02a18fe83691b5a5d8cb9664bf45408ec425737c526455cf75db394659a8bfa0

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Size

208KB
MD5

2f402c0cdceed59f7215a9f9d9396836
SHA1

9c2db00220feb1fb238c9702271e02f18fd2e0f5
SHA256

02a18fe83691b5a5d8cb9664bf45408ec425737c526455cf75db394659a8bfa0
SHA512

3b22eedecf62213fc9ade6f7ec98fe587392c0b2544a04a5668a241ddf716c18768f5d1d3361b20c9e8c0f85de518c9b7e0cf45b550817d0c9512defbabfb7c4
SSDEEP

3072:Dt9olq1YK/B+EdT9KxguX5upzMD4DuRO4Vgh8OBIRBinkyHL5O4zTzXk:zoqtsEdA68ux5g0BI6nkyrpznXk

Score

10^/10

discovery evasion persistence ransomware spyware stealer trojan

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

UAC bypass 3 TTPs 64 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Renames multiple (60) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\International\Geo\Nation	ViIIcoIo.exe

Executes dropped EXE 2 IoCs

pid	Process
2064	ViIIcoIo.exe
1808	TiwUEgMQ.exe

Loads dropped DLL 20 IoCs

pid	Process
2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\ViIIcoIo.exe = "C:\\Users\\Admin\\jkIEUUwY\\ViIIcoIo.exe"	ViIIcoIo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\TiwUEgMQ.exe = "C:\\ProgramData\\ncYQoYsE\\TiwUEgMQ.exe"	TiwUEgMQ.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\ViIIcoIo.exe = "C:\\Users\\Admin\\jkIEUUwY\\ViIIcoIo.exe"	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\TiwUEgMQ.exe = "C:\\ProgramData\\ncYQoYsE\\TiwUEgMQ.exe"	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico	ViIIcoIo.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TiwUEgMQ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

pid	Process
2972	reg.exe
2292	reg.exe
2696	reg.exe
2828	reg.exe
1720	reg.exe
872	reg.exe
644	reg.exe
2900	reg.exe
2440	reg.exe
2776	reg.exe
1908	reg.exe
2276	reg.exe
2168	reg.exe
684	reg.exe
2708	reg.exe
1620	reg.exe
2460	reg.exe
2784	reg.exe
1620	reg.exe
1744	reg.exe
2292	reg.exe
1748	reg.exe
2352	reg.exe
2672	reg.exe
2480	reg.exe
2400	reg.exe
2452	reg.exe
2704	reg.exe
1720	reg.exe
1848	reg.exe
2920	reg.exe
2732	reg.exe
2104	reg.exe
1364	reg.exe
2516	reg.exe
904	reg.exe
2472	reg.exe
1652	reg.exe
2032	reg.exe
700	reg.exe
2908	reg.exe
2656	reg.exe
1612	reg.exe
1588	reg.exe
2416	reg.exe
2352	reg.exe
1732	reg.exe
2872	reg.exe
2788	reg.exe
1120	reg.exe
1596	reg.exe
2880	reg.exe
1500	reg.exe
904	reg.exe
2292	reg.exe
2276	reg.exe
1568	reg.exe
2756	reg.exe
2176	reg.exe
2620	reg.exe
2532	reg.exe
836	reg.exe
2564	reg.exe
1612	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2696	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2696	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1968	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1968	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1644	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1644	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2012	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2012	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2476	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2476	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2568	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2568	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2096	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2096	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1276	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1276	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1652	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1652	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
584	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
584	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1856	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1856	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2964	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2964	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1596	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1596	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
448	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
448	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1364	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1364	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
332	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
332	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2236	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2236	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2676	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2676	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2624	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2624	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
768	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
768	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2308	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2308	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2776	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2776	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2136	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2136	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1456	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1456	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2936	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2936	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2428	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2428	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2320	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2320	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2040	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2040	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2840	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
2840	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1564	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
1564	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2064	ViIIcoIo.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe
2064	ViIIcoIo.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2064	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	30
PID 2092 wrote to memory of 2064	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	30
PID 2092 wrote to memory of 2064	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	30
PID 2092 wrote to memory of 2064	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	30
PID 2092 wrote to memory of 1808	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	31
PID 2092 wrote to memory of 1808	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	31
PID 2092 wrote to memory of 1808	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	31
PID 2092 wrote to memory of 1808	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	31
PID 2092 wrote to memory of 3020	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	32
PID 2092 wrote to memory of 3020	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	32
PID 2092 wrote to memory of 3020	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	32
PID 2092 wrote to memory of 3020	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	32
PID 3020 wrote to memory of 2104	3020	cmd.exe	34
PID 3020 wrote to memory of 2104	3020	cmd.exe	34
PID 3020 wrote to memory of 2104	3020	cmd.exe	34
PID 3020 wrote to memory of 2104	3020	cmd.exe	34
PID 2092 wrote to memory of 2344	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	35
PID 2092 wrote to memory of 2344	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	35
PID 2092 wrote to memory of 2344	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	35
PID 2092 wrote to memory of 2344	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	35
PID 2092 wrote to memory of 1516	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	36
PID 2092 wrote to memory of 1516	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	36
PID 2092 wrote to memory of 1516	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	36
PID 2092 wrote to memory of 1516	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	36
PID 2092 wrote to memory of 2956	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	38
PID 2092 wrote to memory of 2956	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	38
PID 2092 wrote to memory of 2956	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	38
PID 2092 wrote to memory of 2956	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	38
PID 2092 wrote to memory of 2704	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	41
PID 2092 wrote to memory of 2704	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	41
PID 2092 wrote to memory of 2704	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	41
PID 2092 wrote to memory of 2704	2092	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	41
PID 2704 wrote to memory of 2712	2704	cmd.exe	43
PID 2704 wrote to memory of 2712	2704	cmd.exe	43
PID 2704 wrote to memory of 2712	2704	cmd.exe	43
PID 2704 wrote to memory of 2712	2704	cmd.exe	43
PID 2104 wrote to memory of 2872	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	44
PID 2104 wrote to memory of 2872	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	44
PID 2104 wrote to memory of 2872	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	44
PID 2104 wrote to memory of 2872	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	44
PID 2872 wrote to memory of 2696	2872	cmd.exe	46
PID 2872 wrote to memory of 2696	2872	cmd.exe	46
PID 2872 wrote to memory of 2696	2872	cmd.exe	46
PID 2872 wrote to memory of 2696	2872	cmd.exe	46
PID 2104 wrote to memory of 2564	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	47
PID 2104 wrote to memory of 2564	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	47
PID 2104 wrote to memory of 2564	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	47
PID 2104 wrote to memory of 2564	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	47
PID 2104 wrote to memory of 2624	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	48
PID 2104 wrote to memory of 2624	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	48
PID 2104 wrote to memory of 2624	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	48
PID 2104 wrote to memory of 2624	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	48
PID 2104 wrote to memory of 2636	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	49
PID 2104 wrote to memory of 2636	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	49
PID 2104 wrote to memory of 2636	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	49
PID 2104 wrote to memory of 2636	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	49
PID 2104 wrote to memory of 2608	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	53
PID 2104 wrote to memory of 2608	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	53
PID 2104 wrote to memory of 2608	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	53
PID 2104 wrote to memory of 2608	2104	2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe	53
PID 2608 wrote to memory of 1688	2608	cmd.exe	55
PID 2608 wrote to memory of 1688	2608	cmd.exe	55
PID 2608 wrote to memory of 1688	2608	cmd.exe	55
PID 2608 wrote to memory of 1688	2608	cmd.exe	55

C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\jkIEUUwY\ViIIcoIo.exe
  "C:\Users\Admin\jkIEUUwY\ViIIcoIo.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in Windows directory
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:2064
- C:\ProgramData\ncYQoYsE\TiwUEgMQ.exe
  "C:\ProgramData\ncYQoYsE\TiwUEgMQ.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:1808
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
    C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2104
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2696
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        7⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1968
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        9⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        10⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        11⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2012
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        12⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        13⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2476
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        14⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        15⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        16⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        17⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        18⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        19⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        20⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        21⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1652
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        22⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        23⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        24⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        25⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1856
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        26⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        27⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2964
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        28⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        29⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1596
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        30⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        31⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:448
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        32⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        33⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1364
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        34⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        35⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:332
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        36⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        37⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2236
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        38⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        39⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        40⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        41⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2624
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        42⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        43⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:768
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        44⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        45⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2308
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        46⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        47⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        48⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        49⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2136
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        50⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        51⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1456
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        52⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        53⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        54⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        55⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2428
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        56⤵
        System Location Discovery: System Language Discovery
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        57⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2320
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        58⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        59⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2040
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        60⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        61⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2840
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        62⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        63⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1564
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        64⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        65⤵
        
        PID:268
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        66⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        67⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        68⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        69⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        70⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        71⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        72⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        73⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        74⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        75⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        76⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        77⤵
        
        PID:932
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        78⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        79⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        80⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        81⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        82⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        83⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        84⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        85⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        86⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        87⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        88⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        89⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        90⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        91⤵
        
        PID:468
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        92⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        93⤵
        
        PID:684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        94⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        95⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        96⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        97⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        98⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        100⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        101⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        102⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        103⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:2392
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        106⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        107⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        108⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        109⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        110⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        111⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        112⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        113⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        114⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        115⤵
        
        PID:448
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        116⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        117⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        118⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        119⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        120⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        121⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        122⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        123⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        124⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        125⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        126⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        127⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        128⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        129⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        130⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        131⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        132⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        133⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        134⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        135⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        136⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        137⤵
        
        PID:660
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        138⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        139⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        140⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        141⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        142⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        143⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        144⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        145⤵
        
        PID:984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        146⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        147⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        148⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        149⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        150⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        151⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        152⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        153⤵
        
        PID:836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        154⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        155⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        156⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        157⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        158⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        159⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        160⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        161⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        162⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        163⤵
        
        PID:316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        164⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        165⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        166⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        167⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        168⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        169⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        170⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        171⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        172⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        173⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        174⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        175⤵
        
        PID:760
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        176⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        177⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        178⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        179⤵
        
        PID:984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        180⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        181⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        182⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        183⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        184⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        185⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        186⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        187⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        188⤵
        System Location Discovery: System Language Discovery
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        189⤵
        System Location Discovery: System Language Discovery
        
        PID:1548
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        190⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        191⤵
        System Location Discovery: System Language Discovery
        
        PID:376
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        192⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        193⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        194⤵
        System Location Discovery: System Language Discovery
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        195⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        196⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        197⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        198⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        199⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        200⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        201⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        202⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        203⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        204⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        205⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        206⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        207⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        208⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        209⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        210⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        211⤵
        
        PID:868
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        212⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        213⤵
        System Location Discovery: System Language Discovery
        
        PID:1744
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        214⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        215⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        216⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        217⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        218⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        219⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        220⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        221⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        222⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        223⤵
        System Location Discovery: System Language Discovery
        
        PID:1640
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        224⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        225⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        226⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        227⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        228⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        229⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        230⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        231⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        232⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        233⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        234⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        235⤵
        
        PID:868
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        236⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        237⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        238⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        239⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        240⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        241⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        242⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        243⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        244⤵
        System Location Discovery: System Language Discovery
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        245⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        246⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        247⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        248⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        249⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        250⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        251⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        252⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        253⤵
        System Location Discovery: System Language Discovery
        
        PID:932
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        254⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        255⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        256⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        257⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        258⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        259⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        260⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        261⤵
        
        PID:996
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        262⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        263⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        264⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        265⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        266⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        267⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock"
        268⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe
        
        C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock
        269⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        270⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        270⤵
        Modifies registry key
        
        PID:2400
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        270⤵
        UAC bypass
        
        PID:1768
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        268⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        268⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        268⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\gacYEYYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        268⤵
        System Location Discovery: System Language Discovery
        
        PID:1956
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        269⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        266⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        266⤵
        
        PID:888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        266⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\RKIgowcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        266⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        267⤵
        
        PID:768
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        264⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1616
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        264⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        264⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tMQEkYcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        264⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        265⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        262⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1120
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        262⤵
        Modifies registry key
        
        PID:2276
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        262⤵
        UAC bypass
        
        PID:1340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hsAQYgAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        262⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        263⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        260⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        260⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        260⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\IOMUYcco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        260⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        261⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        258⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        258⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        258⤵
        UAC bypass
        Modifies registry key
        
        PID:684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\AWYMwMss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        258⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        259⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        256⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2292
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        256⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        256⤵
        UAC bypass
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\iSgEskEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        256⤵
        System Location Discovery: System Language Discovery
        
        PID:1152
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        257⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        254⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        254⤵
        System Location Discovery: System Language Discovery
        
        PID:2768
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        254⤵
        UAC bypass
        
        PID:2236
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ySUckoIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        254⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        255⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        252⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        252⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        252⤵
        UAC bypass
        
        PID:2296
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ecoUwMsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        252⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        253⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        250⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2788
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        250⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        250⤵
        UAC bypass
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\JsMskowk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        250⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        251⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        248⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2088
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        248⤵
        Modifies registry key
        
        PID:836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        248⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\RMsEIocU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        248⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        249⤵
        System Location Discovery: System Language Discovery
        
        PID:2184
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        246⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        246⤵
        
        PID:756
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        246⤵
        Modifies registry key
        
        PID:872
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\LCIAUIEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        246⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        247⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        244⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2664
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        244⤵
        
        PID:952
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        244⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\NaoQIYcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        244⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        245⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        242⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        242⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        242⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\yYcMscwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        242⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        243⤵
        
        PID:660
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        240⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1120
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        240⤵
        Modifies registry key
        
        PID:2532
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        240⤵
        UAC bypass
        System Location Discovery: System Language Discovery
        
        PID:3028
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\OYYMowQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        240⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        241⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        238⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        238⤵
        Modifies registry key
        
        PID:904
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        238⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\OIIMUYck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        238⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        239⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        236⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2760
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        236⤵
        Modifies registry key
        
        PID:2872
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        236⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\KWYgsIIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        236⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        237⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        234⤵
        Modifies visibility of file extensions in Explorer
        
        PID:320
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        234⤵
        
        PID:888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        234⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\bukgEwkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        234⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        235⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        232⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2480
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        232⤵
        Modifies registry key
        
        PID:1500
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        232⤵
        UAC bypass
        System Location Discovery: System Language Discovery
        
        PID:1148
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\zeQsosMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        232⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        233⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        230⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        230⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        230⤵
        UAC bypass
        
        PID:1684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\nSAsUEsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        230⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        231⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        228⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2464
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        228⤵
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:2516
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        228⤵
        UAC bypass
        Modifies registry key
        
        PID:1732
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\VocAAooc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        228⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        229⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        226⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1856
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        226⤵
        Modifies registry key
        
        PID:2672
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        226⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\vWokIkss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        226⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        227⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        224⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        224⤵
        
        PID:344
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        224⤵
        UAC bypass
        
        PID:3032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\uasAQEoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        224⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        225⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        222⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1588
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        222⤵
        System Location Discovery: System Language Discovery
        
        PID:1548
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        222⤵
        UAC bypass
        
        PID:2924
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\sMQQksAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        222⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        223⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        220⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        220⤵
        Modifies registry key
        
        PID:1720
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        220⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\QUEoQUYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        220⤵
        
        PID:760
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        221⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        218⤵
        Modifies visibility of file extensions in Explorer
        
        PID:316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        218⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        218⤵
        UAC bypass
        
        PID:2748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\sEYEscEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        218⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        219⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        216⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        216⤵
        Modifies registry key
        
        PID:1364
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        216⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\lQcMgIgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        216⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        217⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        214⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        214⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        214⤵
        UAC bypass
        
        PID:2540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\twUUYEAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        214⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        215⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        212⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2216
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        212⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        212⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\lqQEgcoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        212⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        213⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        210⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2880
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        210⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        210⤵
        UAC bypass
        
        PID:1040
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\yAsgkgwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        210⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        211⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        208⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        208⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        208⤵
        
        PID:912
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\iIQEEIYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        208⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        209⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        206⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        206⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        206⤵
        UAC bypass
        Modifies registry key
        
        PID:2104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\OeIgYQEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        206⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        207⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        204⤵
        Modifies registry key
        
        PID:1612
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        204⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        204⤵
        UAC bypass
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\OCAIgkME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        204⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        205⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        202⤵
        Modifies visibility of file extensions in Explorer
        
        PID:780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        202⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        202⤵
        UAC bypass
        
        PID:1260
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\VookgMcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        202⤵
        System Location Discovery: System Language Discovery
        
        PID:1564
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        203⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        200⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2828
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        200⤵
        System Location Discovery: System Language Discovery
        
        PID:2596
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        200⤵
        UAC bypass
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\BgIsUsoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        200⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        201⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        198⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2732
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        198⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        198⤵
        UAC bypass
        
