5ed9742efbcf77be358e8b7cd237e8be87d8257f0ddc447eed3f19

Download Submit
C:\Users\Admin\AppData\Local\Temp\mAgI.exe

Filesize
236KB

MD5
4c44e7a0de4fba538274dd06b899a701

SHA1
7329f57af17d9c6c8fd3d483ce6e2062557e3d2e

SHA256
a60ca6ea1de4b79f8ad0d777bcf0495b8d90c65fdefd90024df512ec908ac32f

SHA512
046e3d3f910bbb22d31a57a395e0c8c76f4188e4344088e86182213f7322893fed5655755bc073bf78451af0c7fc0443c69ed785ffde0a7ce0b79726f9f090c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mQYY.exe

Filesize
230KB

MD5
a64c5a7eef56ec3aec7f6e4dc6523a7a

SHA1
7149552a0f1cf623482af6e55c3d10931acf24dc

SHA256
abd40fe4ce8e24c8bb6874627e741b83bc0810f36f816d1c97e63d0ae9379904

SHA512
55540b08944f5512c551e39c80300e6076866d3fa7c4b3a9d539dcaf1930a1e8a91115356c96ff970250f4517a4da910f23b0a4251116d5c8c5b298dbd2d15a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\mUUi.exe

Filesize
392KB

MD5
a4b86141b4271b941e9f0b8c013c1b7d

SHA1
fa1fc888ddf34da6fc18693671969e6dd8b636b9

SHA256
a2ff12c4accd9e6bc4a1be66d28f1a60e5d458705f7d216a37c0c561257caab9

SHA512
dd25706ee3b00b256d42bc0f06f67f1fd9f31c99f47fa1a96b8d3a7840b9cf695c660adbf5b53a10781203c3dd1b83be1c9151fe4ac13e3d00d8cd26b89d085a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mcUe.exe

Filesize
201KB

MD5
230e5dd2fae5cdf024c62d366d1a916d

SHA1
bbd37d6e252b960703119cc3bafd94395e4dea13

SHA256
418bf07752d279d059e65e89d1aa41e12ea13edc6d5f3eaa22755ae213bbef2b

SHA512
585d1bcb1906ffd2a52ef6c7a45462d8c5cead309d2fa7c32b109b1354c75075f20461e71b828083aac0b373bc73ac359c4a0998c4ec35b89f581b10adcf4583

Download Submit
C:\Users\Admin\AppData\Local\Temp\mqEMEAoM.bat

Filesize
4B

MD5
63df9b1e7ce7a550d11b0c0e2eaed8be

SHA1
d7e8e5549c1c3ec9094b762dc8b555ba35366e12

SHA256
e65a048ebfff49dfa69abe420e6fcce496f36b9cfabdef4221a6cd8d92d6b571

SHA512
f970543e7a092609b3fb317a7429758533bd5f24c5c3a5219cf421821cda7097465da74c1bc63e908bd1e3f2ec26f1f15d70233fd475c1c4b23a6e4464617d22

Download Submit
C:\Users\Admin\AppData\Local\Temp\nOMYgAAQ.bat

Filesize
4B

MD5
327a336a1b58332b00eb8fe163564234

SHA1
2865d17cadf62e52fd1ee185cccf0898c50d5b64

SHA256
3bc4d908f950f4194bf129a799d53ccdb1f96ab45ddaafc588bcbb3c40b18957

SHA512
206e9868f771894d409c66f6977058e3abc98f6b2aae469f8c08f1f62ef407749227ae4fa16f233c970a896878ccfc1a42cb8f5dc393b4d4676a5d7c9cd91ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\naAkckYI.bat

Filesize
4B

MD5
b7ac45a46ebe1b27d7c45ca6832c1f0e

SHA1
b17e8977a137dd8e9d228fe3c0fbd8bcab0b8f2e

SHA256
ea432caa4a3c091cb767f61338b5b9fc46c4f91544c642aa7966819eca1e275e

SHA512
4a190e40d7c3b57bc28c990a4aafc75479e6588dccf80dd6c66cb75b9eb0d66192cb14d4f0b122b3afc3ff936be3853f3d0a03e8baf521d3a262cfbe8f238128

Download Submit
C:\Users\Admin\AppData\Local\Temp\nuMgoQco.bat

Filesize
4B

MD5
bf3c916d217ddf6490df90440d96172f

SHA1
33d31672b5562d0d516cf4864ac142ad20fb909d

SHA256
48c41812fc9518f79aa69ed4e1a2bcfc29802ede6c042b02fc81caa89e89f370

SHA512
be1c08a1e3ea2e23aaf8465459b00a20f139c54117aab7005c2fe0b6584d78f97afe62c6da5567a345a725da2eb2e8dab9513e2214673c2672ad759919a1c093

Download Submit
C:\Users\Admin\AppData\Local\Temp\oIMc.exe

Filesize
352KB

MD5
1b2f22d5cb19d71b7c132631dc40faf8

SHA1
2093509ccbd14eb71bb7e812951bceda657ecb41

SHA256
52c0ab96e30747970def43c35d96ecf91520b58023a48ad8b28f0b5f3ae7b573

SHA512
4b2c8a990058b99e995d7cfa7845d118c56e40de8970388dd4ee01975e25c41a498133f0898c6badfc1061e53a36edeea735af816c0a113c64bd3aaeafea3689

Download Submit
C:\Users\Admin\AppData\Local\Temp\oIcu.exe

Filesize
229KB

MD5
7c05c87858f12c2fc3840779b7b9f0e1

SHA1
6cf9c414febd1195db70c8a58f9c63c6771e578e

SHA256
33929b10fdd0aab9aaa6db77bd6feceb892df6376098991367d1ca8f2d50073a

SHA512
3e55a79b474462f01654dea2e5e16c5230d66474403fca7176541b6bf4c760d7f08fcd32da059efdf71acf696241c56c4b9b7aa676c11944e70fd21c04dc7328