        PID:1944
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\voIUcwIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        198⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        199⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        196⤵
        Modifies visibility of file extensions in Explorer
        
        PID:888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        196⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        196⤵
        UAC bypass
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TyYAsMUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        196⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        197⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        194⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1276
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        194⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        194⤵
        Modifies registry key
        
        PID:2656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\kKcMkUcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        194⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        195⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        192⤵
        
        PID:768
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        192⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        192⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\aYEokkQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        192⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        193⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        190⤵
        Modifies visibility of file extensions in Explorer
        
        PID:280
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        190⤵
        
        PID:836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        190⤵
        UAC bypass
        
        PID:1688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\CSYEEwQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        190⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        191⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        188⤵
        
        PID:760
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        188⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        188⤵
        UAC bypass
        
        PID:344
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\OAMYogYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        188⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        189⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        186⤵
        
        PID:584
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        186⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        186⤵
        UAC bypass
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TKEsUEUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        186⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        187⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        184⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2352
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        184⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        184⤵
        UAC bypass
        Modifies registry key
        
        PID:2920
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\xuQQskcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        184⤵
        
        PID:768
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        185⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        182⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        182⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        182⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\lAYwEsoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        182⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        183⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        180⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        180⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        180⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\RWAwAEEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        180⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        181⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        178⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1616
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        178⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        178⤵
        UAC bypass
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ukMIwEEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        178⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        179⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        176⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        176⤵
        
        PID:888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        176⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SEwUMkII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        176⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        177⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        174⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        174⤵
        System Location Discovery: System Language Discovery
        
        PID:1692
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        174⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\EWEcQUks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        174⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        175⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        172⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        172⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        172⤵
        UAC bypass
        
        PID:1648
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\Ucgwooso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        172⤵
        
        PID:872
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        173⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        170⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1680
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        170⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        170⤵
        UAC bypass
        System Location Discovery: System Language Discovery
        
        PID:2628
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hWQMAMAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        170⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        171⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        168⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        168⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        168⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\xYIsUUgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        168⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        169⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        166⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        166⤵
        Modifies registry key
        
        PID:2908
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        166⤵
        UAC bypass
        Modifies registry key
        
        PID:1848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HmgcEAso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        166⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        167⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        164⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        164⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        164⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\NigYgoUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        164⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        165⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        162⤵
        Modifies visibility of file extensions in Explorer
        
        PID:3040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        162⤵
        Modifies registry key
        
        PID:2696
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        162⤵
        UAC bypass
        
        PID:1944
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\gSgIAccw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        162⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:1232
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        160⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        160⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        160⤵
        
        PID:788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\yoQYokUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        160⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        161⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        158⤵
        System Location Discovery: System Language Discovery
        
        PID:756
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        158⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        158⤵
        UAC bypass
        
        PID:2276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\OgkwMUcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        158⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        159⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        156⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        156⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        156⤵
        UAC bypass
        Modifies registry key
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\wQAcoAcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        156⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        157⤵
        
        PID:644
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        154⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1700
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        154⤵
        
        PID:268
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        154⤵
        UAC bypass
        Modifies registry key
        
        PID:2168
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\KAYoIgUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        154⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        155⤵
        
        PID:376
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        152⤵
        Modifies visibility of file extensions in Explorer
        
        PID:700
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        152⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\FgEwUIIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        152⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        153⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        150⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        150⤵
        
        PID:780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        150⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\dOUsEkQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        150⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        151⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        148⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        148⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        148⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\nYEcUUQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        148⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        149⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        146⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        146⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        146⤵
        UAC bypass
        
        PID:2976
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\rUQQQoAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        146⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        147⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        144⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1848
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        144⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        144⤵
        UAC bypass
        
        PID:2080
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\soEcscEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        144⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        145⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        142⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1648
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        142⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        142⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\uQUkUwgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        142⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        143⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        140⤵
        Modifies registry key
        
        PID:2292
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        140⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        140⤵
        UAC bypass
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\KMQEUgsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        140⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        141⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        138⤵
        Modifies registry key
        
        PID:700
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        138⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        138⤵
        UAC bypass
        
        PID:2916
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SSIswYgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        138⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        139⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        136⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        136⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        136⤵
        
        PID:912
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\PWwgAcQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        136⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        137⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        134⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        134⤵
        
        PID:932
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        134⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\LeYoQEYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        134⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        135⤵
        
        PID:316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        132⤵
        Modifies visibility of file extensions in Explorer
        
        PID:952
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        132⤵
        Modifies registry key
        
        PID:1720
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        132⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\xIAowgcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        132⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        133⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        130⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        130⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        130⤵
        UAC bypass
        
        PID:788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hKsgoYks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        130⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        131⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        128⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2120
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        128⤵
        Modifies registry key
        
        PID:2292
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        128⤵
        UAC bypass
        
        PID:2716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\jOUIcwgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        128⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        129⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        126⤵
        Modifies registry key
        
        PID:2276
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        126⤵
        Modifies registry key
        
        PID:1744
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\sWMcgQUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        127⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        124⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        124⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        124⤵
        UAC bypass
        
        PID:2776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\OycgEQwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        124⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        125⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        122⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        122⤵
        
        PID:320
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        122⤵
        UAC bypass
        
        PID:1404
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\CCIokQYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        122⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        123⤵
        
        PID:764
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        120⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1700
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        120⤵
        
        PID:268
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        120⤵
        Modifies registry key
        
        PID:2972
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\GskMEowA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        120⤵
        
        PID:984
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        121⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        118⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2108
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        118⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        118⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\vAcQAQQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        118⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        119⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        116⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        116⤵
        
        PID:316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        116⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\boEkYosA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        116⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        117⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        114⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1680
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        114⤵
        Modifies registry key
        
        PID:1620
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        114⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\FQwYUUgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        114⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        115⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        112⤵
        Modifies registry key
        
        PID:2784
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        112⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        112⤵
        UAC bypass
        
        PID:2788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\UukEIwkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        112⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        113⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        110⤵
        Modifies registry key
        
        PID:2032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        110⤵
        
        PID:780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        110⤵
        UAC bypass
        
        PID:2936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\CoIokcYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        110⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        111⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        108⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1256
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        108⤵
        System Location Discovery: System Language Discovery
        
        PID:684
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        108⤵
        UAC bypass
        
        PID:2716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\goQUIUAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        108⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        109⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        106⤵
        Modifies registry key
        
        PID:2756
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        106⤵
        Modifies registry key
        
        PID:1652
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        106⤵
        UAC bypass
        System Location Discovery: System Language Discovery
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\YYoUwYYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        106⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        107⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        104⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        104⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        104⤵
        UAC bypass
        
        PID:2248
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\IQsUcUoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        104⤵
        
        PID:952
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        105⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        102⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2308
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        102⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        102⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\zOIgAYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        102⤵
        
        PID:660
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        103⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        100⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        100⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        100⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\TWMQkAUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        100⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        101⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        98⤵
        Modifies visibility of file extensions in Explorer
        
        PID:888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        98⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        98⤵
        
        PID:788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hyIQQgUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        98⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        99⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        96⤵
        Modifies visibility of file extensions in Explorer
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        96⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        96⤵
        Modifies registry key
        
        PID:2620
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\rScocAAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        96⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        97⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        94⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2596
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        94⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        94⤵
        UAC bypass
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\CAwwAYwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        94⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        95⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        92⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        92⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        92⤵
        UAC bypass
        
        PID:956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\qUcMUwEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        92⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        93⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        90⤵
        
        PID:768
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        90⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        90⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\KaMowUgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        90⤵
        
        PID:760
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        91⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        88⤵
        Modifies visibility of file extensions in Explorer
        
        PID:872
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        88⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        88⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\usQIwMgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        88⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        89⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        86⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1260
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        86⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        86⤵
        UAC bypass
        
        PID:1152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\biUIswwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        86⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        87⤵
        
        PID:912
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        84⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:1620
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        84⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        84⤵
        Modifies registry key
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HCAMEEEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        84⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        85⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        82⤵
        Modifies visibility of file extensions in Explorer
        
        PID:3056
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        82⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        82⤵
        UAC bypass
        
        PID:2120
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\RUUokYog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        82⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        83⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        80⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2288
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        80⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        80⤵
        UAC bypass
        
        PID:956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fEIAwoMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        80⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        81⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        78⤵
        Modifies registry key
        
        PID:1908
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        78⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        78⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\lQcQEYQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        78⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        79⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        76⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1736
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        76⤵
        UAC bypass
        
        PID:2148
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\YywAsMIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        76⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        77⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        74⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        74⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        74⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\GmsQssAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        74⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        75⤵
        
        PID:532
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        72⤵
        Modifies registry key
        
        PID:2352
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        72⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        72⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SGMUUgwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        72⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        73⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        70⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        70⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        70⤵
        Modifies registry key
        
        PID:2776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\IUUkcQcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        70⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        71⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        68⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        68⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        68⤵
        UAC bypass
        
        PID:2308
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\nCEYMQsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        68⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        69⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        66⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        66⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        66⤵
        UAC bypass
        
        PID:1340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\FAwowwIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        66⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:828
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        64⤵
        
        PID:468
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        64⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        64⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\HWMQggkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        64⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        65⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        62⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2824
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        62⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        62⤵
        Modifies registry key
        
        PID:1596
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\NQUUAIEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        62⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        63⤵
        
        PID:916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        60⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        60⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        60⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\YGUgMosY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        60⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        61⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        58⤵
        Modifies visibility of file extensions in Explorer
        
        PID:332
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        58⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        58⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\cosgsAoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        58⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        59⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        56⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2756
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        56⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        56⤵
        
        PID:344
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\kOkIcYko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        56⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        57⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        54⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        54⤵
        Modifies registry key
        
        PID:2440
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        54⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\xOkEIQEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        54⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        55⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        52⤵
        Modifies visibility of file extensions in Explorer
        
        PID:780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        52⤵
        Modifies registry key
        
        PID:1568
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        52⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\voUwEcMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        52⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        53⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        50⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        50⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        50⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tyYkUUks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        50⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        51⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        48⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2764
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        48⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        48⤵
        UAC bypass
        Modifies registry key
        
        PID:2472
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tuMAsIUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        48⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        49⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        46⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        46⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        46⤵
        UAC bypass
        System Location Discovery: System Language Discovery
        
        PID:3008
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\MqAAsgIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        46⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        47⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        44⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2900
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        44⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        44⤵
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\CIcgEQcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        44⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        45⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        42⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        42⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        42⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\uaUccIMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        42⤵
        
        PID:788
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        43⤵
        System Location Discovery: System Language Discovery
        
        PID:2312
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        40⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1640
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        40⤵
        
        PID:780
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        40⤵
        UAC bypass
        
        PID:2832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\kGwAksYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        40⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        41⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        38⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        38⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        38⤵
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:2708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\hSwggIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        38⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        39⤵
        
        PID:700
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        36⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2768
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        36⤵
        Modifies registry key
        
        PID:2704
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        36⤵
        
        PID:660
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\fkIQEsEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        36⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        37⤵
        
        PID:836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        34⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        34⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        34⤵
        UAC bypass
        
        PID:2480
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\RAscUQck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        34⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        35⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        32⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:2176
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        32⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        32⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\nGIkwEcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        32⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        33⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        30⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        30⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        30⤵
        UAC bypass
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\kKkUUAIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        30⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        31⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        28⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        28⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        28⤵
        System Location Discovery: System Language Discovery
        
        PID:2628
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\EoscwgUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        28⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        29⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        26⤵
        
        PID:760
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        26⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        26⤵
        UAC bypass
        
        PID:3052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\QEEMEEsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        26⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        27⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        24⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2776
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        24⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        24⤵
        UAC bypass
        Modifies registry key
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\emwQUQcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        24⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        25⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        22⤵
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:1612
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        22⤵
        UAC bypass
        Modifies registry key
        
        PID:2416
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\rKUMsAEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        23⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        20⤵
        Modifies visibility of file extensions in Explorer
        Modifies registry key
        
        PID:644
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        20⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        20⤵
        
        PID:848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\vwYEIEAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        20⤵
        
        PID:984
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        21⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        18⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        18⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        18⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\NycYYcsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        18⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        19⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        16⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1256
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        16⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        16⤵
        UAC bypass
        
        PID:1692
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\nygYYkgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        16⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        17⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        14⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2196
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        14⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        14⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\eWkQcsYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        14⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        15⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        12⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        12⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        12⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\aSwoMQMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        12⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        13⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        10⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1696
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        10⤵
        Modifies registry key
        
        PID:904
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        10⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\yOsUQAAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        10⤵
        
        PID:564
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        11⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        8⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        8⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        8⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ckwIkYsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        8⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        9⤵
        
        PID:3036
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        6⤵
        
        PID:2460
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        6⤵
        
        PID:1840
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        6⤵
        
        PID:1680
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\ucUMkgkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
        6⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        7⤵
        
        PID:2804
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
      4⤵
      Modifies registry key
      PID:2564
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
      4⤵
      PID:2624
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
      4⤵
      PID:2636
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\pqkIwsEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2608
    - - C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        5⤵
        
        PID:1688
- C:\Windows\SysWOW64\reg.exe
  reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
  2⤵
  - Modifies visibility of file extensions in Explorer
  PID:2344
- C:\Windows\SysWOW64\reg.exe
  reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
  2⤵
  PID:1516
- C:\Windows\SysWOW64\reg.exe
  reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
  2⤵
  PID:2956
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\dUskYgEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Windows\SysWOW64\cscript.exe
    cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
    3⤵
    PID:2712

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-203369726216580852531357862889-1988780074-506347729-2086125487-1253529308-886424126"
1⤵
PID:2556

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1923067302-737267722540519189917737474-15365742415260381981305977467484118450"
1⤵
PID:2532

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "391727052-1257221769-275129701-810368952-1017097781-2086089850-1413097430596651205"
1⤵
PID:1852

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-831660292037041875-157450511-232961101469506596-1535872884-831548338-1891446550"
1⤵
PID:2640

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1451503903569966671288972399-503199910-1175926939311543255-1324941136-1929956070"
1⤵
PID:888

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18638828541914627561-546579416-1822181246-2142882530-11422694022101508681-2113643744"
1⤵
PID:584

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1923432671947504448-11288946041972580038-1980844874-19446144819029767891394138088"
1⤵
PID:2652

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1385422413131574036419393088817206031421308903512086680523-2019976605-426874456"
1⤵
PID:2828

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2081323780-19164278281235310863116453093312351227802008571946406050001927718038"
1⤵
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe

Filesize
320KB

MD5
937956509234c1ed799ea8c3038f6835

SHA1
e38e0fa085a264ef20c0395e68abdcfa8d3d60e3

SHA256
ac9db365f20f461b10275edde890ca2deb90ca0195a9f34c42173b897371f97c

SHA512
8fbae33098f60dbbc952120d183f69f6d72179a1202d5ea81487ff98eb51d43eed9411d32d02458e98aec154aa5eee8f2c1593ead5f8cce0f6a0c1d7ed59ba9d

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe

Filesize
240KB

MD5
8fae2b86fd3099f2fa5f416690007ff0

SHA1
62d93e7581c16471cfbeb5c701c9b9bd6c4ec7f8

SHA256
1ed33d98b8aca684f39ffa2820ca1ce3506fba670cfd7ad30f58644f5548c15e

SHA512
a073837d6d759e75d8e743b679207943a83478972e75482140e3203c21cb7302e543ed426a2fe88e46201543a998b8bcb24922bcf986ed15daf55e0f3daa9fbd

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe

Filesize
234KB

MD5
c2fb5fec2877a35b4b537314d1fbf82e

SHA1
311e248b7e0c2e1651857cfd31e09c9361f2f59b

SHA256
0f7cb9f3245b1849ce92b250775e856798b09aa443994bf9db32d3e9f1933888

SHA512
4bef4d5b06c8e2b46f1d11f4b3c10c3f5a4a383e21270ec1731bd48f953c8c4702615f85f1207f87c0ef1822924a9654362facd52cfbb5a24cf7ef70ad66b2c5

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.exe

Filesize
227KB

MD5
1c3e020f6b57e550ea9ceffc9bc58374

SHA1
1ffb2e4b33baad31975b2f4520cd550b38078518

SHA256
3ab2c31678b848f13b9715392f35cd758f7ec15ee4dc8a96fbb2af24931d1413

SHA512
1b8e4c354171082aa46b2b98b45243e1064a78cb1dcad8dcd4637cd5eae3e28e08da979f658758aecdb48c106eda46beeb54a3a13117d78bed5003eae34d0508