Download Submit
C:\Users\Admin\AppData\Local\Temp\oKMIIIsM.bat

Filesize
4B

MD5
5f69b686f6e2f75269150f65f37c8b66

SHA1
db397cf5e1791451a207c2bfd57db5deaa0c82bb

SHA256
1c816f95a4e7d1176c26c7baaafc7f8e778b5902abb4c0d062492e6dee5fb0b2

SHA512
7ab5947d1e219b89dfb75cd27c31561c346ff9734f704a73869cd3dfc92fb5f0e0fe8e40688e95abc79ea35b3729d13f07d1990c0367fd351b5e4a1f78bdc1d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\oMEA.exe

Filesize
241KB

MD5
242d66f46ce0b31f9b4def4206c37025

SHA1
a11e6cf5f8e87f51bf9c029e676b48e7a1c413c0

SHA256
ae5b345ed38b9427dcfcdd3fb55a81b9c23700611005aa47a74fd5373c76be2a

SHA512
914490a4eee69024214efe0d6534afa601f3576d35ac5281d61d18e6d9aab7b69f627385b9f2c17ab47cfb9466f274d55d69fc96ee8ff279e3faccd1aac771ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\oQgIgswE.bat

Filesize
4B

MD5
8d63ab905185ae5f9c8c2e4730ba197e

SHA1
2c1c65433d05afd32832ebe1d665a719d56ebb23

SHA256
9a51264bf3ae0a32d3d2c32d7a61b6cc7c8e606a9290ed495d31f5274545dc06

SHA512
a6751dbde5cd5447746e819db3b2cca936e89c120a7002419f11175d441d94044e0727df15e3bae3c60f24dc1f9831af96dff3036099a4457bcaad498d3ef2ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\oUIO.exe

Filesize
249KB

MD5
be6cb0ec10eb5469a6f3af9e4f22b83e

SHA1
7e13dd46349b8e10dd2d5be4418ed9558d7c1662

SHA256
101fea7d46e84cec7c70874026a6137feac81bd35d5a9b7082dbb81627ef13cb

SHA512
793ff3d48066e3b89f6f728d9145053c54f93a1bb77687d94cf76a0fcb0f267bf6d75c121120763a1a882de59ec7521ab6ada67dfb9c281329a56962325abba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\oUYK.exe

Filesize
244KB

MD5
6422fda5bb1ad20de5c8ea9e898a5888

SHA1
21d70de862e9a43121e7bf762586df787e40d67c

SHA256
b8fdc90d9fba214fd6575cf9bc8873e94e4f7e00d0afb195f402780fdf6900ae

SHA512
6a04378723a09be07afe499c47b4a168c3f80134fb431400ae87ee083cfee9415416c28b421f87dc35d120a9a41d182525b5e640cf031d226830917e8c41b0c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\oUcu.exe

Filesize
1.2MB

MD5
37813d91d08a006a23ccb781123f4a49

SHA1
bb6b641b0a7965a0c80477fd97d2ae62e4bcb0e6

SHA256
d8bbc577bcd5407b5eaf818bf76d98725490202b30b6960d62644fa526256e92

SHA512
c5fc3ec22f2e8eb14f7923282c15fccbb9b33d1be9aa6a6ba7cd31f5984fa6235cbfcab0bbeb5dd3906f90a6b0aec632911a990afea2146eb7bd588b7b1c1da1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocUU.exe

Filesize
244KB

MD5
c34cd631823d71e12f71ebc8d9372627

SHA1
5976e854f6c54bc50dfd42187369d735db5c7eeb

SHA256
736880b13e83bb011417b92af13fc5061e0d9f2299c9a8df6bc37d63b780f965

SHA512
181ea663b70b09fd12f578e799bd56b2c3045b41f545160810f960a82874d39d4f5044c45df4c9c26cddcd930f7aaca6b2b341f151dc134c0073c536575bdc6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocoQ.exe

Filesize
238KB

MD5
b439162ea5c084686e27ac30cb2e4a15

SHA1
9aadc1fb452d31f85dedc0d050f40dbef024ba01

SHA256
daa2981196e2d37bb05409ef905de302975eae71aae1a78d9834474997c78a26

SHA512
7eec1afc1da08edba7423d9a00072e9be46a3077ae28d6bca8aa4b08bcdb860796625282696ce2fc164e841e33911e9555b7381565dfd7c16904bec596da0a12

Download Submit
C:\Users\Admin\AppData\Local\Temp\pCsAMIsk.bat

Filesize
4B

MD5
3aa674700c3b49e8c746d89050695397

SHA1
4f71332a300ab13c61022b4ecc32bd6ce84a45cd

SHA256
43208b197ec1d140b6acd3d759b378c407ed8b38a1819e19329e94656ed243f3

SHA512
8088ba26716990e511adb1de63cd5144430c582915c3bfaf9b7f94e5cd713faf3747e17aefa9e6303489f9d724c23f877c8583ce02697ed98d2f8f02b5037eb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\pGQcMssQ.bat

Filesize
4B

MD5
f421ce49b9c0e31a9de8ba84556646f0

SHA1
64d5105da6632ebb7acb12c9e2f2783b19926a88

SHA256
6f8afde5419387868d1576a7608ab9ca19a74234ec6352d18689813c30557865

SHA512
7b643ca5339ae342e896e2bf365b253efef84a479a9500216031d70a6731b53c58fd89beeaa40ea8d45ca89811e83b24fd7345cc908bcfaab6b82e6adf6d1aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\pMYEMYgM.bat