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe

Filesize
227KB

MD5
15512a521c25d9914e61cd23640b473e

SHA1
09fa4e1f5e11ddab26f9697016050890ae940363

SHA256
13393c335b877254b0358ca732e61465114633c6f6b18c215f3821f26cfba3f8

SHA512
ece4298ace180df938822226b7e07659a04697d13ae6e29ae037671245bd87c29cad419947f425383684c827feb54ed3fd53821ed54eb68dfae0ab00e460f7c0

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe

Filesize
249KB

MD5
5fd4ebeac7f3c8da9f36748d612ee45c

SHA1
3af8633df90854e8d4585d6cf7d19b0d141a607c

SHA256
34fa603ad3aab2475335e8c5c99dc973f8b77583a5070167968633b32e44519a

SHA512
3fca22af97db25effb6f658b8f16f3351fa949ad16a85de50bb0c3049e89975ccbbb9ec887aaec2d9657a26df949f88913bbb1e0c8f46d5174b27bd34f87c468

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe

Filesize
241KB

MD5
ebd811d67e81e8bc074d954ddfe27372

SHA1
ab6e0d04ee547ae35acc705c79cb013fde3d3a96

SHA256
e8693073120d152ca3876190d470aa383db9e111b4a96f2b5fca1c474aecd6ef

SHA512
e256c6d8e5a6eeaa5c2e4cb076337d8b3b5c0d66a784a866e282fae4e017302cd08a6e1c06f5a2ff1533e91597f9b8fcac743b1bdeb966d420914db5b78dbb91

Download Submit
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe

Filesize
638KB

MD5
f33ebbca8d077eccc849d99e5d6b42d1

SHA1
7ef47218a17fa1942476a8767c08b76d5894d8a8

SHA256
c6d82fbf983dbc54bcb6e89835d43b50d497096386a817f06f2642113a02844f

SHA512
302c680657810a5b83a256b07f9ec4e03ee1545ec8b9c9498a7248639513acf8c8dcb166a1cc72d0c79c9ae45204571924ce2b9b329d8537b60a66ffba2c6f67

Download Submit
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

Filesize
837KB

MD5
ea9fff0d0d6aa2c90dd2667d8b33df7d

SHA1
26adea180d972bd8f0c936f22f770acdc7bb5219

SHA256
5f9d4e77c53344e9a0c773a537d28fc266f9cf8a3b1eb479550595c5465e9a79

SHA512
cac90bddb0ebdbfea10f023febcba1cff645a530f2535d767ed29012fad29b08ab7f6f4099e618e43a703c1caa3159da73c37b591f66dbddc0f2745e92ea6aa1

Download Submit
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

Filesize
829KB

MD5
1555d871df14b452142e376d6a9feef2

SHA1
96cb2f6536496dccfd69f494ca531568ce71c191

SHA256
5290f497a72f409e594715c021e3087261021264477bec6db976fc5772b7817a

SHA512
0a7cfc27ca5ff48c1510313a80348ae31941a4fdcce54d99f7afd4b9ec982f7bdf43f7c517a41f8fe17228de4e63c2b59e559f3ef9bed7822ddb692bb6f46e53

Download Submit
C:\ProgramData\ncYQoYsE\TiwUEgMQ.exe

Filesize
198KB

MD5
065cfdd0ce3126d1461692f8b2cd72cf

SHA1
97203a0c429d679d27bd508959183a1afb6fde24

SHA256
66d6e7b844f958bfd25778a658a03c40150fe08edcf54646f9ae2f28b96f65e8

SHA512
c82049ef235bd4119a7261642938732abc2e6a679a94a595f18af42ece4b48f73b79b7e569dc322bdf6876d12c13cbf0f74f30b66f2c7c74b30a7f8bdc6b8458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\192.png.exe

Filesize
184KB

MD5
8216e25648a2ceb5843bf71d82795f03

SHA1
a002d3cd9077898b2ba04a8135694f129e0fa3b8

SHA256
6b92d78c9ac66eb14c597e3b7541b52e991c3d105a5005ab188ec40e84814656

SHA512
ff671ea55f888ef301b24cdb81b5117d0e3182c80a01a9d937daabdf6e6a816e07be57b8d6f7c89c7405960c0e03ac2926399ad2876bf7ec5b6970d5d5c8c7a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-10-14_2f402c0cdceed59f7215a9f9d9396836_virlock

Filesize
7KB

MD5
bfa92771c90c7199a8b84d21ca45750a

SHA1
8c0c9053bddcb7f95423392ba7d8de7960fd99fb

SHA256
61282907692cc4761493fbca1f89d7eaf3de7ec5f00b57d7c03cef01fc3e707b

SHA512
cdebc94fd6e0fc7a10ba67a06479330cf9a31ab5cfe21f1211775013c3a49fd23b15b6ff792f24d49d30032442c1eb582b8a43412deda8518fbd02deca5d6e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACUwoAMg.bat

Filesize
4B

MD5
14b73967b71fc6796710080b48c02d7e

SHA1
c39a048c7202a3d33fae69842860f412b17e305d

SHA256
85b2ed06aa680ffc391dfb0fda675e747756b3baf37f82fe7bdf68529917de3b

SHA512
8deb9a3c219b298f8100466545298f4ff15d3b191f78feba204c4ef2000115f37dd3627bf04d1abab74a988a587abd2887c2a8328823687c417cbc1059c9656f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AEQa.exe

Filesize
475KB

MD5
9e4f9c140ef9d33898d3dc6b87cdb66f

SHA1
e689d04960b99f8f22db5e6b51c9d27a2e1917e0

SHA256
0da566531b85df818b12622bd6bce4cf97405aad6a1e4d7ff26fe5aaf67b779a

SHA512
b059b94314a5c001962b2cf2f511753e3d27df6cc8c8b266516416ccb23fd24f45f8aa0fb7a87b6f02fda3f96e03af4a73a53a71a34fb8da48fc60dcf7881d3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AMss.exe

Filesize
246KB

MD5
634548a8ffab4b6d6bb946a80d7631b5

SHA1
f7bda90693a7f5cb858863b48c5121d3cac201de

SHA256
1acf4df6e4975366905214ef1591f2a0054ad88c6703be4423561ce794fdf53d

SHA512
fba6168377b22233744c0ddd5354c4a22c14035048164c6f4913df50be8ced68f316094bb34d029dea90bc96428db9a97dbe7da8c1fd758cd10cfe2f2e2db713

Download Submit
C:\Users\Admin\AppData\Local\Temp\AQMu.exe

Filesize
182KB

MD5
1d4197bf66a6d554ebb61b3282503050

SHA1
29e3d5dd0d751871de66314ba9cd5d9aabaaf7e0

SHA256
14b62463d01d2486d88cf723a87186e6141b1c99c9a62ba5b3e3e27f4b772f49

SHA512
02ac5d3f8c634d7eadd971e4577d99962fc48df9ad032e67646e3d7651450ccd9863c626ad9f360ee133728e6cfdb4870e57356ab543b9b03873d4f070adfa29

Download Submit
C:\Users\Admin\AppData\Local\Temp\AYky.exe

Filesize
346KB

MD5
b66170f59ebd86130a214704a91fa28c

SHA1
f6785e66f793c18715092ae22fbf4406828cf50b

SHA256
2d4647051d831266c94c975deea0785d4e0f0901fe731b5c49e2eae4380efa6f

SHA512
88e5e6972e52aa6753d1134bdd73e849e5f6ed6b60f7aa7112f7a15402fbd462082647e7a67f4ffbb1fd2d584f08d082115dfdfb72ef97a57d4e3072340b53e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\AYog.exe

Filesize
228KB

MD5
5f6bc7ae8d79d44a26ae4365b4ada6d0

SHA1
6895ab10de1ad1edf04ed91cb14b5ee9a6982b2c

SHA256
b150cf0ec473c2ec8cfaa85536a151708c1d64436a9f3142464d3d8a55f3bf1e

SHA512
101686306d6015151dac606b4e83a903be34ce29057b80e604abe93a1e9b8ebf8a1b444a0dec9cab0f0001ce0917c3768d66973f863e48480790a5e516e3809e

Download Submit
C:\Users\Admin\AppData\Local\Temp\AcYs.exe

Filesize
233KB

MD5
9608cab16f770e68679c9ed2a779b10c

SHA1
1d79bb9173c86d98fcb006d00c8a31d017cfb3ed

SHA256
a8e5862eb9f6e3635494f58bc5c3f02761fec4464c8ebcf2e8910f3a7dec9012

SHA512
1b7414def1d64610460a5a066cbb770900faa377e104f3a3a70a6afee0bee7a100c139c571c57ad9121de9be2feacc002c70bf85c6ff20ee73720dbaaf9a6e52

Download Submit
C:\Users\Admin\AppData\Local\Temp\AcoU.exe

Filesize
249KB

MD5
970d1bea90f1f77f95d7903e2c80bbf2

SHA1
a4c628060ada33d745a7a0eeb7f2c721d47f8772

SHA256
a651d8b070c4638ea4d8ec13ff827da627c7abb25cc48a672e7f4cdacaf342ef

SHA512
61ff97f0098b3c0dfe941e85e3e1437ff6dd453e0f301402bf5b6bcbf0a24c1ec48341174d0118bd255b612add1054e39588f528d6fe58bca2020bd6687448ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\AoII.exe

Filesize
205KB

MD5
bb51153fb8e55517b8c6fa720a2401d5

SHA1
8ff2d55bfadc588c44bff75d41e1dd9304e91b3c

SHA256
b2980bec29a697fe6bb0c8cf89a35823096ec2d61b6478913d5e4fed605201a1

SHA512
cdc5cc6ac70b8d0f0800457db60860543ed8644a021c0a4932405fb4b9c12f107bd4c0456bf18ab11c0c99d974bb05fce75556cf4291cc338edd389500ba5f83

Download Submit
C:\Users\Admin\AppData\Local\Temp\AowQ.exe

Filesize
187KB

MD5
58b10133a8325bcb00b008d311a65e76

SHA1
f05a6acc5fda5f5483911862c823163da5017286

SHA256
07ecbd4d361b457a90da93a6f70322dbb9cdf8dafebfe61285c7bb216e585ca1

SHA512
fb0c94ba1a3e021e66b668402af99d7e92f92de33cb769389e89803523bda3db1f40f89540472d4428d61767e17d4421b6c04e0ae397413b5ddbe7a7a1f0cd00

Download Submit
C:\Users\Admin\AppData\Local\Temp\BAMYIwgY.bat

Filesize
4B

MD5
e8f3709f09f2f94ba4f9dd7b9eae6dda

SHA1
85631c94d456b3ff86a56b5a66aad9d2e196bb0a

SHA256
1da5d3d120214dee681d974c22d0e9a73e0e57db57470fc833c0821d0f3f60fb

SHA512
fc9909bd688b86f3d8a79cc0a95353f617526baf729de85b82a0c4499d2e984caaefe5786cfbb8a91534196b2ee25d6591d192d71fd7d947b8b86f84938112cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\BgkUYEMY.bat

Filesize
4B

MD5
df7e21ccc59d2e723aee2184a2259571

SHA1
d54623bd3513fcb19b1597d46916cac90654e708

SHA256
e34d64f8b78937f73ccd9dedf3aafce9c7f6700cba2a58a1cb1eaebfda8930d4

SHA512
41c8d08d932f288662888d2c8949605cb39a5b3255a99c1b56f169da15fadf40432311419f864a099bf198e06bebea5b86e8d66959b9a46357b09a93bdd843c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\BiQQYEAA.bat

Filesize
4B

MD5
7b9bcc8c27271e19e3bbf28bea225ece

SHA1
e918355300af8867b7cbedd7ba99517347bb7df5

SHA256
4ea267cfa5cb7f58e19c5994a122698e810ce7ff8a24e029089306b4440b2fae

SHA512
ff548048fc54ceadcae22cad048d0bfcc7d0351c74f568a0dcd3617a70db06b8c2b5177f2acd39a016ee7093cf6df2726680519137f9d013447e8941bcf65109

Download Submit
C:\Users\Admin\AppData\Local\Temp\BuAMAMko.bat

Filesize
4B

MD5
716966713aac5335a05444a921c2259d

SHA1
1fb7004023e0ee4aee10d0c360d15de80aaa8368

SHA256
026371fb28b93069a641dcf72ea096395ada167680c29c4e37af335f94ca6843

SHA512
2f7b6ad51c50ee9b649298735383ab9f7d24f41328f27f3514c5eb8f7030bc0d1789cefa64c64b597757f7e00ef4cb5dbc03bb6410f76503e6f7a1dae8dab6f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CIYYUkIw.bat

Filesize
4B

MD5
e04a73de7169cb83e86ea339e8058baf

SHA1
0a30fac30daf6a614569498a969a967483f12ac9

SHA256
5e88e23bf6408e47a0fdd4306bc7a172b75c6fdc0f2225b78067e9789843fa69

SHA512
a451b240bc5c950a7af8ae03416e981614426f6700052252bff37148d6cc1c6fe32a9486f5bc5b9154ffa6df95767b667c828ba762b7013115725c15274d1f40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cows.exe

Filesize
193KB

MD5
fc8e5787d9c063ae0a79c5114efacebe

SHA1
d7d98583cf288d13257b25a41a028d037324a9c6

SHA256
4b46eebdce7419bb9f991da6bcea8228595d7618758773470af0801dc8186213

SHA512
0d63355fc58cb077be00b2798b9b3f4db6190d254aa25933a821551cc7ea560ff291dd01cdaf6f79585b4e334512582517b3e222b6ce524a659024a2f9e5f5cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cscw.exe

Filesize
246KB

MD5
e44215db75d6079167df2c982f6e5415

SHA1
7c6512487befcbd747a41ca86797e1310ec259fb

SHA256
08276fdc3946819ad6f7431afc144bb7e35290c43f7c08e7f027458162c994f4

SHA512
711c4ebfeea1b3cb06f86cc9eb8f126246b51a7caa920f569b50ac45ce10ece2e685efaf40de9c85b0a55df3fe27cd6b47afd75ee6f95c93de59e42710dcfa11

Download Submit
C:\Users\Admin\AppData\Local\Temp\DisIgckU.bat

Filesize
4B

MD5
833474b823603649aa93ada78164e2ab

SHA1
58ae2c523bc4a4589d1b3aac55c28f75ad65e07c

SHA256
8947d17a985a88aa48dc3d2f5733b617cd599da8c2b6e7b48cac19ddaae951e8

SHA512
68dfb1ca7c88980a217752699ae598a2356db25e7355e378522c23ae1eb85d45330b9604bee84fbb3fc22da4052e52fef66e1ce23fe61d784a15ce510c96ec13

Download Submit
C:\Users\Admin\AppData\Local\Temp\DmoEQcoM.bat

Filesize
4B

MD5
faed510e16835666a8205d40cd90322f

SHA1
12436479f88872154c0297404cbc2ce0d177daf8

SHA256
59760d3babf9ac3e61e9abbf6f2bdccf111c28f101980a88ab3340a3cf1a5bf0

SHA512
1b6a36d0e7d5729ea854f0ea69181ee578e9d4b2686ec0221dda7aff42c4f223289325f68758dfc25c232dca43fa446765a6558ffb72ac01b2dbe5304bb5c350

Download Submit
C:\Users\Admin\AppData\Local\Temp\EIMa.exe

Filesize
943KB

MD5
2b4f0c0b4b3d3c35fa3dbedeaacf7d0e

SHA1
b38f63ec4a661f557001e34965a7ba5bdf9f6afb

SHA256
1d5c98b47a93cad78d0c791ff76b1812660de853ab564465dabecf30130cf19c

SHA512
87837f29938012024d2fe23e124f84eeb297bd1491a7fda9a67559cbe1e7b1ed51defb9740625dbdf965f1f564b9035a0968afe66bc5474cecc3946e5689630d

Download Submit
C:\Users\Admin\AppData\Local\Temp\EKEYMcwo.bat

Filesize
4B

MD5
eb1c6cb1f2aae8adfb5f3ac2e586efc0

SHA1
0ddcb3715b1fe4569daf00bde65bb5adeaf4598a

SHA256
5d936b70ced051b0ea8fdf92c07aa2e910671340c86017ef1a8413803fe08d37

SHA512
a26dec69ed8b50128a1542f79cd9ee7b37fd1edeba4105991fb0bda865d08ac41f3044bb886f6b3e4690805757205664f372a2f89f2766666ed787c8511244f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\EKgQYAcc.bat

Filesize
4B

MD5
cb0faa275e59e46cf1c3ad834d00f67f

SHA1
0b8517f7586b5bd3c3e24df5eb6c7abb4dd9bf58

SHA256
16946a2d368e304467e52fb92f0ec862a84d18b241e0e41eee6dbd6a53581b97

SHA512
6c1a6eb6b1841201ddfe7dd05e3c599404f5f6118b8c5bd84ddb1b7c4e283ec2305974a583797ea2512b1ffb600f846a6760e26590349a61c3b082dbea5e5f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\EMMa.exe