Filesize
4B

MD5
f8c01cc89049b94151ab61b4669077fb

SHA1
01fc2dd2c4dc284058302a01274e634b16200f32

SHA256
cccbfed2fe22aa4aa56a44d10279575259b0b9a04d7e9f442b06d9244d1752c4

SHA512
2dad0ebc3af94107ddb95374e0f48223dbc6324330d32f581537e1c0b2cc895718eb9ac14f03ed57d493f2837dbd3a4ba407e99f85f3c25850db4c4b52f2e5e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\pQgAAMog.bat

Filesize
4B

MD5
74540576bec1fd7e5100c4c1e4cc3035

SHA1
d4b5cdb2a88f4da8f879718fcd9ecbae2e5c8583

SHA256
87a351659311d180dd1543864b887c5b5a2d3fc0c98709b52f06f1d02af1f778

SHA512
ce11aa45e467e5c887172c4fbf53e333e8b1fba525c0e88001eb6a0cfbc3fb8cca10586cf19b36e347e6e115373f0a6a86609df6e74aac306aab3ad94dc9d3a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\qAAO.exe

Filesize
955KB

MD5
234ec006b5a3fdff8c23294578584634

SHA1
50a8e9f4ff05d52837c2115527cae275184ef0c0

SHA256
8b1a090b09cc5468274121ba8a8aeea60f8888e24decc159ec4f77469349b746

SHA512
aadf88fc1e0cba2f87904b04804891631f6556f11631c945ddb2a446a127d7aa74c9fe46e49134f8494846bfff3c070b24e2ba788ed8f83537a981ac763fea75

Download Submit
C:\Users\Admin\AppData\Local\Temp\qEce.exe

Filesize
858KB

MD5
52a3fa439bc6953642b72fff60ac84c1

SHA1
955975b483a6139c61edd451d925952300f5ac3e

SHA256
994270f9b33c2795a2294bf6791cc869eba9f8cc5c2ee83f199a9158c0ca3c4d

SHA512
696e00ffaa6cd08b0acb067e0b9a39ab150e0febf5ba03efe4d538b677a860eb768807d50fa8992d7fd3e163eafdd34d0fe7da810cbca65264ec893d3893a519

Download Submit
C:\Users\Admin\AppData\Local\Temp\qIMW.exe

Filesize
234KB

MD5
f8afea8d3fb910d4213652d9b2e1d113

SHA1
2eb0ad65a29b13b3661e6f03a5757136b6574b58

SHA256
a7c0064f947dac8a9402045db519990ffac1ba2f663a7f1879128a90d1a7d6bd

SHA512
a44c7ac4a314b4496a4b63f32815ceed24213809543a25209f800e09edb760f1c5ddea215d4e9577442622d3da1cf09daabe3c7d23c56c6de3b2db66ab053a17

Download Submit
C:\Users\Admin\AppData\Local\Temp\qMQkMAkg.bat

Filesize
4B

MD5
bf651a0c371ccfaad8d4f45782b5cea4

SHA1
02e6d94b1dcdcea81e91cfe1955560cf160865a6

SHA256
0a67274e97ad07efd58b52021d80145724f594c9d50edecda01c004a2f09f9ab

SHA512
8fd307b830fe55cea73374ba7939b2abc13b59e680ca6ac48a32ce5240e3ea01abcb3f300bf5316dbd23d2b1e0511fbcd3f114500520e833d0fcd9c5452f321a

Download Submit
C:\Users\Admin\AppData\Local\Temp\qMou.ico

Filesize
4KB

MD5
ac4b56cc5c5e71c3bb226181418fd891

SHA1
e62149df7a7d31a7777cae68822e4d0eaba2199d

SHA256
701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3

SHA512
a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

Download Submit
C:\Users\Admin\AppData\Local\Temp\qcAq.exe

Filesize
293KB

MD5
4982b4d8f914b3faa8c4150d8325c51a

SHA1
e4dc3a54af1648b76720f42ee784a56f553531db

SHA256
85b23b4a04b81c3acd8dd31fb394dc831312b183fb2437f2113a5b7c10f184ee

SHA512
7c75dca6845df39af239f0074fbefef862c4091b6536af4347cbafdb5cdc9ba6fdde2494ecab483535faea7313312f9e817a739c3c2c3888010e4fe990809d2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\qkke.exe

Filesize
195KB

MD5
bb6223f9408884f451761acfc097e180

SHA1
95620c8efcf64a752d460b1115a2a78b12d56abc

SHA256
a83a98cd53d0c204ff60fe7f52938d1ae0002bce92554fa68b1b9c91975afcaa

SHA512
4376e9454f78749a98b3ad553c3330c160445e046e75148b3f10c28623f9127eb98d7be5def814a8130acbfc6b6795522bc3731d5a7e470a843bf42d6914b307

Download Submit
C:\Users\Admin\AppData\Local\Temp\qkkq.exe

Filesize
238KB

MD5
d0a6532c32c41240a7728c164adca1b7

SHA1
19c3e653110d7062d00bece70f7bf175d6b0f7b5

SHA256
4925ebb12174863b37fd3e324086c68bba6ee31207c75c2f78a929bd26cfa5fb

SHA512
7088fcf0d31aaeb9cae5b54b7e208aed510fc51b63358ba7f0d68311d8d265f8efc9e1dbc9aa0f6d264c2c098932d7e98012069bb8a545ffd6a7c8091b1e03da

Download Submit
C:\Users\Admin\AppData\Local\Temp\rIMIIIQU.bat

Filesize
4B

MD5
53bec165273449036c241c6176a9fe09

SHA1
90b1a22bdfa6df27d8442b88acab1fdcba5e2782

SHA256
8a2a84358d3639c7ec19d9a8fbcee8603448af0c44a0447ea8cfe4e17a1729b5

SHA512
4217fb8b4d9d747520a6fcca35d2a5bb5d6ed76d0a17ae668caa0eada854ab63bcc72119bc5226047b7c923c855b39e2177b17dc9dac312a7272843fbe3e0245

Download Submit
C:\Users\Admin\AppData\Local\Temp\rggEAAMY.bat

Filesize
4B

MD5
a71f87de90cee007d0d3efd903b6d5a7

SHA1
4ac29e5ec6dc229eab58ecbd682c441896bad2f1

SHA256
49eabb9e8294803cd15ddee925716231135bbff5cf40415bcc1c196eadc99cc2

SHA512
eecfa260ef11effdc9505fed0f784a51f6de7238133883abf0861218adac3111b9aeb2b700be27126dac7c928be516f5c695deeffe2a41da41c5a5a088d31e42

Download Submit
C:\Users\Admin\AppData\Local\Temp\sIUc.exe

Filesize
240KB

MD5
4f3919f27bbd3b6353829a0cd8a65696

SHA1
b9b87446ddaac479536dece8deff319badaab418

SHA256
e5f0ad0a4c922ef693270a32e131c25eff01aa094b35b967a53d694195ad905d

SHA512
cb5606e6f9f500ec730584132a0be35995549cc6ee9c67a7a581a52ec5990c2a2411f29f3f4c961c297d57d376308582931fe773b2db12e2f185a799938d8111

Download Submit
C:\Users\Admin\AppData\Local\Temp\sQAK.exe

Filesize
4.8MB

MD5
e20c44eb3c3da4435e7f32143eb83ff7

SHA1
4abcc5a1c893c1da66a132c1e2df9b756a138d6a

SHA256
3474aa4bafaf1b969b46fbf19b8845dcab6717a1f2b79c44d39253240f1826d3

SHA512
59291c485e06b2523a8adcd4bd12969b89e74e304b991a288ddf33163893ce9cd456c65b578d81926f95b6b6d2ec35ce12bb3a7c5ee844e0c80f08180786e99b

Download Submit
C:\Users\Admin\AppData\Local\Temp\sgMckQww.bat

Filesize
4B

MD5
3f4148270e69ed87072ef1e3d0092002

SHA1
84754121e0c3b7c12aa88fe3e697df67248c8694

SHA256
e7edb5ee8c9df286bb45b9b0dd0ce1199799efa7bd03978954b4b95b3afffb87

SHA512
3fc48ce920166e44e691374edcec2df10f50ad29fd1166de2dfa92c626cf288ee650cbfeab52c3a4990b4c6706af38d0812f892d9d55a0ad7e307f23856d28e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\sgwM.exe

Filesize
239KB

MD5
00c942958be79eb3d3222adf5cf63d80

SHA1
6a689d4507eb53fbf0e21b978e4a5974664a79f8

SHA256
72d2680588e857184af902586f4067f47bb929f635e00b2209387e1373b9dbfe

SHA512
0ffea687a18298e5e96ef58ffc01769d9a99d1fe337967394f8ac67923cfc9b253b87d3021cbb7327662d03ba8c9c191549b2927bcee6a92b2b9e72432d0982e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tKEYEwII.bat

Filesize
4B

MD5
b48929909bac15a64994c32f19874a0a

SHA1
6cf2e81f54c5501ccfae1af15a72425a7c84a12f

SHA256
e2b780f62ecdcdd5f18058918423f8ac6e699f25278ffe148e2760f28c71b828

SHA512
c72ba36426d98aa55dead38475cac8345db7c70cccf9c7d9b2dc0de14ff2799d823239683031cba6c6ac006396cd619e538d5a452a5efe0a60656f8e8d981bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tigowwIE.bat

Filesize
4B

MD5
da1fd3f1a6efcae066e299eab380d361

SHA1
6d8ffb655c541d277634a0b21e99c357384d0cd9

SHA256
d3d6ba229c2337ac0ee895a812bf6ee066cafb422b84d5796d3afba13ce64047

SHA512
74b9efc3e59381ec58aef5bae0c699d00ba331cba8f6baf6ccca3f5361e884bdd139d68a7d0cf2651906a48b288d6ea0ff214f08fde3e30a23904ba3dd81b6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\uEsa.exe

Filesize
250KB

MD5
eac01e62130db96ed9f658c15a28af3d

SHA1
a57430105ae1ff6d5307f57c17b1b23670a59288

SHA256
4038fcd767d40736b4fa4c23e9b3d34103e5410e22bcd5f304d674c3a698ec5d

SHA512
924a4c525c69ad5362342dcf553a05fdb994a9e74da5f4e3e418283865b024638e37a5e59e3e1794155ab825f5d88aa530decc620ed114b18be9f4a2826e9325

Download Submit
C:\Users\Admin\AppData\Local\Temp\uEwk.exe

Filesize
246KB

MD5
61fed978c9a5d879599a0141daa7cb79

SHA1
9b642c2eab2dbec76893a4617248746ac932b472

SHA256
1dd0142958749f6e28575c084f92ef677e882db68d746124d6a1afb81c3f0a16

SHA512
0a131c2320e16e5b7141666e8da2bd1221c6220ad8cb151b7d6c87541806d7c7fd6b7e1399ba442da672ed2e3a59178ecae43669ce1c0cda01b9b6b10e87982e

Download Submit
C:\Users\Admin\AppData\Local\Temp\uIgw.exe

Filesize
331KB

MD5
94317138e397fb87179792da30cc1153

SHA1
527a7ed906f477a37dc459be10c33f9c9d0e5cda

SHA256
e2cd806b065470cb6ab0ac92aaa7d89fdd450a5ad8767f25707bcaf95df4e319

SHA512
b05aacbc0f4b24da4d9a106c48c295cd251f5756938b63a88fe68fe4a7b29e6f0d1917d5dec670b69761256211b9cb54c9e74cb10d14b1e04f51cbe5379b587e