Filesize
1.5MB

MD5
425062b434839816a88e43a39f7c6a19

SHA1
ce0dc8d13dc6ba01c953b1a5404753354dcea85a

SHA256
7d1aa1a7861aa59b1857f6f0a916a12be9c14d3ca2b833c159bc6f965d7c46fe

SHA512
7f448b725c8af2f394a36ac022bc661c73e513f1c958cefa8814afa6b5afaaaa04d695599ec09c4d6ee66b269803e31e197a1fbc7473ff941c80dbd5b7772f58

Download Submit
C:\Users\Admin\AppData\Local\Temp\EYAA.exe

Filesize
239KB

MD5
fc30dfc0c8b0d9b73d6d7a009ff61896

SHA1
60830a4fd71810a3371d1388bf0d3c39fa62988f

SHA256
1dc8eeb36ea504e6db9e43dba0d5711aba260548cb1b5f63d64ecb36c5ce4337

SHA512
4e540b83e8ddc9cf7f3267440fa5bcc1451213ccb06ffa51a6e76a6f4b277a463cea3df81e006dcdf4c3e389f9b5bf8ef1d4ff02f5ea9eb82c7a9eea3bebe54c

Download Submit
C:\Users\Admin\AppData\Local\Temp\EkAw.exe

Filesize
939KB

MD5
5e6c53bd0260f119917a29b8ba1a99aa

SHA1
2f2a568a82f92c9cd824a365de8cf355c1b3a90d

SHA256
2502661ef33b78d6c321e043bc0d1b32122f05d569fca3d7c1f6180bd1f2927b

SHA512
504a4481088295d63da92f53b7b1634e7b868cdedd03258a35be5f875c7e36cfd2f211e2a0489aeae187ef22bde3d0a54616e4e1b39a1088a45c6c9fddd24ca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\FMQgkEYg.bat

Filesize
4B

MD5
820d468831b6f6c540f4c16e83ac6c36

SHA1
c699e53af31f3e799f60d69a2f438a683c63cf31

SHA256
10525914d88bbe5265536b6c6717bda19d6c9b09542c96c1e8febf21b17f30a5

SHA512
0b536f0191110817ec49a3d34e781846ad9610e645f9a87e0d6c26c4a7057a46793843953df10170cb02493cf3cfcbeb272be5a51c8f28dc5a2f508f45b35bb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\GAQS.exe

Filesize
551KB

MD5
e31c71a64b6e7487674000be9bb02b07

SHA1
87f1796e58aab27b4c99a79e6d955bb68cd8404c

SHA256
5550200ab52673191ceb395dfdba36af92ecc8983708beb029f6b88f38576d03

SHA512
e515787bbbb769748e12ffc6aae80ce197c22d047b785b74587a6f90c81d2c50b2b958880170b05267782b4ed7eb83835218d47bfb7de88ce90eeff7c8322817

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUUu.exe

Filesize
353KB

MD5
46a70b0f4552c4efeb8c6a042b71c9be

SHA1
5a30c8d7531aeda7f9d84daa3c29a55cab264032

SHA256
4f8a9eae742258e73dcecbf4387849f2ed27fefc31db6a871f6d92f2f1bcb9ef

SHA512
04fb126d233ca429273d5d631d21e3f7cced7503df26c4254427b57c901ed944a3be0d154ecc11dc5d464b1d7e43e87b50677abe8fce4c8a604f7bc8f5717178

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUgU.exe

Filesize
234KB

MD5
3c44a1765d29a3d29dd0000fd701ad7f

SHA1
8db5154b5bfc8128b18e394b478efbd892171960

SHA256
d2a05ba7fb7894c1195c6a01e24ff742d07c34b5bba15ccad383282dfa7371cc

SHA512
06b6c537ece88c73aab5235732494acdc82e05cca71b88cc097f6c2a56963a6377dceee37dc36a9d41badffc0c7d9a8b8625ca4701d4586e0be4ae03589ad4f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUki.exe

Filesize
247KB

MD5
9b760afb16a09f5d739da5bbd69ea401

SHA1
7959be8d92554657baddbca72b574035f7e5de48

SHA256
7ceffcfb8b4842e4c0f86c6e3e2b1d237f416455e26db046e0572afd9995a8d7

SHA512
ae6cac69a8d0404a969b3859d10b328fbc27e7dbe195bbb126ac91a0382304d9ee61e32e148d58674c11866dd1d8c78304e487fd3b4fa2db2629300a439a1b5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GoIK.exe

Filesize
240KB

MD5
c7e73ed62611b669873c66af5e2dd609

SHA1
d01068d112e3b7d81170587cff5bb3c39a40b511

SHA256
0f0bdb98fd850488af56ed3729c07ce266472d76765a5a1f3158f2b635fe757c

SHA512
971b2a5bb56751cc03a22fd196bb64868f26ddd833d474f06dcebda8d7da4e02d05ef978b344aa5b718a18f529f4d0d93dd1f1db00fba69a43c21f0e04eaae6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GoYC.exe

Filesize
248KB

MD5
acf4527e90864e51b756599166bb13d2

SHA1
c2376b1eda39d8d00674a657232ba6857c86d580

SHA256
b081b3d5f6b9d5e8818e757eda09297eee782bed768f7843d540d76503b58ecf

SHA512
26f2224f2c32ead4465888891442f1a64fb0640a401e974060d125daa31d5b4c6a3b1490f8dee5c6e01aaecc4684be8cd300ca49cdcd6624f579e175f0026bd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\GqYQEwIk.bat

Filesize
4B

MD5
9a453b4686c725aca1f865eeba93a469

SHA1
82b86c4f9519192e8d46a1bec5f886ef7238e67d

SHA256
7b3d00ab9cdf20c51226ec5e7b74467dae4250d20c1b871a5f96dfb380c6ad17

SHA512
d33e16d0e7c2c87dd2c9dafed06cc53dd547e86d1885ed1e0775456c61e85e3ad4d93d53fbe3b7fa1310a1052713a1cfdd01f4a444d4d41ddf959d1eba2f19fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\HCEkwowk.bat

Filesize
4B

MD5
3cec9fcb77eb25ab517885aec73a66cd

SHA1
270cd8c31fc174b8dc3c69344b0cbe746226d35c

SHA256
0034b7fccaccaca467d1a1a9e9671419c9c34e2c4355f3f1b8ca2ed4153d8df4

SHA512
d2d45e1675e4d3f3d294d48ab66afd772150564990c3b07389edca081a6ede18d381d0aa7c0d51df33ccab0542d5f9f6e4ddc79378356efdf7db7ffd2a36db75

Download Submit
C:\Users\Admin\AppData\Local\Temp\IAsAQAAo.bat

Filesize
4B

MD5
c263c4f920c67ba745a83452f5927b33

SHA1
f2bb24101ca50c5d6b2664dae067d5304e752aeb

SHA256
f5c567d09d7554fc207823e095f9817e8529a5458e7572b7f869684cc80aadb6

SHA512
582429ab5249382cba34dbee60d78b8b0c841dd008874ed8e2437b55427939ee04417fec36e6a800aa6fe39f4354dd7ee9470362a27cde1523122967daed96da

Download Submit
C:\Users\Admin\AppData\Local\Temp\IIsa.exe

Filesize
487KB

MD5
ad216cca70a67ed446270d47177d2b15

SHA1
b046d3589e3a1274943626538e84202d65c59655

SHA256
5c93d5255c990598d1f128b46d3356605f0f8a8757adb73f99aaf3aa1e6812ae

SHA512
12d12f8888ec45d4251a73b289cfeba844fe3c225f8aed439afbb4f08b6e955e5cee654419f617328cde09997929b84e3da5b578ef9ddbb4fbea2e8170366270

Download Submit
C:\Users\Admin\AppData\Local\Temp\IYAQ.exe

Filesize
645KB

MD5
3861bf82689e2fc441cabf2d9ad5f526

SHA1
03831eb6ce298dc4ecb166af1c88b77c5627353a

SHA256
1524d3a5f45c6b0e85211960435365aea0fca2801570ef9067bfaefdfaee9a53

SHA512
5c0613d9a7077f5abda95d3a4ab259819a419edf29fd0d75f960a8940888b86dc7fded2611c645e206206709c089a4cee38f8647a4851836315926fca43ceb71

Download Submit
C:\Users\Admin\AppData\Local\Temp\IgUM.exe

Filesize
241KB

MD5
6907a0a1a1804c4c73553449e81a6c59

SHA1
c60ed902dd53a77d4bae96c4f3c6ec24079f85af

SHA256
8968cb3d86967af16af9356bc2038c543cb659cd43527a9ff0af9153cfd6ffff

SHA512
8f4be589a200245f99c121acd18687166fcae8f66068987ce9c65cbeb1fe3a5a5ff5a4a1643227046e7b7b99752456cbc0b800eaf0da00c7484cd53742a29192

Download Submit
C:\Users\Admin\AppData\Local\Temp\ImMYYIYs.bat

Filesize
4B

MD5
ebc8728c3f73c387ac98da65374c1a0d

SHA1
7e891b6021c59b5b5685918a3e65832e9a2a8e34

SHA256
e6bd29d58b30db7a166aeae25300d2a25d931fae34dbee7cec154e192eb9d70a

SHA512
6c69efef498266af0f17bfeeabe09b91087afac1d3a5e4d29d94adb8b2b80b14eb5e5a69d112fd09af7849e8def358b25cfbab3e1a61d001dd0283c202786b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\JQMwgoYs.bat

Filesize
4B

MD5
c9a9f05699a87ec2b1f10385e4711a39

SHA1
6cd8dc66621c2109838ebe39ef4706af9fa36249

SHA256
0eb0ea308565b3592704ead3f361b7baa6f77e18221ce735f1026d6e98da27f2

SHA512
64e7682549e6fb3bd63dda74c5962ecdb5e645567b19b2c82fc237e71a18dc078ce85ca80cb0e338d02d1b007011bfbb659d524bd5425942f1321075ab0a748c

Download Submit
C:\Users\Admin\AppData\Local\Temp\JsQwIkEs.bat

Filesize
4B

MD5
42de3c1c090045182ba82bbc5cf9202d

SHA1
b8ce2972d528d5ae61380bca02bc08f4a21f0f3a

SHA256
6a093b502505d6b6619ab1461f8d6d4c2984751956cc617a846131db04004226

SHA512
f6d6e7fca06adeba5d4de2233711945fcf56d0f0a5de48f75b3c62646d3b256dd3c410bb701ebb871c9901206883086ca0474d73f69ecc003b529a2bcef4ebf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\JuUowMEE.bat

Filesize
4B

MD5
d9c467957392d719f61e33a821c2b92c

SHA1
effde44084df6e44c13739c8bb47a637e365bf7a

SHA256
fa25a9606edb1476a4d1e2f26ee12131c93f71f2933ff1240d1b8f4a09fc8d6a

SHA512
cbdb36cd50a3dd13fc459bb3b02e6e0d2e3b5ab362da3fdcaa31cf171c09f091f5f4a695ee56d7009c09a89ca1c61ebac2c2eb66be32c7581cb1c7c033eb3307

Download Submit
C:\Users\Admin\AppData\Local\Temp\KAkK.exe

Filesize
249KB

MD5
6f7d06ed565b145a7cbf71f385d42798

SHA1
5f411e421c7d641dee528027f102bffb348b220d

SHA256
03d8439bd42da40ece108667e3b7734d12eeedbf6a46275c6be4d06dbc340ead

SHA512
f89b397f767f6df7d11580ecfb667d9586cb5f70883f4e3d99442b2207f04f0256521a9786103859ab156e0f125bf52383236b9c709d05a5b08bf894e37e2496

Download Submit
C:\Users\Admin\AppData\Local\Temp\KEUW.exe

Filesize
251KB

MD5
d7cb558e9d61e49f06c24b7de0cf5fb9

SHA1
83e9923b36c1bb75e141ecb1fe0994d05cdee87a

SHA256
39f34504b0d77161e2dcc985ecb40d22510b751d77de30ba204cc3ce799793db

SHA512
92d58f47edff5311fc7f9f83a9ea1a5be04353d77c1a645a70933d7c041dbad1bf01d1b9f760c041da821812a67e5d2a63e45bf13074bc0ff28290a75bf3963e

Download Submit
C:\Users\Admin\AppData\Local\Temp\KEcq.exe

Filesize
251KB

MD5
a4534a1b309d9cd54b84324c6ad557c8

SHA1
fb45f6b2aa95bceb77adc5375afd6c45647b64c8

SHA256
ccc0165985eae3a5bc0c806187ba77b37ad699f601c9badfc754e41e132c0794

SHA512
68c8e46e084bff041d85866d7b4a370cdab7181df9194d29f102529527be17d7fdc029176eb19184edbb59481a4294bacf124f650792becfaab092735d2dfd29

Download Submit
C:\Users\Admin\AppData\Local\Temp\KQoc.exe

Filesize
232KB

MD5
160f476eb76317bf36589ed944f51c0f

SHA1
6e3b4049e0661d9d24541310c87f86d9e3325d53

SHA256
cffb8d289d1da7be4767550f859fbd37c63cebbf3311fae2cc6e10508007177f

SHA512
b0eca21cf0c7842f129586d516394bc8451e47631da7d7d12db8abbc0918105a79cdfc05978aa8df32106676c890a5ae8be3a4a0673dedf0f426ac13cd253b50

Download Submit
C:\Users\Admin\AppData\Local\Temp\KQwS.exe

Filesize
201KB

MD5
ddadea455d53b830710bd081d6982c24

SHA1
550c12912637cda45b61ccc7aa326ee7ad2fe51a

SHA256
e1fb981d1fb35e3e1494ab2938669197673451e4338e98a0e68788d2b1ecdbdc

SHA512
9dfedc1279afbf0aa15fbc3238bb1905f301caaf6e33ca0793a3633ee412b776a0272b002ddd95b4271499a86fd9e4b8562c8262b52a1ee2c4e6900b7a64e8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\KUga.exe

Filesize
199KB

MD5
37efb798174d70402ceb06330486d5d5

SHA1
ba0ed9515f1cdbf75f79d184163f81d08d55b268

SHA256
b8ccd620d9cb76caeb037a30e1e8ccea5a6d121b046b786f2cd114240a1d3384

SHA512
ee6d21b913768027952370a9b0875d53578ba25d4f9306fb841cf0e591b00e3bef73d0f11f81716469f05024f1e10d02101c0b43bebdb10852c544dd2e74044d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kgsk.exe

Filesize
508KB

MD5
a651996db73c36013b64168c3bd157b4

SHA1
bde529ebbd0f7483ffe1330cc0d1cb0342999e79

SHA256
08f4dac85a471b7647df8fd69fb48bf3dc735f812f31740779aef3905fd46c51

SHA512
c9a63735b012e5c76955ecad52b9abc3f1440cd1bdf1760074c0ed040d9399e1f7b294dd55500e199ffbcd5c095ae140fd07671e44396f103aff0b7e7eb2f53e

Download Submit
C:\Users\Admin\AppData\Local\Temp\KkgG.exe

Filesize
239KB

MD5
47a3e18496227e343069ed689d803c8c

SHA1
0d4b308a7ee4478032a641b587aa63e1d03a9624

SHA256
70a5950e7a9f9664418d5de00038ccfd75c529fa02619587eebc250d1bb45d03

SHA512
3ed3677de2a752b7e4068c184da53f97368d4f3a56c47e0c1cab05d047ed62ff45827fac8c0e54ef16844141545b5cb06c36337f56b254ce8afa07f790e6948e

Download Submit
C:\Users\Admin\AppData\Local\Temp\LkEQAAUI.bat

Filesize
4B

MD5
cc2fa814ccf5796bf43bdcd2ba485894

SHA1
97cbc68bcca59496646e3326ff4bf1536db94b31

SHA256
0ed5fe15309c753339ce35e4af6c193c5e52a021eca65ae8b4767601ef1dcc6b

SHA512
ed408a94fabbbf6f5790d53674c2b4ca59e7fef57e19fb7536917050c2720cb8e6b7e51b01839dbb8f55a613c44a6178ce35040b57f6a78947a01cb0ab38e628

Download Submit
C:\Users\Admin\AppData\Local\Temp\MMIK.exe

Filesize
193KB

MD5
6ce0789d8c50adc55662b33ffbaddfcb

SHA1
301cf317971da295a2822d0c6d4db8198b29f8ad

SHA256
c893ba1540f4ad6c3687df5187d1bf7b301a7a4db8ae977c45d75da1d9f211ac

SHA512
488ffec40114ced05b1b56d5e1de9685e9c7853ddfde196903875269af47c1e776c032276e0c0813f1f5d92fc45ba0f830f3c7204c2c3e01c839bde68b94e648

Download Submit
C:\Users\Admin\AppData\Local\Temp\MUgQ.exe

Filesize
195KB

MD5
9bd3cdee814379cc287ff8c6e374f08f

SHA1
0a1ed4f44800fbecd19b1a550cad499c49991714

SHA256
10504af0f5ed709c3d30577331e609034620c22b4b94957caef92a91080ea805

SHA512
d29cff6c5b1f0474eaa98811343ef7e712599319ca50fcd2285020a95d1cb027db6a0514f72624b00969aabc1c2d084b282987078523c9881615db599bee17ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mocs.exe

Filesize
229KB

MD5
6a40d0eb2a74f725a51c1b1d36cdbe38

SHA1
c6214ed3beb46c9559ba82ee75ae78655e8246c8

SHA256
c35ee0c5a2cca0b2a1a3c0eb377d5c5e39830b7fab6b12f97426705a7f16f9d3

SHA512
40d3dd41efb5b19acad57b7cc40abaa305d206c83e15ee6c14f921dd935f41e9a5433be7f3bd633393bbe2dce1fb249815f0a36962591f3921f89ddf0a641c4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MsEU.exe

Filesize
222KB

MD5
1100ca9e1ee97e6d521ec9535e77c490

SHA1
bcbafb078e8a2e425707557784c1ab670ea1276f

SHA256
049eb20864c723c26002e286ca461cd802c8751286f9805f43723e1602efd325

SHA512
026d064dd8e5015eba7cac3b48f950482ad39b67879468d23e3b8c669d53a5cedd19f7f43f3a1fa288b522080310c26ebca84f98ac58ac29a478abadc2709e20

Download Submit
C:\Users\Admin\AppData\Local\Temp\MsoU.ico

Filesize
4KB

MD5
ac4b56cc5c5e71c3bb226181418fd891

SHA1
e62149df7a7d31a7777cae68822e4d0eaba2199d

SHA256
701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3

SHA512
a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mssm.exe

Filesize
244KB

MD5
01cd1eca8a1a1fbd3dbf1b1c9c6da99e

SHA1
3a74ee16a11fb9d35aab96f98b34248407ca4b96

SHA256
f0e4d799084d32ae7ba00f42e59c9d4a9c69bcce1e1acb7ea512a9b7c871873e

SHA512
5216ab7e497741e6f9477868457103a13a77fb1553b7066ed22053b541017e4c1568f00d043de977ae5194c00c31824fbcba4937cae606b55a7a2406eb26dfdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\NcgEAYQA.bat

Filesize
4B

MD5
924cbbbfd92677a4cbb3a26f7bbfdebf

SHA1
53d06f3f71edf5768bb25e7507122c73a73b10a4

SHA256
8123803238cb2e933da7399982c1d4eecd8518b0cb596bf3d03b79fd5c41651f

SHA512
9b9e1d0efbcb185ed675de4c93c94f2a44407b6875c943d5ecb0ee26e268fcfaddb533a24250d595a8e2c80aa58b47390635b3509055373e94e97946a77dc226

Download Submit
C:\Users\Admin\AppData\Local\Temp\NgkcIgYs.bat

Filesize
4B

MD5
578a005f896e38fc047a4a99c847a24e

SHA1
1073da263700223d05b2b6df7a3d5697500c04c6

SHA256
281565af52f5d1b44f3fe8ba59c5d4cd6f051a225cd7b845a0bf3d618d5cc8f8

SHA512
d3fd5ed5598efa8ce9615b98bc5470851dad8cef562f93a9dfd0e19a5a911c50d7fb0054196280f93d3312af92e1564d08c2e918432071b49e114892aacf6981

Download Submit
C:\Users\Admin\AppData\Local\Temp\NwcMsgEk.bat

Filesize
4B

MD5
56bd6b3136943fded35705b351523158

SHA1
f950fb935d759d4624c801440e076bc99f3d7da7

SHA256
fda4916e22b0a02f6a1d60e4043b8462b2762816351afb019de7ab73b1ed386d

SHA512
d1bc3a7f411a609d35eda08671e7cbb03e07927e70e3b4256ccf2fda637520a87304e139dbe4ae3f3e5e590c0635e023c77b2724aaa725de00ce49adb975d6d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\NygckoYo.bat

Filesize
4B

MD5
881688489a5a5c33c2107438e4b52003

SHA1
95d90ef95cd25c159154cfa2638e37b6161f2b05

SHA256
d88d9a73e8ce1f9db6b0c491ba89fbcddf01d044f06cba163f13dd00396a2ae5

SHA512
077894781e459b555e2214880d59c54d4f37c56ad1ee8889428affd61f9e18e459977e184961b37dc86aa46796f26cd154212e01afc178e78e3c56704fb9ae38

Download Submit
C:\Users\Admin\AppData\Local\Temp\OAMQsIAE.bat

Filesize
4B

MD5
65f88c37a3263f92a95c98b2b7ef4e4c

SHA1
8be963c3065eb51d10fbfedbbbfa10cb66af4049

SHA256
3d1cd3f6df71a922b79fce7c525171c4448b323c81854ff145f7fb578274712a

SHA512
1fa18e6952303ca5ddac217720f0c8c054c94a2d47e9ab90bde321793e46331475f64b3df10dace53a8b1cdc59ff0a5ea8fc41aac4b4592361cd6dc91cf27c67

Download Submit
C:\Users\Admin\AppData\Local\Temp\OQYU.exe

Filesize
743KB

MD5
2f22f16af98e264bdd4d099429605e63

SHA1
5e2764c2299d62aa9d5b97e0e35a21a4706ca2e3

SHA256
dd13a7f4d87cd89565c9d6ae7e97bf691777f7a8fcb2552c16d017cc5974ad64

SHA512
be42e89f246a3a779e89f5f5dea543149d1f3406b024f10617a36d80df41b03e2c9844eddaca40dda504d12d5d07d2e7cbcb1c131513cd343aebbff4081314d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\OQgu.exe

Filesize
245KB

MD5
fdc7eb38cc9e1ad6770a91594dc9061f

SHA1
bbd53ec809e89144d0af8c7c8f4a7aefda4a020e

SHA256
29ef4a9095f4efb828647b4f258968aca3bcfc1670e8ffd4e5ad53113ff657db

SHA512
9e818d164ce5866a270f63cb41ec458107fec8b381899813f08394285ba5de55011032bc7cde0e42211ca0ee12f5847c218f61d8a255bf03f9071f4ba34a079e

Download Submit
C:\Users\Admin\AppData\Local\Temp\OYUw.ico

Filesize
4KB

MD5
68eff758b02205fd81fa05edd176d441

SHA1
f17593c1cdd859301cea25274ebf8e97adf310e2

SHA256
37f472ca606725b24912ab009c20ce5e4d7521fca58c6353a80f4f816ffa17d5

SHA512
d2cbf62540845614cdc2168b9c11637e8ab6eb77e969f8f48735467668af77bc113b8ac08a06d6772081dde342358f7879429f3acc6984554a9b1341f596e03a

Download Submit
C:\Users\Admin\AppData\Local\Temp\OaYAcIQw.bat

Filesize
4B

MD5
9a3aac1002b328eb4b7ac671b1582980

SHA1
4d1ff436f44bd0e3f16ce97eae8364790374ccee

SHA256
3a640bbff3ac3016b7f34e11bc898a2c8d98bafb3a7bc58c92de0b38c71d2103

SHA512
d271ed8b9789e83fee0d53f92f23f705ffc1e65ab5557a296814548980be432319483119ff4dea9aa9c9c4c8f47939fbe25a2ec151081fbd1ed2558dbb447e4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\OcAe.exe

Filesize
192KB

MD5
c559208998058eaf8a983e183f422fc5

SHA1
179a77740d05dcef55cb853fc69f93293171235f

SHA256
0a5973a1206a09a57a62f18a110c276eac2b0ab47fc48adebe59ccb3ac2f8815

SHA512
fe26aeb158772599e9a263a1f46d1fb73764aa586836382f7977aca0407dd0809bbbf3b519741ba395949f066bf9ebd2b83c07f7d9125078f1841322ff06190d

Download Submit
C:\Users\Admin\AppData\Local\Temp\OcUm.ico

Filesize
4KB

MD5
6edd371bd7a23ec01c6a00d53f8723d1

SHA1
7b649ce267a19686d2d07a6c3ee2ca852a549ee6

SHA256
0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7

SHA512
65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Oggy.exe

Filesize
228KB

MD5
db1132f639388fb8177fe9a0efd3d17d

SHA1
888e289c5bad9e97d0c7b42dbdc9a5e52b5ec9e9

SHA256
2a4aa01ae279b86a3974af0c69fbd9cf558cd541e374c1d7784cc2b16638f903

SHA512
6ea698ae50b569b70af267b9327c90911e36aa8cb7b63c36629ae11a4224546eacb48a41b53fdf1e10100bfd14f1b5b51e182f2b79b3f46932e3977cf2153f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\OyAQwMgo.bat

Filesize
4B

MD5
48fdcf87c302fa975b0de67788a4726f

SHA1
264276ae6d4f74c706e68e48bbcb5090dfca7c9a

SHA256
8a97928f5c807bdd32b9b39554653469f28928496e89e7b02f680dfae487283f

SHA512
072a02460c622bd9c13db46ec9ccf5ee65c3440e93bdf1d0fed821019e278366e041f384da671bd4568fa3e8ec3b81cd8b14dba5eefc8a53b885d2737d234892

Download Submit
C:\Users\Admin\AppData\Local\Temp\PAEkQMIY.bat

Filesize
4B

MD5
a970347b3c5a7ee245374b0e6fb9ffb3

SHA1
c38b15770fc1a564019d897a56906a7ef12fabae

SHA256
5b7ea630ee364d85286b635b8d202e3628667d0c53d6c64d000c3497b773e012

SHA512
36bb2d8e1ebac675530c93292ba9cd0b8149443f88912bfba8a397a88e7695cd671c16bfa97df7c721acf2b01871f6ebe4e187894a81de6cd44ea041e0ffd15c

Download Submit
C:\Users\Admin\AppData\Local\Temp\PKcQYQII.bat

Filesize
4B

MD5
0b9aca783aadb1d21c07304d2cff19ca

SHA1
ff1fb5418c8e76e447741c7b7eedf145f5dbcdac

SHA256
d5f02994abe050d855f83d677eedc9cddb2f4fe151604aa619c2f998d1714d4f

SHA512
5338a32b4606cae530783408b56fd0eb937dea24ccab0c9c2ae4dfb9047e9cef5ae2c7bf66bf464216f91ab44e5e93ea2f51483425af9567c30fc4f4cab81fda

Download Submit
C:\Users\Admin\AppData\Local\Temp\PWgocQUs.bat

Filesize
4B

MD5
bebbed4fbfae3777d069e72fd0b8278c

SHA1
d21b01db0aeb67994c15d30de27fb298136f78f9

SHA256
28579161a400c7c5fa7252f2332e69aae857c6d1150e69c72070a6fbf35c0e6a

SHA512
eda9e94c20a8d27f0596f9e8a4fac370824eeb7e1b4833395c2dfa654c171530fde5912bb1eaa4580e199eae718349118cf3290ee6cda9fcd4d567cc96991237

Download Submit
C:\Users\Admin\AppData\Local\Temp\PcwIckgI.bat

Filesize
4B

MD5
1bbda25e8d113dbfed088452f5d17585

SHA1
c9d8891acf596da71a42e8849537a7bd6f39d01b

SHA256
1a02fa5c2ec82f0db3ef6321ea77f54a2b1c55835b4855334b8864aaf9564c9d

SHA512
7be138fd42f8b4b4318caf9624e963cd3fce84143b4dd41bf3d0183c447a2c8bce40a5654d8bb5e4cffebf0eda9279cdc897f1fb55a70787be51bc9bf55d5455

Download Submit
C:\Users\Admin\AppData\Local\Temp\PsIMEMks.bat

Filesize
4B

MD5
a8540914e9942b7bddba7e47441bc3f0

SHA1
2f928d8d67a0a0439af7784055d0218c54afea9f

SHA256
8fbaecf33d23cac1b7a09e875e3c25b0cf7ee8d6fe0119720133813c2899ed12

SHA512
f757c5e39135b4025a040d9ec36709a3303170ed00467e0042fa118d961196c1a807d77f6af16db028512680ff1328e694453f1fac972ab0808ca4a6071e9eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\QAQw.exe

Filesize
609KB

MD5
d3dfc70415f6724e7270475ea920d17a

SHA1
d31ccabc6cba9330f73cbb31d94a72064857cb69

SHA256
17fae2f3b4c1c25b844e2a40a3354d11105f76924df410ff6e1dac62e04a9617

SHA512
e5cdc2eb809b739b9e834574d0bd26dd5092594e5c9bbcd696075bd74d68718b3fafb68b930e8ac082b2d83a6d10c2e58db987957190dee416805c4c54f1fa84

Download Submit
C:\Users\Admin\AppData\Local\Temp\QCccMEEE.bat

Filesize
4B

MD5
776731ba40a63d3c179abbe4e79d3ec9

SHA1
2b4773ef6eaa84e9c0dc858983abbf89c306aa53

SHA256
5fd4dc18a5a388b67d81cc7cdfac0a8a60c2431f834a022c5379169bf215a25c

SHA512
476c5f748ec3fcfe6a241e5bf1106c76cfc6bf4a5ae8616791736bd0eda91c210667a0ba5f8be94f4e438d3469b02553906be9f8e58bb96581b8f0a435352955

Download Submit
C:\Users\Admin\AppData\Local\Temp\QMkYAsII.bat

Filesize
4B

MD5
e1b0c9591fa49b481d114dec40e019bc

SHA1
7bb1cec756f4e7775565ea187c923f34a3756970

SHA256
df9e0a43dbce505015e55489d7583109057e276c0a2aa5fe60f9dd80a9d9af9a

SHA512
cca282956f839ad615be8ffc93bc22c49afaab3e7461f79f7e95d243556e58dfc28f1e1b31c5531820bfc0a5418945da2d4468482b96c0a7f115211c24a16233

Download Submit
C:\Users\Admin\AppData\Local\Temp\QcQm.exe

Filesize
327KB

MD5
708ab1cae5600179c2cf429fe3fe2fd0

SHA1
2763eee3492744a467af7d3fe2bf7e1c3b70af22

SHA256
a495d31b1cccbfbfeeb8c983bc0fb54875a88f8b42d12e87e5119fe1dc339240

SHA512
4c6bd6f066b549eaba3e4dc8ebb355940ea0379216c445ec6d0c5638bdb1fd00bcef44979218e0d5c9d1438fb30410e3719ee693ff5c7d47d6109f179779d434

Download Submit
C:\Users\Admin\AppData\Local\Temp\Qcok.exe

Filesize
189KB

MD5
c36c63572511c7ce42e84d21b61ea29a

SHA1
f653a060f59dc71811722d510ea25a418170689d

SHA256
1dba6df719fa8e658e72f4d2156f996e122b0285fa8fe2ab26542d4cd03b7a66

SHA512
becd23d9ea1fefc3eec377e6b1a2ca787acc4d5e27df135e4021ad020bd5580389e81f8ec0501e9cc73f403b2e05eb6b399e34d6fb825364e2a79b5bfb86746c

Download Submit
C:\Users\Admin\AppData\Local\Temp\QgwMoMUQ.bat

Filesize
4B

MD5
34b24d8d36145419123aaa308bd4a112

SHA1
b48995908e54c80113698a51d99f4ccf348ff1a1

SHA256
5cb86445211ffd947098050e3039cc0e90b4b4f50995827431e657c17a58765b

SHA512
27f41e6a51677d1b6f6d878760491ec06ccf0f47e0687fb6280118c50e5656b0b0e446db45cb4be07d926b7711be7ddbd94f5378d12ddea1ca592bfa08fcdfd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\QkIC.exe

Filesize
422KB

MD5
ad7b203f493351c58057b3d3b763600a

SHA1
3ad2744c7380d50cd11eda36b1c06d4af0c87b4a

SHA256
1c0d99a5160d3c509eb7515d8311f10699597cd40fd4b55062e75b63ee682896

SHA512
916b3968ea08379b8145f5a2232b46439892f3fd30ce4f6da6245806a740b6a6e7a641adaaa27017fdd00893b10b2c328b8409e23c40031333708b3987c0325a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Qkom.exe