Download Submit
C:\Users\Admin\AppData\Local\Temp\uSAMgEoo.bat

Filesize
4B

MD5
727f3b87687f368c9342bd4db3f97715

SHA1
f7d1591f3ebd21b63b6ff1b7b9f08593050bb4a2

SHA256
9c460fa5ff1c826bedd28dc66569be482a7ad6e559949beb605a6d386c34aa08

SHA512
83171c807f2a70b798a16acdfb2ead83aafe3579019378d4e618e9f6d708160924c9556bf9b02bd5f96de40e0497dc54598ea10f253ce1c92aa16ba7c90decd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\uYAA.exe

Filesize
508KB

MD5
b1c6bf606ea554cd613bfc1876f43326

SHA1
ec86cb6ab3a3d236d79dbd1a6d15c33c21106edf

SHA256
cb86b224a25ae54e60d56654b278c71799d551aab62a7e428c6cf4a366a256e0

SHA512
2d0f2460eef2e143a32a6c18821f6242bf1516d1974812bf36a102c6571ca40235ad3094a082ccb3c642ea956f916017d38ed0c2855b42f2dcc9a639a39eafb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\uYAi.exe

Filesize
240KB

MD5
658d92ceefb702771c115e382fea6657

SHA1
82a1876066a8f94465c8d0415780c6e4ccaff07c

SHA256
d32bfd0f17f49a9f2649fdc22943170f27c5bb2635b693d97886746799c60d4b

SHA512
8c9e6913fa09f0f0f2be6e2060d10b84e407b000860efdc499929cc306681bdc0bc4c0d995012dc636a39afa1d70447078aa1d61e890428bce5e770c455d745d

Download Submit
C:\Users\Admin\AppData\Local\Temp\uYsS.exe

Filesize
236KB

MD5
5313b3fe8b61e6748bb4c20a7d82f5b8

SHA1
d21c57e62946f3fc015fa930d1db6f4d36b33dcc

SHA256
7344f45ca82e214da8bf9b7915529f2ce6c5f9a597188c3491c97d254ebf8f4c

SHA512
ffa00d9dafdf054448a3321974001890bb6642546e1ecee041e80bc34d7b6a2b16bf680a6b68a4961ea63a1ffb2d6ff21f8e49d53da44dcc241722908f7e4822

Download Submit
C:\Users\Admin\AppData\Local\Temp\ucUc.exe

Filesize
207KB

MD5
ae5127f6f3a960bac59561d1310d303e

SHA1
1b6b189b57492052c3677934a25bdbab4570e038

SHA256
b0b87018060254f7eb4bf64ba6459dad7c120b961c69ebd8d6bbac9932c3e62d

SHA512
a999886ed7f576da2b2b9b9ffba87b2200bfa007ad17b04c18073c64e82f256dad596781db9712a1cf9dc0e2e9458f9da9e3c6976179ccb772aef8a3299804b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\vGUYMQYs.bat

Filesize
4B

MD5
5eba9d83daa7abf7f2402b041ee13a3f

SHA1
779d5bbceaac011f9d60dffefec31d7233f27dee

SHA256
b16d97b6ee809e8ec8cfde25ae6f43b52b84ea6fc96694629ef556e8eb98b4e6

SHA512
2bf8b517b85d4bb5020cd0ac3b626676d3d664a11f710fbd8409fd24455a1198863475504644644449e451d49147d88faaa6dd3425fa29405c9f513e93025a4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\veMoEQMg.bat

Filesize
4B

MD5
8d385aa6fed17ca92bcbb22bcaabbf88

SHA1
fe8db75b4e36704f38b4d1a326cea6c944368f89

SHA256
7a9f2b3cd065e8e5105b8544e6aebb49dcb42d199c660d7c8f8a2dcedf0f748c

SHA512
9c439250425d8512013f4ad13759e9031fd2c33b7145e8389e4772200af8082a77aa221fc8669e1e41a2a7d76117517b9f51db8419526b068f37170d70598deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\wAIW.exe

Filesize
213KB

MD5
3773ab02b9d18179c024b91f8d6f5184

SHA1
a4e9cd045d1eb1cc63f4d9549c88bb78eb5784ed

SHA256
b27eb0bd0198ab47188866178ff21f16da95c525a999bb9485bd33af5dcedec6

SHA512
07018f0ccc6c20108c34607554e7ffe3a2a00408c02f5755d22ac9dfce81b74e0265e68bc6fa01200d7b2ad3047507a70bcd417cca9765bff1410d2b2c1a5401

Download Submit
C:\Users\Admin\AppData\Local\Temp\wAQQ.exe

Filesize
233KB

MD5
9dc3b46d7cfefd2d441bd8afa219e240

SHA1
4dd27bf4c968dcfa8c0019bb021fb2f41b05c2ab

SHA256
025578046ac0a5fb2b3ec2690544b93c4f84de38cc8023fcd5f4608a03633659

SHA512
1371aac5b6b46bd6571da00adf3e3cf39dedf2a40b1edb17210bd0b5e1aaa5fe94b50f13c11f25f4921fe5dde37cb35e73a395b6101940d0b462e64a01286cb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\wEQA.exe

Filesize
834KB

MD5
36ae28e7ef3cbdde800d09de634297b6

SHA1
28ee7b78eed17d0e992394d2b13482d4d6577df7

SHA256
e0a23962ef2904537809bc20d8b0d3e0346ce2260a679fbb99a7b04138032e41

SHA512
e2ad5a4b3dd03f2e61d42c1ec825a39c088591096fbe822daf0271e0ab2c8cbdefd21f7a63a07bedf1a546e02979db258a317af48a5a2c2334706f80cf67ecae

Download Submit
C:\Users\Admin\AppData\Local\Temp\wEUcoMMY.bat

Filesize
4B

MD5
372b81b293932e6fe0dac9ddefb87368

SHA1
e07123e0da05f4dbd353c2ad2fc10eafef920570

SHA256
4413ca2591cdbe99bee979730c395b40e4e006e304dad0f4bacbb07a8371913b

SHA512
7e96d92b436f6047b80ed3e31111787593d5af71b4c78bd976bcd4e2e4f5830ba5ea051737f74b2ec0a31aedc16dc5b2616cb7e93bbe6e3fe93756f6b20788be

Download Submit
C:\Users\Admin\AppData\Local\Temp\wIUc.exe

Filesize
232KB

MD5
227f090d3998e946e62b52318c492aed

SHA1
897cc17f7ee8ace2cad9cda68cec0f1a2a737925

SHA256
f167fac227bb72566dfcb692b9c7f4f5dd2f38fe9b56bd4d13e5f3e434e98ecd

SHA512
5ebe19b1ff86a6d5dd82ba7159ec6f4b18ddcc03cad4b6b1e842b84aaddc1ffcf6912f206e5dba093b7df5ba0c483dcbd83a52cf3ac2712102eeddb6ab24fd77

Download Submit
C:\Users\Admin\AppData\Local\Temp\wQoo.exe

Filesize
215KB

MD5
35e029f5c5b3679da71dc590e05968fa

SHA1
ebe06c81c1c37c191d35c1357e293e92e4303d6c

SHA256
b064d19eb1f88cddf768f666130a706c95037250ef7998104c6f36817cbc117f

SHA512
d13768f9aa4c931f9d3a30c9dff274b2cb1be4441b74458d84b0bd4c45bb9a306bfd59a9483c4e3158e85a3228f5e1944cfe444e4e7fa6ef1b6ab965d5c66f79

Download Submit
C:\Users\Admin\AppData\Local\Temp\wWMMkIAw.bat

Filesize
4B

MD5
a1466c404e05b7db9cb6bea17e215c5d

SHA1
5b64074b212aa39137d986d1869b017474061845

SHA256
099fde3554f1155ec3238fbc22fcdc1425742c5501b949de6d33b560376e532f

SHA512
62fec9ec08219c64cde35139b7af6f08d90e198e94a8e87e1ba9f198b1ca156f070a7a2fdf806b322395ac8830d856fae20c5e86bb9dd9ab84d0b7838bf48147

Download Submit
C:\Users\Admin\AppData\Local\Temp\wcEK.exe

Filesize
241KB

MD5
d2c4932cc1565ff0ae4631aabc4f92ed

SHA1
1b588424b0e88ccc6bd1e253668c2373caa71f8e

SHA256
2bb6cf4b87c086d4b035e5321516a8595422db9d9cba6c30653ecec7792b87e4

SHA512
09839c48957920dd2e6076ab0ac9707bf2b4273499893415741414940d7e288178d6db62682eee217aaa456becd3f7a2c4fc87191ce9ff7aa47dd32fbbb89c30

Download Submit
C:\Users\Admin\AppData\Local\Temp\wcoA.exe

Filesize
4.1MB

MD5
13f428170059de07eaddb6a5b61a5411

SHA1
a6e1efc1ead2f17b2c9d9560bc6479442d5e3d96

SHA256
137c9b43f60a7a22a7932a9dae94423a600beeb549ad4283196a50481286bf96

SHA512
0d3a2f01e87576c89c4fdd8e492f0eb78270af0a1f4d5a4b3163af9d142e498843bf6533033ced0356ab34c362ae57d34c469c1ba4226409e09234900b812e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\wokEEQIQ.bat

Filesize
4B

MD5
c64824e084803bf704272f0e1b55f18e

SHA1
acba9b6e34534f43fa115daf0c6efb543a717b1e

SHA256
b19cf67ba50fe10e5e8ef98a19827c2ce76ced38c2a3d3df286db201cc27c812

SHA512
026df669773c242d0f7a2fd4e792f10bf34475b3cb847549ab16d5b12c4ec950b860387a34c448e27fd1c50a066d6601689d2550aa81c92bc76f0a8705017584

Download Submit
C:\Users\Admin\AppData\Local\Temp\xUcoUoMk.bat

Filesize
4B

MD5
4c7e1456793f865d9ee7042b722846a4

SHA1
a702a18b94bc2a5eee21a305ab7cb074077981f6

SHA256
49ae980430c41f701f8cf3682b42d5d226435bea52b4d3a27c05cb1413285129

SHA512
cb005d1f6bf8fb54001df9f2e68b9f9f9884fdb3b2bd5e99215b3a29ad7f07c8846819298def03d9a9ce5d320b2ba03ff7f40ea929c22c1b706f6ef2f38d2a49

Download Submit
C:\Users\Admin\AppData\Local\Temp\xeUcIggc.bat

Filesize
4B

MD5
12ed54918685cd7e16a2e5aa2934064c

SHA1
6fbda3e0098c8145829b0c5e16eb70c6afca15e9

SHA256
c781387a78dd4d1e62b36d449b696e249b7652497f6f823fc944d4c597f8423d

SHA512
7132b4a635e741607995ae42fbad90e283bf923000c3017675a5e4da09b7c08f33fbc058c17a65612cf6132a664565d60dfc9ea784cd8a6d80a8419b24c19bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\yEMS.exe

Filesize
241KB

MD5
a180545952e490eff65e41555f1eba5c

SHA1
6cd8c5430eedf6115c8588f6c10bd655360f50a8

SHA256
c19a155f6cc6eac3e4ce957772d741f01c93333bb5b156c2a020a0bbc47a33bc

SHA512
55f25d0a1d37058ac14ec5f17fdf95413b94a02217fe3f6cabc7808ac4e8085afc62d43b02aac220f3561b884ff0adb7d4d641e755c8700f55fc4f0f35ae8914