Filesize
251KB

MD5
a53bc54942070481ec7f7c399f8532f8

SHA1
cb1e9cdd1af6791ec1604458532a8388926381b9

SHA256
4f2c34c0dd2d6cd64c05effb84a717c151148d1dc3cea004d7b14ad63a7628d5

SHA512
a174fe9530c50a4025a4a6ea9292471009f4e948e12e19a0bcd76abc2b0e03dae8b21edfe9676bf0cdc9cd9e0cebe269d86b6705d1f6cbd951b010f9feda784e

Download Submit
C:\Users\Admin\AppData\Local\Temp\QqgwIEUA.bat

Filesize
4B

MD5
77c1b23dd859a80f9c51bc70bdba50bc

SHA1
7c392ac5ab3aaf24bf4123184655ae80fdcd1f38

SHA256
abffdf9a4e01408e62b0832d5c5a40f8a715ea8526690427bfdbd6e97ad44394

SHA512
51d2263a688384bdb6fbefb093a3614fa1120bec3f4d5e160dcfc4ea4400b2f6ce67c76fb7021a1757c55c9acc2d423e06dc9f82c3844d7b6cbf1566518c54f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RAMkAEcs.bat

Filesize
4B

MD5
0cc4622fc54a3f38fb59b513ea93613f

SHA1
fdf831ea834a35d9feb919a9bcda04d60a7998e3

SHA256
4524723d99969cf5d0cc5da2b3fbfc299c138e24241bda94d990f331c691a8e9

SHA512
9c08019cbc782ce711713f61668fcb43cf1a3c0755d16c0ee976fe67c7cf3f38c2a4a9f8f4223283297ef1db6037c119a5d3fd9cfe532a64d012b6759d5a977e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ROYIoUoQ.bat

Filesize
4B

MD5
48484c6aaad69a961e16e37f9cc1a061

SHA1
dae3f939c00ad35eeb50d0b055c05257943de538

SHA256
7f6ba6d5a46f1027d529198546ae64ddb65e583cc9d799b25121ccba4d3dd052

SHA512
6b1c58542f3ebe2b2c47b0a03e20e304da70c454c24e94aced34a71162557fcd41ffd0e73403a9b659963065b0090cc4201b1db45701d835fb8431f8131ee9f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RmkwUYUM.bat

Filesize
4B

MD5
f7ba10910f9e8e5e621d8d2148195cd0

SHA1
ea4963f54d370e2eef004e7031e9823034af6288

SHA256
775ac4a6aad634d48d0857f45c69d927112f970e47311cdc423d51fd8de2fc0c

SHA512
20b42e999219463d8f5b7fac14f4157d2f998363574de3a29108c36f39d4bcd002caba9d4536aa0ec75f5f041b5ae0e4e2815d44611572251595bc3dcf4210b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\SAgs.exe

Filesize
250KB

MD5
316b084cddba046c2b9c1d9c249e3c46

SHA1
a6e7fbb15a3cead428dc4d9d283fed9eee210079

SHA256
85f8c18993c848abc445d9fb6ce1a6848faf5107305fbbc17d28d1ba1ec6c361

SHA512
ccba26129873e0184418daafd32268e795c26ff41e410b469e6a68a9dfa1af44a6b029b7703899095d42c7a4960abb295f6c94b1423e1061d169748f1dfc974d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SAsq.exe

Filesize
235KB

MD5
369b87cdf0df7177f86eb51c9a40f133

SHA1
51889c36a59c414d315ad8b9bd987089174a4a71

SHA256
d1e312f3785408a56bb2ba3ba22282b54bf404bd69b82ba3cc152d7fdf2e6b0a

SHA512
dd9a78edb9ac8513aa220d018c78be2dc3aaddf8e2031da6eeb2d4b7acdc4f82e0a85ab83930127b164ade4da6db6113a698d21c4e06e4cb03e61de1c01bb53b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SEMAEgUo.bat

Filesize
4B

MD5
6a7b9aebb5e9f27970de13799ad47f6e

SHA1
8ac1e7ee9bd8878830ef28f689185550ee8fec84

SHA256
53985a4f74f06d5c437ed27f93a5b2ea83e189a85bd4ebbb6a3e5709304a8cdd

SHA512
f0d19c9027190ce181f36577f2c4fa58ebcdc327bd801a10ffc58fa8bdfad6e9ec3f0c856c09d356ccf1e7979d8f7c3d019eb2ab1b2a4411054825d7f44a26b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SQIy.exe

Filesize
230KB

MD5
e22c1170a50d9e5bb93f751a80d5a366

SHA1
2a94306c982b7a7e32c37bbd84b6834417e2832f

SHA256
c0a3518d13e4fec9905b683df70bb084f8809c6c495c84a6a54a5b299b0bd035

SHA512
e7ee9a917514ff72e1767f1f7635715b6320a2f4812c00a46c226851edf63abcb059e77888242c2897412dee5f24f8b1cc41bfbba5fbf0dfde2e195fce1d55b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\SYki.exe

Filesize
226KB

MD5
8ea884da493436b3f6aa4ae50921e776

SHA1
fe0a2689559930c2abcade44e4a0865b1789a051

SHA256
2713667dd8586dc917a8ca62c617c16105b25c9ec2ea40f4c208a8f24f577d4b

SHA512
958c4c1b3a8c1677b9d7c3542e756b09feb9a0945fc54ecd63ac20aacb347de1a60cb43392599c3e7c191b9a94291d32faa124a26ffc36ff0c3b09863cb13466

Download Submit
C:\Users\Admin\AppData\Local\Temp\Scga.exe

Filesize
4.1MB

MD5
da3c5e9475427960b47087b6b8b6b7c0

SHA1
79e97de7114dedeee24d1c4d31a26896ddc95ba4

SHA256
d7ce4c9410d6ff96a4d05100a103df95c4167a3463314fc217598cd7b7a304cf

SHA512
3378981baf890466556495eac0a6dd566177cda74b0fa431781464f829b2d75e03eb5793fc3b6d4e4485c5cea3886fb10e815cbdcb5d5b32ccdcbcb773e37fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\SqUAIoEA.bat

Filesize
4B

MD5
82de08f3dea12c2959594f356b14f8dc

SHA1
d2429be6453040c3d171abea5eb2c54562e18b28

SHA256
01544e8808644e0eb6be039e7c6b67ed3f45c22bdc3ec6a2efbd01c20d8fbc17

SHA512
b3108189e2c088bfe5698db0a31b2e1bb4a0b5ff653d861b8e2f4ddbd432ff25e732c26d246f043c198cef99a61a85c83dc2000ef73fe435266c9add76c4c142

Download Submit
C:\Users\Admin\AppData\Local\Temp\TIAAgoQY.bat

Filesize
4B

MD5
4305cea8c12c9b727befd384e99c200b

SHA1
7c7b56d7214f64a01a4f6dbb89891cd7e103f3ee

SHA256
fc6f70f49135faa47c6f8393f4ce6ff1619287efb70cd722995cb0cf7330183a

SHA512
3a1b3e64739f1e18033a94b1f4b1e6d011fd684e9da246fd81b8e11054f4d6f91a41fca54a69dc4328759bbfc81a6a838719bd6e686ae28a489d5549163097ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\TkkAwswY.bat

Filesize
4B

MD5
b4ac6a155c3978c8c46900e83b628245

SHA1
1c09fc3d126bc868e68da079e0eec17d298553e7

SHA256
a68a0ca61645134d500f44630f2e0c7a935140721395731f29b9a4600c88eba0

SHA512
1134def106280e089d82077733c44c61d69848a8bfc61787561d68d0b19248002f70d39757239e7e318b534d0c4a6c2998ede97d083c14d6e5887d7e8bd9a75c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ToIcgwkM.bat

Filesize
4B

MD5
45a8c1421eb36b776102716b582151bc

SHA1
d861b6261c65abf08a1a010931ef1df6266c484a

SHA256
aeb97aa37881d5c0567c372776eb40d7a5ef9de92bb538ca2a1b3c37a1eec81e

SHA512
fa95471afa97e3dd6a4418a93e10432c2eb87ade5ac2ac2539a6fb8531380fc4d4d72dc4b08c50d32ed8bc0983ef8c4b5a6b332242e3eaa378d59226752125ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\TqkMAsMY.bat

Filesize
4B

MD5
8eef52f96ea21453220cc6ee7c2ead3a

SHA1
d445ecdceb08f1d69e0288489beaccbbb395dfb2

SHA256
4845fd93454ba55d4d887accf05544d86c3ee2229a187e1088b8078ce4e6eb7b

SHA512
f657d5936cbda042729c4d032ab9054081189055e96c44e8a8b19af4ceb9346392308b4ad5aa5e1eec19619002aba591b037c5269e9538d761420e495cbab98b

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUoUsksk.bat

Filesize
4B

MD5
aa86542cdc7ed8b9b297f16ce4175649

SHA1
364372f70bfa3c3923eb76d28a968ab10445e6f4

SHA256
4715746529c083ccbd072afef655568329e582853183fb3dd2e6832abf9eb8b1

SHA512
4f8cacbbbe644546db3237b3e06652a3c850f30f697ab2c82434c4bf8dc526b5948fe17c5ded2bc60fcdd3c6d4aaaeada57514330ee84828bc43d6761b6b416a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UYcs.exe

Filesize
212KB

MD5
b7faf8bce59270188a1c7f83342bed8c

SHA1
9a0e5bbd6d5790aefc9d274f3b31ee6314b04c6c

SHA256
529c3f286f643b2460da590f75d2ddd6f6561fa94cd6b0f5daa5e7d8f6794ac9

SHA512
8c5914a093513d4ccf427bc026174e388e6b8a83d400294589316dabcec0f882cd98ae9fd12e6cfb413e522f9fb4d52299e1d6bb5f606b6d6c87f26401090080

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ucgw.exe

Filesize
960KB

MD5
034784cada41941c285a5ac15ec86930

SHA1
7882c8b5f318facaf3e18d18e68fb8d0083a2cb5

SHA256
c918d90484a4964a747d4bc9dbfd76f63bac0c8acba905c1d7ab3afe1adf28b0

SHA512
b32b6e67839574dc8ab27e62f45fa75bb5f5bff19e9650458473268fa598df7040d9e68563dd144373f2fb590d464f64a86cdb035ec7b6bbdc69a48420814eb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Uckc.exe

Filesize
235KB

MD5
e2cbd9cc2e0cf5c97699765ae41e423c

SHA1
2d28bac3b088b0d49610e60bfd3813b1f33b08e4

SHA256
e5b411004e63b70aec6b40c055aae7b43167bc1116c56041ef71e1a32f38856f

SHA512
4601676db2ed8f44d5a02dfff708668427cb7a5686147f261d273cf6854da21afec4c675fe74f55c9d864e47e5867d2f51f27e28e31ed476400c54b8993c4ef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\UoQm.exe

Filesize
249KB

MD5
19e96afe17ff6d15755fe975f7dc9eff

SHA1
e4924382e198d42ecd0c6aa1e65dde81cabc67d3

SHA256
33f59717b27a337e15b34e9c3e94df0ea7ff40ce6f2ee3d7f8be08000d07beb9

SHA512
5c9ae703b8a6fa8bf213b15f5b357ce8508a3528cb6f40847bff653c8a89a44bfddd03f87026941a50c080df59943883bf6b6e83efa923330accd7031245b2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Uska.exe

Filesize
237KB

MD5
cadb62f90a03131205aa87e49c5d637b

SHA1
082ceaeb3ce4b3a1e4892ade76072b42bc55d8ba

SHA256
7a7994aede6c5877102c8787e7395e1283de57e8b415e3d15eff8be6e9710c32

SHA512
f6b708b7fe2e603eea159d45217349b189ac8d17875ee65794c62d8669595ec49b1fa1db5032ca8056c04ce5be24b2272211298d69dbf90b4ca8c79b7df0a7a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\UwYq.exe

Filesize
184KB

MD5
411473e3de9ce3e9d6e36cca28383954

SHA1
f020542b3845d7dec866e486cb4bd1a0fa53e0c9

SHA256
dfaed32fa162d17b8dc2cf798be9f5fd55387e582bd28d83eee718e6047550b1

SHA512
2285707ed234dfa8ec453d0622e2db118d92e14fb51f9b4710e817c8a7b6b7b6df991536e7397447c13b5c46d87737883e38ce848037615d5a924d36f6504bf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\WAIs.exe

Filesize
226KB

MD5
4e405d1fd67c9b3216fd658e0e2db726

SHA1
ac3b49ff471f9de2f8954fabe502bdeb93fc204c

SHA256
1c458ce3a9d1e4a76e1e1111d39f8019788ebae2f7fa3f026f88ec02fda32097

SHA512
c2a3ca419f19d08d63f8e2aa89d3326be0dc1dd2e95fdd08cbc0b02eddd2587b7849b10796d8c54587a1c070a9987e52ba609617d97279165ea57362d549a913

Download Submit
C:\Users\Admin\AppData\Local\Temp\WAsg.exe

Filesize
247KB

MD5
f004cf5e8249865947b2f82e78179c04

SHA1
2bf5f3fabcc3b1b0fb8435c84d3639aee43e8c37

SHA256
81621723d878f7c8719a35a99277f3468071fb3c1e6ce5240bd1948acf85c354

SHA512
585ea18b942c91331e7ba5f1acee0d3012e90de4f7fae47c867da445a061250294936b341d85c38001284fdcdcbd871fa09063ed8eedba8ec273469afc1fb840

Download Submit
C:\Users\Admin\AppData\Local\Temp\WEQwcUsM.bat

Filesize
4B

MD5
03932355ba253ec1149b1b5113c946df

SHA1
c97420e36d355b043be2c58f289e741a010f75a1

SHA256
e4dc604f5d670f5b0b27b8eb4a9eb6dea23259d46ef4c6135627bbf2206607be

SHA512
2881045884b676f948627d31bc181b9e1d93ba46adcf974a330ba2ec10a72802fbca26cfef35568c5a25fd967d12531eb74977810a9c3aaa0c5d10f90345b6d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\WIIy.exe

Filesize
252KB

MD5
fdc66fd3b7c10bb2721c91c74217fe2d

SHA1
62be133a922f74664a7a7cbeb6baa96e236b3624

SHA256
dd0098da3ff80025baa1a27e5a7c3c13d2203b5c0f14eb0e17b5911f2728faab

SHA512
d2ba5ba8e208f6adc5e3a9dd7373e4a5e0afe5bc001e3646c1821ccfe267ea8a6dead65d9dad1efdb6c1c7cbf1230fca02cb9d4b9eb68e9a60cb7364ee3ec8c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\WUIc.exe

Filesize
239KB

MD5
7d426a681f834dd9cf98da6fee21e222

SHA1
a47cde65fa318ef757242c3874021993e3831919

SHA256
1210c9f262c4df10e65cb29d65cbdd1850d58b2fde61f3256a108412286b7f1f

SHA512
5a90f430e42e8891f68a5e099c22234bceb29d4620258862e5dc4cfc8f01ab8fe4813fb8e2251b751d36b3a51f58726fe82c700dc769f76ada78605417a01bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\WYkc.exe

Filesize
226KB

MD5
17bccf632807247393ac2a005b01058c

SHA1
a7d47f3abc5440ae91275b39aa49e75e77a13620

SHA256
750154271ba4df6e415822b3284426a332725537a8e4836b7a96c8be9eb5efa8

SHA512
d5a1f5b3eeb8948104be4ec7f673dad550b326e46a5db81b79245484331bccabd6f74b8025c7578a2efa3935609e9aa9ec12d18fc016d3e318f9a3ce2ff02058

Download Submit
C:\Users\Admin\AppData\Local\Temp\WkMy.exe

Filesize
185KB

MD5
c6a86ea2002324b29adf565ab1b75295

SHA1
b69ed5202468d52309cb6deb457593d50b64aa25

SHA256
404d2b7949f24e9ae71441b536f76e95f822eb42e0213dc5701159ca4038c422

SHA512
4b9efc0a810ac8a0ee3e79c1b46d654cb9cf48b6059e5244de5804d82c5e79efe1290ed240bd137876de1c002b2a62d5bdf8defeaa8bc4c271f23ece553ba30f

Download Submit
C:\Users\Admin\AppData\Local\Temp\WwkY.exe

Filesize
236KB

MD5
c47211cfe84c54f4c6f9580c634810a2

SHA1
3d9ea5cf38612d793c706d900e2fcc7980adae95

SHA256
af05e5ba8a4c36468417ee414044c69540e1461118cc1e868013c68ca6678b76

SHA512
98fb45773efecdc9726b0cbc37c36b2214423668b1ddd169ca02d8223fd07b177d217383aaf495f41565a087826a30e40cb680b1c353522e16392c99d6712ffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\XSwwkcEg.bat

Filesize
4B

MD5
1a75b2111f9a80b2a63ba0b73dafd3da

SHA1
2689784ba456d378363dd74bf79893d39b232aa3

SHA256
cc5ba3d0c2a7fa3164a37d15711b638cddcdbd72d4cb0be600c32eb9e5346791

SHA512
a358b094076c1b2539029266021d2a68062f1bedc90407b3cf01fcc707dba3ea64555a1967d4fd03726ce2be6156b6588ceb733c92e7ba416a3fbb1a22ce56e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\XYEQYkEk.bat

Filesize
4B

MD5
79ba4527a511ffbfdf0c1887eea231b0

SHA1
8426336d364c52226b4d2735d3408bf5e715c08f

SHA256
2a632d714d9fd4ecc5aa21b6a7cf5e5c92625a16ec6cdcb5cb4cdb5a2023b620

SHA512
1221837d3c25a1044c0311327232ba142f9223284f3187bb89dcba2633e25248bac00cf8813410aae2b6781a7ec61d21a7d2dd5e8637a16acc3f12b05f95e59f

Download Submit
C:\Users\Admin\AppData\Local\Temp\XYMIMgUc.bat

Filesize
4B

MD5
3db500768172b84089484b358bc2382e

SHA1
186b533f8d3f9d3a579acad6e490f2eb74577f97

SHA256
8fc40231d048090804507f6886cd375bb8a676214a23d92ab3a1a81b3d139d07

SHA512
251c117407198873b52d368be5cc51fe460435f51f40d4d959e5a62ba4e646baa927c64801684377b634cf7f2a8a13019b1903da73743060b06bef05ce228d6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\XYMkIIUI.bat

Filesize
4B

MD5
074692a66c07119a5b7ec3b25ff11a32

SHA1
677c25ae60a5c248acc1e6111f7c7b06a5cec811

SHA256
d69826eab573eede84ecb831d416ce374a2d0f11a4a521f42ce32fc517119c68

SHA512
321e620bf3a7094690c86e8e9f4b7ae06a67c05d2ae955a0229b53444a6998e4ab209a9cdde02f9891f2b6a5fc53a94baccd64cc2376bd79c764d8acd93b8cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\XeMUgYko.bat

Filesize
4B

MD5
08c450247d2b2071881a3583c4844e1b

SHA1
bf626e1f644187e57aa59c33e92c7a7f95cc0802

SHA256
7d5e59b139f84789033c4de7f579e238a4d6004d346497f0d5ca2f085c136436

SHA512
94b7778a965f246a41412d3cc5813d6d617d4e1ba194a9519b5d538cd1630b17cd93d3aa0ac11c208ee3fd46d2b63d488a90df033d014c267bd63d56fa7b7841

Download Submit
C:\Users\Admin\AppData\Local\Temp\YEQocIAo.bat

Filesize
4B

MD5
000e277b267613bf9c3752635392f353

SHA1
8416bca6a1a3703fdee55aa611178503d70b871b

SHA256
a3058e5096a716da17539628e2b6fbd9cca1c4561eca276b36de2314c74e6e34

SHA512
11b630266ab71cf7ba75de48e6c34ffbf324fc8f2f8079431aabdd04a7c8893d30bf88a8c037d6c76097edef3b29b815809082bd58573dd61a1d1d11d093ba37

Download Submit
C:\Users\Admin\AppData\Local\Temp\YEgq.exe

Filesize
193KB

MD5
c79f8ba5153bb53a9e818eb8fd823982

SHA1
ff7dc034f5d0c189bca667ec989a50e44de9b235

SHA256
1758060bd7b9bdc9916f8f805a54a929971126518e0881425618d02c6b12a87f

SHA512
cf18a19c47e42222b15ccde9049c7b5581ea0e5172721b6cfef467926571b1257b8ed693f84973faeaaa819cdcc17b5bec3237f5c679104d1f286235b3c58b40

Download Submit
C:\Users\Admin\AppData\Local\Temp\YEkU.exe

Filesize
183KB

MD5
a11158a28bfb39ee5d1a557842f09932

SHA1
4aed122121fca39a00cdf5864d13650de5f6522e

SHA256
61dfc992340a23254b218e0262da6e102e0640941886d0e0d39c1c681d6db8e9

SHA512
c6a9879e42f7fece8f6617bd273e6e6e5e7fa3d18dbff32f74e8a3162b07be2e2a5b921a341682d2389fb7d66b66bce87be054a948186871e21afb99bf2ff80a

Download Submit
C:\Users\Admin\AppData\Local\Temp\YIkQ.exe

Filesize
238KB

MD5
ec36bfd6bc8ee0c34bee0e293a542596

SHA1
10a020b24e5c32a64e4c0506d1af0c1a347f790c

SHA256
1c789b3517ef75dc2aa45a46f6139c8bbf150405719367b3a5f1aba84ee02f4f

SHA512
1bbcf9db03f040822b8e13ff3f40b8aea38013de8697f4fa55ed2d0bcdcad8d894b87dbec9682afb22d82e4d32898a7351ee385aa1db28456e8df3bdc43f7df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\YOIcQIcQ.bat

Filesize
4B

MD5
b1d46586355378d68be5cedad1c08a47

SHA1
20e76fe31141b5722c284c3ff2fc21ea2cf3c2b5

SHA256
6888df1c5df81dd4bd7d859c3f84936506a2c69fdae90da023af4d3a423ec5b6

SHA512
9d5dd99f4618dc1cc0ba7708d9e2ea2aec13ab82a3e39ede2a919d62bba1d1b52ed221a1d297399453a12a9f28516949fd50bdbb00a9fb6b50880514181c41e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\YYEgcocg.bat

Filesize
4B

MD5
5f7d1ce2163fdd05259149eb545c5d59

SHA1
fe494fdca112159bf06da7fbb3dd659eaaf23cab

SHA256
df8714acb9934dfe2191af0e9927e2db21ada455184b8c562580b78099d63720

SHA512
660e0061f18babde9ec12ff0c34cddc381a7df634a34f68c386810e1f3cfab0ece49353dbc86b14f7122dad5422b20bc3f4e97592b58860d4d86738c8a3d1c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\YYQI.exe

Filesize
241KB

MD5
1dc0794d3d97986d67c51ae9bb4be9c4

SHA1
2185105651ccf4c1a9162ff1db5bf88642bc6f4c

SHA256
891e219e918e4012e53b81c49c7f081d4ddf3e40f4f77ef028a4946b48a73847

SHA512
1c462e3d3201dcb52c5d01f2fa2490543ce4d81d579027b21548792417e2f187e3e50b54f90e7e6f87cc2ac9ecc79870bde744891bfaf30c1aadef4126db4434

Download Submit
C:\Users\Admin\AppData\Local\Temp\YYkA.exe

Filesize
220KB

MD5
5b91ebf8372e9c7ffd0d168f6d84950b

SHA1
f283456243ec40e21cb8ba9d94095d603951ef1c

SHA256
1122d5d04ca63e0fc239a0394a229d274d28d6b8a5619a38128fb80d69789dfd

SHA512
799abb0c69744d20a250a5d58062a94f05457b07466f1e7b4b43b05fcc489b4f1ceeb3cfa8a67097b9fc937429978e1a1a2ce2ec86cb28da7914a4d1c66c94ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\YkEY.ico

Filesize
4KB

MD5
f461866875e8a7fc5c0e5bcdb48c67f6

SHA1
c6831938e249f1edaa968321f00141e6d791ca56

SHA256
0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7

SHA512
d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\YkEgUEEc.bat

Filesize
4B

MD5
7e5f5b30f8e4b375172b88d4b25cb641

SHA1
4d887cb6f33b8a5f2b42ae2ede68731bdb8bea99

SHA256
a5f2ded88692781c03a343c82f662409ef95e84a6b5b7c64e73623bf2357bb91

SHA512
292522d90e02a6be120cc62242b4e997198b80df5521bc2eb236f79e55a08cad00c73affabe1a319b0e5896dd6769c1fb4fc5f94c04f2602bb4be0cfa2f98d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ykki.exe

Filesize
1.2MB

MD5
98f3884ed2acc33d9be4262038ff27f4

SHA1
2370dfa28ad9b75e7c33388b926f098b66e2c2d3

SHA256
6a28c93a900ed4ebc928dadb9c008d65e27343b3ef0741d0b06e76fa5f0a6ef4

SHA512
c35dacefde0fb12ac68bd3884fddb01eb8f2adddd2fde7d592fb2ca83b76af75294969ca09dda459fd14593865ba6da481c02e095f54ca3b3953122deaadc2a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\YoAS.exe

Filesize
247KB

MD5
2b257a622119b436999d3f68939f5854

SHA1
cf8f6e232a54a229b75b7551cf786b4c228c2fee

SHA256
c1afb1186f82a9b07d44be58dbb91ccbcae15bdb3c991742a0d54df40acbc6cf

SHA512
2c86c539ca0faaf214ae31a9e3392ba92aa45497dccb55f8bb0ce17decc66d66412685f90a0e656a0a21eeebed30d86c3188d0895180bc1ca93c2ba65fc81497

Download Submit
C:\Users\Admin\AppData\Local\Temp\YsYK.exe

Filesize
244KB

MD5
a00291021f7a606861a53a6153e0c34b

SHA1
a55df5ee04f8477ef2a6f5c95cfb466a021c76e1

SHA256
5a2032b7d6cf10812f3feb6fe3afcd23251213c8d0955de7344b02af528e4dfa

SHA512
9af9a480b195ed91151ffe24e70b41b19a93dec99e104dbafcf2899052ac436ac33f111c570321d59f7f5ac006ef5fd04fb09b8fdbd5ca492ccff83aed7b3e94

Download Submit
C:\Users\Admin\AppData\Local\Temp\YuEgocwY.bat

Filesize
4B

MD5
28ee01101319e3383f060f4eb833073b

SHA1
b300281858b48216ed29814755140d90bf0846bc

SHA256
7ada81ac9e40f423f773707375f037169727cb92111dc8571122d1cb7d8c5f69

SHA512
60284caffdd3fcd6f964157c29a33563ab2bb679b34aed18a9e6f279a452f1ba71b492757dbf8e99574aabeb279d365e0f481903a23568158ce4d10419925264

Download Submit
C:\Users\Admin\AppData\Local\Temp\YwossgAo.bat

Filesize
4B

MD5
e0b28753ea286eba06d3a6b5e59d055a

SHA1
e8e169c465f78484d578e15dd001af57a009ed62

SHA256
2953cbd2965f90ccf4b58bffe0715d86c8a6d2633f810e6c0b64e28ed3444d00

SHA512
0e354f4e52c641a6c93eb59baa5dbf34a9aba22daaba2bf76db27fddf51a1b99205e0e333287e47ca3a3d2d4dcee7c39ee94578e9d60543f650f5d3541f9f779

Download Submit
C:\Users\Admin\AppData\Local\Temp\YyMUIooQ.bat

Filesize
4B

MD5
2a77acb1c29e8241c5be291e1d5e4b04

SHA1
9a71617ca0fa25a5d76f6f7d49d1d0d2012bef0e

SHA256
2b3bac653ee14a5b808569ffbe4a65f80dd8270ba9f0e9b231b711203351feec

SHA512
e1a9fef6d23eadf034b5855df18a840a5759c7eae3648a0540ffa6011c20bcc7b037110f9025f0d7b044c686fda7e67ef3a3c5a0761dfa1b747f104ce8f1602e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZGgIEgoo.bat

Filesize
4B

MD5
977904fae548d4f7f2a6bfccc9477c05

SHA1
79c1cfed28e7de4c2c095eaf8287cb16629f85b2

SHA256
19005cfc84e943e08c8e6adc8e20c6cf1046e71e71bf65d5c43632263f7f6255

SHA512
0e7c676b7787c9354489e1bdaa3a9d88e313903ed6ff577af02496dfce7a9e2544382b3e636c5d94528327ecb44ec7c74179ba3cc5c325b70971f72a5c67034d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZIIowEko.bat

Filesize
4B

MD5
f229a4212691c662b6d5d3014acf022a

SHA1
04d61d32c2b9c4aa5d8c7f0dbd0bcdf8a52d2769

SHA256
41772819cb95a87cc7f4a960123d016a5b22fe6200b321293032c64739f709bc

SHA512
11a0e8f68fe6b576db4ae05d49db56d951c0a39b57f48295787bd60390b90197c22df69a36a7b1586808d2209c0544239faf981f83ba7e1557377ac49bf7f1e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZikEAQII.bat

Filesize
4B

MD5
cc1af1ab31107c6ddc54908b169e18fd

SHA1
292b2140e77b6e86db4c7f770a69b41117d929e6

SHA256
75b6ceee290064166a7c553f9ea3ec61deee124767d43c6f18813b5b8eedbf81

SHA512
7dfc1790ac943864be375ca115965507f7a49c7dbecdbc3990508bd6df8d2e11bfc3b0870b22de7db70053c715409d256052d939e83d43879c2a58385c595a2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZmwcAYko.bat

Filesize
4B

MD5
96ff09c0c326116399c6bf6b67353fad

SHA1
936d0bac0bec5ca2cce34d378b00de7704444f82

SHA256
e5a0749163c7d6b8abe15caf1f1f4a79c3151e09d74a0c5d7f1c00b59380c008

SHA512
3dda047ceb64948e3c8c6ea375b29b6eeb4df8bd7b39e2dd09bcebdce1049a93fcbaf5ab265d7e1cb729fb8056dbf9bdad2d44c9a22daf2915e672bc47f57b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZqAIIwkY.bat

Filesize
4B

MD5
66bc5f8967da788a29685efc2c8d3e6a

SHA1
f30250c0ec2706c51ed6ed596334c23723084816

SHA256
9de5733637fee2a6e03dd0dc7a8fbc1ba7f9a8d0cd6736d927c96cb88a3631ee

SHA512
032d63b52a1921660c104751a765b88e1ab50e4ffab689b062114390cad3f3d543dc7717570092b9c4e346e109b466d6bd9586045e09df4cfc0940dfd43164f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZyQEMosI.bat

Filesize
4B

MD5
51637fdfed1713569000b84c3036c013

SHA1
87cd7c65d151e68b44faa18a0c9f6dc0b75a6ef8

SHA256
b31f71933d298fb6c066becf370bb09e665455b17d88b7852081c1a62463c694

SHA512
d50c249ef1e6b8c10ee04b29a9c91c75ee14f3152218bdcd371f6ebe4dc5a1d821940d605a282a2eaa8119101a79010431bfd267b63ccb55ad6e753848a8c85d

Download Submit
C:\Users\Admin\AppData\Local\Temp\aAQq.exe

Filesize
773KB

MD5
e16a06a448256444208e6076c40ca2f9

SHA1
0e5579e122c8ee839f75df89852f8b6fb6220849

SHA256
60c861962ba8502283602a5648adb815576353411598273c68a045133dd02741

SHA512
a1adf801ac43c10ba9e1b6181dabf651e7f4d18e4913837797ab6dde57ef5b9a2692bf2a23dc9879362717907d3f7844660fb967e149572f6418fb5862294e0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\aQYa.exe

Filesize
188KB

MD5
1dc3862912020510b3ae6714d6b86012

SHA1
14f9092c54581a152180a6f5b151850a461b1f7c

SHA256
11244949da2a6506b35f3140afd7a249cbb84d15086c388bf2d2f72f42c3ab7c

SHA512
4c97a7c704376a83e52b13cdb2104c59ae8e760eca35a73cfcdddf5985f1c9b73937a27c118ebe5eeb1f248db0b92ff82b7d1ea4087942244c955d403962e216

Download Submit
C:\Users\Admin\AppData\Local\Temp\aYQG.exe

Filesize
207KB

MD5
bf8851448b15a84e801f8bf9ca0039a7

SHA1
8653d220e5e0fe57d39055928bf7bcb8577a7b11

SHA256
9a219541f73734606b55b2c09c899026eb466172b364ef388329aec9a1ec54dd

SHA512
2ad3afaa06c3a040a3c49714ab38a1871040edbcae3485c2148c33c34cbb4603a663bbd1b537917f6da1330fe87714a561621636507ac0f41980731b5cfadd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\aYYi.exe

Filesize
243KB

MD5
c2a866f6536bff5db584a0d9cc4d6e9d

SHA1
913f2a388069b560f8224bcefed3b55377a3cf69

SHA256
1019726c01033e74bf2bb7eb261c96bd374b918ae51e7e6888dd6b9161c06b2d

SHA512
9fdc6daed0bb9523d235343ce54654b7ccab35e9490a2f949893ad91f33398019fe1cdf1af8328f550127781d618f11871725fcb9aacadeb1e9d174b708f3d03