Download Submit
C:\Users\Admin\AppData\Local\Temp\yMMa.exe

Filesize
184KB

MD5
35e8ffdd5ebb7b1fd934d4042d350875

SHA1
b4fe2dd681a0a83d85759fbfabe337460163889f

SHA256
596da28ec07cdf6951928ebe2eca479ee5934958dd7f68efb76dcaec94ab3376

SHA512
b0244f974c9fd8c7352b9a243064d7cf23a930911f7eead9c2555ee4b90c0d73c6e9cb3cc67f52ae1043a73613038c9e992559d13825bb471dcc938c6b8dba11

Download Submit
C:\Users\Admin\AppData\Local\Temp\yUke.exe

Filesize
235KB

MD5
3fa5ce148d2e000b16de3be1e90ed0ea

SHA1
2c78e93225a29a45a490d20c6aec21461264dba4

SHA256
b49f9c50ab1878ed5f62913059428d90ced3cdf999ab1a4e2bde2ab754255a53

SHA512
7f45be7b1184d3f59dadaa7caee42c1fc23bb9530834fde2d8245b1ac72fc741622ea248a0ac6ab0df1141aa4a806131f10eb71578ddfe6637d177a3270ce170

Download Submit
C:\Users\Admin\AppData\Local\Temp\yYEE.exe

Filesize
249KB

MD5
e6482ce3371abe48461c73fd00c6bc34

SHA1
37681ee616396a3533a9922263a53cf9b994b5af

SHA256
7d9488f7c9bb0ee22bb9432d685f24afecc310d33f044e818cb3c51cff472d6e

SHA512
d602fbf69eab9d867e057271640be91f33c37c3389e119a89cac4ac36ddb2c9694a47f5a5de4233170a1be01e079188afb97f160dd21ea767ccd42f038bf3420

Download Submit
C:\Users\Admin\AppData\Local\Temp\ycUY.exe

Filesize
944KB

MD5
8ef8c9c81e35e335788d12ea8ce6233f

SHA1
dba49cb2f3b646966b4b8f6cde5fb0ac902dd6ee

SHA256
efd28ea7328251e6d23e6bb3ba9b2aa4c447bc28225d2f79c06e21c00d453191

SHA512
52683d853a40e1da28ea4ba4735cc75a126539ff03a97468152d4a748d9851ee01ca13ec2c084478d1d30a5123cabb92450d810fa21f646997aa87cae83bd4de

Download Submit
C:\Users\Admin\AppData\Local\Temp\yioIUwco.bat

Filesize
4B

MD5
bba780cb21b1fcb2439b844108282a4f

SHA1
117c65fd4f17466a5380762d7eae2a3a824cf978

SHA256
2b477086c68c2ecf92258fdfa0796ff9f1913e99c4ce52fcef9ce136eeb19c72

SHA512
16a5edeb38277501e55ea2e0aa931c79065943aa85b1ab097b25030eca4db49eac775cf6ac35db82abc74015b6e830ddd88d17ae4c63797a6923376e9acd6173

Download Submit
C:\Users\Admin\AppData\Local\Temp\ykMQAEkw.bat

Filesize
4B

MD5
5143b13a09a96b0823694f219754e725

SHA1
d525a7de18abc66ff35f5cffb87f8a24ef4cf0f0

SHA256
520e249e47538d9cd08e89731fb605512e5929feb5f76272cfa3a01393592116

SHA512
aee0e09964af6636ce40c7e11b497eb31055090578571ca21151266d7380b97b9f72337d8abb62d8532e2d566b388518de29e7d58d89ab1cbf18fa3ecf6605f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ywwi.exe

Filesize
216KB

MD5
cea9288f243234422b2a5199cbe834b7

SHA1
ef11d5f025a776ca7477e1a7df8952242a1de99c

SHA256
a6e5ca5d8a87c6898d90b83166ebbc916f186761be9c92f74fa3be8c3f6e334d

SHA512
38df2d2db52dbbd3e41876d12d8a0a470f4d5445fa2e4139bc613ca981a808d8514671d82b658052e629492f7a4b150ca3cad1cbe83083abaa88c854683066b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\zoQQIcEM.bat

Filesize
4B

MD5
244a3267296916ed9ff9ad77c1d64e13

SHA1
181715ea0c0a324feb3241a734e2712e2c35b542

SHA256
e7137c7fe72857e36870ba458e032c9fa37472d56a6cb2d3e02a9fa214756975

SHA512
eb7b3ec3edb25f3c64d618c9dcb8cfbbd58567f973017b9d31371df2ac3d300468bc40b54046c2ddc0f088065e1d029259cda4d471e582dafd15480a4f3db14a

Download Submit
C:\Users\Admin\AppData\Local\Temp\zuIsEcgQ.bat

Filesize
4B

MD5
2df3e658bf9b0e691c9730dfff498b02

SHA1
723948963e9169e9aa3d2417feff3375fba5c109

SHA256
435ac2699a0ea81ac52ecb2f288448592c0903b46d2358d1aaf5049086fc8554

SHA512
9b567b9e6bd3a3a4173749d18ad80ec440ec507e93852b40e06286b42ccdf37d6fbf84f2adce120f80a92d90150732af37b72bdeb93a90f35f14441d9d182fc2

Download Submit
C:\Users\Admin\Music\DenySync.mpg.exe

Filesize
400KB

MD5
4fb079b45d81f6d814c84ae4fdffa722

SHA1
e0f28db9e30600f8b9b058ca0ef5e61ec7768009

SHA256
e1df0c2d3af6b6e24875fe1b80f1d67abc6a07e28861f17972367d93a4224372

SHA512
02aedcceaec69928201b17bfd04c85f976009f2284589948d4a95fdb07a4a274a7a05e12bc4d5cca14b378d13fc16c9244e44011868b36a79450d5e77d581a43

Download Submit
C:\Users\Admin\ZmEUkkMU\qigMkwQA.exe

Filesize
201KB

MD5
49b1fa9d06abd8052146bfcebdba1df2

SHA1
eb0b271347163809b4f26afcde6f640689e43481

SHA256
ad9f3b3dda2d86195b3bbc9d4372c8e6d00710492be104b26584e7a5940398e4

SHA512
69e534998b7c6ba8abf2bd27c073631ea103ee63b12b45ab83ac419130a743d8a0a534a6a181639b6d6c270b43aa605b9803df4699f9cf8ee0c9abd624899eeb

Download Submit
memory/564-93-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/564-116-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/652-402-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/652-372-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/748-588-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/824-451-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/824-418-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/840-2978-0x0000000077940000-0x0000000077A5F000-memory.dmp

Filesize
1.1MB

Download
memory/840-585-0x00000000004C0000-0x00000000004F3000-memory.dmp

Filesize
204KB

Download
memory/840-2979-0x0000000077840000-0x000000007793A000-memory.dmp

Filesize
1000KB

Download
memory/840-594-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/840-584-0x00000000004C0000-0x00000000004F3000-memory.dmp

Filesize
204KB

Download
memory/840-571-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/840-582-0x00000000004C0000-0x00000000004EF000-memory.dmp

Filesize
188KB

Download
memory/1012-203-0x0000000000160000-0x00000000001A5000-memory.dmp

Filesize
276KB

Download
memory/1012-202-0x0000000000160000-0x00000000001A5000-memory.dmp

Filesize
276KB

Download
memory/1124-154-0x0000000000260000-0x00000000002A5000-memory.dmp

Filesize
276KB

Download
memory/1124-155-0x0000000000260000-0x00000000002A5000-memory.dmp

Filesize
276KB

Download
memory/1336-509-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1336-539-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1400-228-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1400-261-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1404-227-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1428-371-0x00000000022B0000-0x00000000022F5000-memory.dmp

Filesize
276KB

Download
memory/1460-91-0x0000000000260000-0x00000000002A5000-memory.dmp

Filesize
276KB

Download
memory/1460-92-0x0000000000260000-0x00000000002A5000-memory.dmp

Filesize
276KB

Download
memory/1468-417-0x00000000022C0000-0x0000000002305000-memory.dmp

Filesize
276KB

Download
memory/1504-349-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1504-380-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1528-298-0x0000000000160000-0x00000000001A5000-memory.dmp

Filesize
276KB

Download
memory/1548-59-0x0000000000470000-0x00000000004B5000-memory.dmp

Filesize
276KB

Download
memory/1548-58-0x0000000000470000-0x00000000004B5000-memory.dmp

Filesize
276KB

Download
memory/1556-605-0x0000000000340000-0x0000000000385000-memory.dmp

Filesize
276KB

Download
memory/1556-604-0x0000000000340000-0x0000000000385000-memory.dmp

Filesize
276KB

Download
memory/1624-333-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1624-299-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1692-204-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1692-238-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1728-251-0x0000000000150000-0x0000000000195000-memory.dmp

Filesize
276KB

Download
memory/1828-60-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1828-90-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1832-496-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1832-322-0x00000000001E0000-0x0000000000225000-memory.dmp

Filesize
276KB

Download
memory/1832-495-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1884-464-0x0000000000160000-0x00000000001A5000-memory.dmp

Filesize
276KB

Download
memory/1896-530-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1896-560-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1912-518-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1912-498-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1940-551-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1940-580-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2008-141-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2008-107-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2116-130-0x0000000000420000-0x0000000000465000-memory.dmp

Filesize
276KB

Download
memory/2220-252-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2220-285-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2232-308-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2232-106-0x0000000000160000-0x00000000001A5000-memory.dmp

Filesize
276KB

Download
memory/2232-276-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2288-403-0x0000000002250000-0x0000000002295000-memory.dmp

Filesize
276KB

Download
memory/2288-394-0x0000000002250000-0x0000000002295000-memory.dmp

Filesize
276KB

Download
memory/2348-404-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2348-427-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2400-13-0x0000000000470000-0x00000000004A4000-memory.dmp

Filesize
208KB

Download
memory/2400-28-0x0000000000470000-0x00000000004A0000-memory.dmp

Filesize
192KB

Download
memory/2400-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2400-43-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2400-12-0x0000000000470000-0x00000000004A4000-memory.dmp

Filesize
208KB

Download
memory/2404-587-0x0000000000180000-0x00000000001C5000-memory.dmp

Filesize
276KB

Download
memory/2512-156-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2512-189-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2536-586-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2588-34-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2588-33-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2596-178-0x0000000000270000-0x00000000002B5000-memory.dmp

Filesize
276KB

Download
memory/2596-179-0x0000000000270000-0x00000000002B5000-memory.dmp

Filesize
276KB

Download
memory/2616-131-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2616-165-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2632-35-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2632-69-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2644-583-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2684-348-0x0000000000330000-0x0000000000375000-memory.dmp

Filesize
276KB

Download
memory/2684-346-0x0000000000330000-0x0000000000375000-memory.dmp

Filesize
276KB

Download
memory/2728-357-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2728-323-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2736-14-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2808-180-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2808-213-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2812-474-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2812-442-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2928-497-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2928-465-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2956-570-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2992-274-0x00000000002F0000-0x0000000000335000-memory.dmp

Filesize
276KB

Download
memory/2992-275-0x00000000002F0000-0x0000000000335000-memory.dmp

Filesize
276KB

Download
memory/3020-31-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3064-529-0x0000000000160000-0x00000000001A5000-memory.dmp

Filesize
276KB

Download
memory/3064-528-0x0000000000160000-0x00000000001A5000-memory.dmp

Filesize
276KB

Download