Download Submit
C:\Users\Admin\AppData\Local\Temp\akMI.exe

Filesize
248KB

MD5
9a1e10c6475d68dd82228318b7f3f0dd

SHA1
8733a044be98ec7c4445cbd498ac50d716b881e0

SHA256
ad4d565554bb1b13465d8d36a7b5155a7114849e264cdff1d9d46091e5c3d67d

SHA512
fa8070ae333d05c3f478e72d26834d9b2c8f1d1c9a528df6a013580fd3facbd313ca9244cf39f50ba507cab21d33c913e1be72c5672566fd5b14ca3c35225ab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\awIU.exe

Filesize
181KB

MD5
72d648ac46a4bd86c330c1ab58c9655e

SHA1
d735a40ea30e8d6a2195d10350a0efbec5632f4b

SHA256
5b65c9871c29ad7b2661c4605f3f5c6c54cfa5c5746e000d9a2d9c2632a58e40

SHA512
dd55c76c420d38c9a1df43141871433b0e276e081232d354fa14ed1f5e4f88ad82c780235846032d784d03b8443b0f2a8e99e66f8454c2ae7c11b63ee47074b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bmMksEwg.bat

Filesize
4B

MD5
f7d3ff6e864ffb1f96a4b06f2c1787fb

SHA1
6ad2e8dbbd4d39874240f1809883bf8f0f08ee8a

SHA256
46f6a2a6a9814dc59d7f887af9009ec0a552fc8552d963f3df665c29751bf1b8

SHA512
9fc0159c2786ba6fad78fff8a6b5b9808514672aa6424603e902fb397e9ba637113f5c42e31b59e528f00280cd29c1462c7b37028845049349696fc2ce5f5a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\byUEUocs.bat

Filesize
4B

MD5
7593a144b63ad899c6b2b893ce8c6eaa

SHA1
d736a0a7106e1aa678f488a4f5f8914dc408683b

SHA256
1c8a87ff58035426e2051a401f8bae828d14488d1978d78f327316ab4612aaec

SHA512
8eee51427fb7982892c0dfdd62be6bc17d5a4ad4ad180414de09862d0eebf68044704f9838db24f58d5b24fc974cca774ea48a103fe51fb82fdfb19d6bf712ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cIMIsAgg.bat

Filesize
4B

MD5
ddc2d698eb634b74ccadf852d1e6897e

SHA1
fcc4167fb9e4f3f60af50b63840f8a5be53c0c38

SHA256
c403778ad313e10fe7f6fd10e10627e51c57bda05910337d2ebc5eb353483dba

SHA512
17f0a1f30122f0d434a85ccfdcb561b2c2f0f3dab15479e1fb191d8f834000ead5efc15a6c75597f0d62c1487609e36083780b777ac0c91c0fdcf60f974ed7fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cQMW.exe

Filesize
213KB

MD5
5091aabc2495e0e721f5f29d3463bf32

SHA1
0a4f79caca060dfbcab93ed922d4da54f465c66f

SHA256
6b26871505f16a42e70662126877f4e7dc3e0427e828e894ea7a3ac000ac62d2

SHA512
27e2471cf6a02c6934dff766a4f96c2b603ef6aee93d408bf9c942b725dbd85f7499f937ce42493ecf17266fdb84884ceb03899e4ce3648b93d908613fa91bf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cUoe.exe

Filesize
656KB

MD5
3392c393f0dc424d90e5583d042e7aed

SHA1
f8bea64cec5aa8cb5e53f7e208e2bb69f925c420

SHA256
66aaaf01c235157283ab0b5611658eacdcd76bfa384a7ef80b76e38e3818a7bd

SHA512
39d0bf4846a2e766e8b16d2557449a6e6d173138040212cf89c19fceb820117ed87a2b4057365610a96382c6aea695526f7ef84dd0b9f3058a487990cc68875b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cYcYskYE.bat

Filesize
4B

MD5
51716c1b682fea82f95c5f4cf8c22ff7

SHA1
1d9f99fd414fcc163a14cae2707e30777ccb6b5c

SHA256
310229f1a6b57a41e7bc0ef33b35f018c8bc7506d2f27b301a341d55ae22e087

SHA512
0b38a596abfd6de8f55247ac4a5fd574d58262158262151156b967b55616c0e610551d0519ab5dd4a9e3dd6545c8ae6072dd796f9762d2d1fdc847064b60ff22

Download Submit
C:\Users\Admin\AppData\Local\Temp\cgEW.exe

Filesize
249KB

MD5
d6631dccdb7576f6c0ee6bf6032531c7

SHA1
75894dac38d6a8b1bb5f7ba8cc332a7b3f5128f6

SHA256
d73456ebd0930c07e37df0a1d71b51968c89e08d3808f7d0468458278c1dfb3e

SHA512
65e77a6d70bead166d4a3eb6a1f5b70d3e98a636b8c99514b2165b444f2a93fb6fe6c742160e156564ac7df6f848a46b8fc9d1dc2956f51b8b9ac23f825319be

Download Submit
C:\Users\Admin\AppData\Local\Temp\cgMi.exe

Filesize
239KB

MD5
9245eaf5c5096fe4cb9c43f34e2e0fe9

SHA1
7049f8d8b9991ddb67ad1e53c2a9379cd2d71fc3

SHA256
5d81666bdd18b8e5b4c29d3fca7142abe48bbfd48fb6ae16a2b9c3618e6fed8d

SHA512
4883e18d550efb4df80fb8a875891c040b3463a2a2d3c45eb896167862e42551be71231f71f848183ddfce58b943aa56e421b286eec5b812a34467b40b7c6b18

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckgq.exe

Filesize
232KB

MD5
ac6e54b0f1bf88278ddef216c97a2572

SHA1
f07cb819ce71913ccb7168f2152096b246a27429

SHA256
75d2215cb1802a8ad6e9a153b12d13a61597eb4c97b5fed88b824f365e62b802

SHA512
87289f61fc7f62c5c2bab757fd6684730de342c39a86d0f8b5fd2991d1994e37064e66e3869cbfc65570c04fdd8fc81ac7976e6afad5e3403127a079751efcc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\coMi.exe

Filesize
743KB

MD5
ca376ea2b8bc3b2bf83a83eaa67f14b7

SHA1
5741be7dba443ed3527da44146ad680edc18029d

SHA256
1b400d3812da7ef88f3c40632809e03c5057d93005cfba634002d0cb66a22d4f

SHA512
e0ca4cda7f8e431ebd55c60779557651fd49e5cbf6a4eddf5303c94597caeff9a7a28cd26baf36ca97a209b7882dfc3d7fedbcd9c50ca64feff97b1d37b3a0cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\dCEAEkII.bat

Filesize
4B

MD5
9988abc52f9e893ec50654fde6976b57

SHA1
cecaa987e0e723d964df4f51350ed5bb50041c18

SHA256
28b95497ce12351c68576c590a425cda6c6c79664bd31b6d14f5413c46601af1

SHA512
969c8dd97b52b137a67ddaa2c71e41de83b65ff195090353b7b0e12c2a42b3d4eaba40b353c6878455b09be3653538cf20569ba2bafcc95adc74e584affd9a80

Download Submit
C:\Users\Admin\AppData\Local\Temp\dKEEUEEM.bat

Filesize
4B

MD5
9dac36a427db417d42287ae88e8038a4

SHA1
a1c959de56361466548d8b89f41643067f6c3c5f

SHA256
7ce79dff7176a8d071d622430e9cc16da23acd18c4928e8db83bdf6641ed4acc

SHA512
fe6bf44cc65138fc1af9120f5a72cc08cbb0329b08f15638d65cd7a57c5515e6f6e409c542bf10801ddb0eb4cc7577385ba6ba8d23f659a75d5ce4653e2a1d71

Download Submit
C:\Users\Admin\AppData\Local\Temp\dUskYgEs.bat

Filesize
112B

MD5
bae1095f340720d965898063fede1273

SHA1
455d8a81818a7e82b1490c949b32fa7ff98d5210

SHA256
ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a

SHA512
4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

Download Submit
C:\Users\Admin\AppData\Local\Temp\dmwcoEoo.bat

Filesize
4B

MD5
eb2be1b1e01a583f45c3e30dd75aac93

SHA1
ee4ed9a7cfb1077ff8e9e6828ff531fea4c0d242

SHA256
f978b67bc916243f4a073342865f02c9f39c45dc497b13e46cc990d7ea5d4850

SHA512
a78ceeb12a604c13121bc0218d9ecaaac56525c50b9a17cf2116905a7c70450e6ea70287e5dee066906eb6ec9139a924507b55be866f50b77ee284c879a60754

Download Submit
C:\Users\Admin\AppData\Local\Temp\dooYsAcA.bat

Filesize
4B

MD5
ee78ce1e8faff8c69ef06a2773d9f611

SHA1
62d7fc24af5692ce74075db773ab89945b38dd8d

SHA256
39e123c885f9bd4802b7318985059016377e5729832b69ce1867747b4866e622

SHA512
cfc2857f6ab48ee79433ed08405ba1e872c8fd29dfdc13c3a53b75b2b08be2a4aa8431334dda18f2b00cc749e49ef1e1b2b73973fb346b66cb4c13b763bf510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\dycggAIM.bat

Filesize
4B

MD5
3d811d6548cf3f52c15b6f985f3613c5

SHA1
6a0a55fb9c7f93cb5f377095aabd3db71f7b5633

SHA256
81454d9751500e806d5dd79f17304fad4c10f666594fecf1283b5fe5adb4b634

SHA512
eea856d13bbf37ebc3f711e40f1cccaf51ceee616051507ae8d613e28e97c11fda9c3068bced3c901bac197e5e2e05f4066e84f51a248346b572aed8659e1855

Download Submit
C:\Users\Admin\AppData\Local\Temp\eAIIssIg.bat

Filesize
4B

MD5
e4afefabc9c73cc825b2c900b879f490

SHA1
474026d892d69aeb7e449b5a17abb4c04ad57e57

SHA256
30d2500abc6b88f1029269ed92978f0d318ebb92822ae0f244f13ebdaea110fe

SHA512
2f75cf3a1243a3b7a004c95a918625a869588bc136eb44e32b710f0cd3cde2d5c21d778bb676a4db38e0788885d00c7129eb73154de51f93891e0dd40630baf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\eAoE.exe

Filesize
1022KB

MD5
1e77787c2095e54bcb2a209128787b7a

SHA1
ac6370f9efc20a5491938866f091a5f66ff9d5de

SHA256
f4f586d0a24c4efe2bd4358a8e761fd628aa513071bd622d52f7c84eec01ea73

SHA512
0c8d549ee7e805fd016ac1e2e993391ccb38fce594d686c1988744990a7349c92d8f62b5a81a7de718ced19738139d08e6417c8d9dff0c89ed49f432063713bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\eCsUIYgA.bat

Filesize
4B

MD5
8cda52a79d9a59d22d42716837ba884c

SHA1
36329fa59824ebe14e1958aefd3481dd0bef373e

SHA256
2724b6b619ea6a00fb02f730cc4586949a42f3805b879969fa528a8f775bb5fc

SHA512
9503b6d385939c657a6ca2fdda0fa43f61c504ea61797b777934b976bbf4f00c7dc25eb0428bdd59048de34bd85944d13043c5ea59a138fbc4055aa0a731513c

Download Submit
C:\Users\Admin\AppData\Local\Temp\eIEA.exe

Filesize
4.8MB

MD5
05d45c81455b527a36f8055be2b02845

SHA1
5254367f9182b36360c140cb23b0c477e64afbc1

SHA256
1a7960584daa4f7a4dcd09a5bf87e49e8521871033c361a8116fb70b62169e29

SHA512
8162de91da7821b5d09461aca02bb9f12b1cda1d13b61995bc207a42bd39eddf1889cc26eab9794b4733395c2f2f6e7bdb0b945968f37ecfd5d7554cf9c9556b

Download Submit
C:\Users\Admin\AppData\Local\Temp\eQEi.exe

Filesize
241KB

MD5
75d2cd0a29fb0713c947101676567496

SHA1
4f4f1f79c487da9f8c913e611b1eb53312cbb8d9

SHA256
d78b48684345b6ac19f03ca9d44288dc8f65b9d175544dc73764688d417a1672

SHA512
5a65bc2d6318a3060e152773b969284ab2fe9e1397b1d75c9767a569dd9515a9ec37fefe0fbd71e423e2fe4ef01a00bb80e5087becc6ae549e369b6db29f06fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\eYEk.exe

Filesize
209KB

MD5
990134637b14d43701fbdc35bc21712d

SHA1
c14aeb6bb97f1c3da359c578b3f2d019c2865b86

SHA256
d4e77449e1663a59e9c621a15aed51e068834d6b131c8f111ef7c02dcf5c724e

SHA512
667334d783ee7d8195e362feec12efb1bbf21fdbf87a2a3a5e236be2fe088e0e1b7b9edf89af25a10dd81519f0408c5ae51d0f4d92e8bccd6ff13e3d92d72ed5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ecIkYwgQ.bat

Filesize
4B

MD5
a5c3fc8b199c88b07aae32077f8116d0

SHA1
4954d567a104a0fc6b6adb08590546b5b9dd1926

SHA256
b17343810f97eb9459c40e8813cec4a4d1edc8b612f3135220597cf36f3a439d

SHA512
5f08ac1db2acf5eaf522bc3fb4774fd98c5addf8eb78c2101871aa409a0cd6661d077b662d47b26458f8acfbb80423056119a80dbcaf2e2a7755eda32520d27d

Download Submit
C:\Users\Admin\AppData\Local\Temp\eyIYYQgA.bat

Filesize
4B

MD5
3d7358275d2fbc4c969687480a899a8e

SHA1
a0fe9ad9255fbdd242aeb03b8c4d8b265c64eddb

SHA256
77d0301b5d89da62244af0c3ee21220e79a32e6cfebd8707ea4d3b9a3530945d

SHA512
bf7484b9f3285eca89e28084e07cd8e1c10b44e3a5181148c4ee5ec45d86af86838720c3b4074e093cebedba5f0b932418e657315acf7c87017026c1f3be1eed

Download Submit
C:\Users\Admin\AppData\Local\Temp\fUccMssQ.bat

Filesize
4B

MD5
2247669ff1d2ad1023304f1f1102df1c

SHA1
4a4e4c8209a28db6cf7bcef6dfe6aac12d5435de

SHA256
004c031b9c4418237d227b7f89da11191714a3f78d14833ef7869461c7f2925e

SHA512
f9b7dec4e4820c31ec9d4aa23d3254b366a4729cf0c0182d429929a7d0daf7534933bf88719e83b67f2ac68f7c2fb3c02162568441d7e1ff0f352247af53bfa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.vbs

Filesize
19B

MD5
4afb5c4527091738faf9cd4addf9d34e

SHA1
170ba9d866894c1b109b62649b1893eb90350459

SHA256
59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc

SHA512
16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\fwUEwMgE.bat

Filesize
4B

MD5
e5cbcce6df427e607b384517e868e68f

SHA1
f57a9034dd648f6fa24c25ae87586ed05b988ee0

SHA256
dcc531526cb52cdc6b8ea5509935f8c218af261923647106b507e3342eaaa4c4

SHA512
17a06b168c418744ca32a90be330bb16d848e3f53045aa08fbea0e8ca5d7c6ddc9c6e0ea66f9b0b5b12fe78a3fbd90d02df3d69e7d7b58accc19c1204840593f

Download Submit
C:\Users\Admin\AppData\Local\Temp\gEUy.exe

Filesize
644KB

MD5
aa49b6164dac6959c1f2047039643801

SHA1
320978a5bcdb46aabe3f80388f3a3af638c94d24

SHA256
3aa6e75acae7d15bfedac9a4991236724876f7324451a3ed6e1e09f01976400b

SHA512
b076948022bb5496cc3d5788fb8e0298a283e4890838b4ffe5ed54cd635c661910020fb93c3f97d51bc721ea8d095c594432ea0cdd22658f7023715eec88d506

Download Submit
C:\Users\Admin\AppData\Local\Temp\gIMk.exe

Filesize
228KB

MD5
4d8dc7943ceecfdaccf5c03056a6acec

SHA1
ad6614456fe1caeac540915cf590a76a05b98852

SHA256
df4efc8cba93b95f41fae3c402604d38bc22339018536b3b000b1afb18bcd48e

SHA512
df5d4b10086e3cc5938f1d9047fa1533f0fae6e196dbf0e777319f2418071c401ab966264bcea1473b5748f99b37cf2dac68850ef8d5a3b8430909b99759337d

Download Submit
C:\Users\Admin\AppData\Local\Temp\gSsIMMIY.bat

Filesize
4B

MD5
e2e16b25615091a85e637664b49123c3

SHA1
cba5f591e96cbcbbe77b2c646855e607286183cd

SHA256
5b86461ac89a9731387269384f386724d757a5558d1489722217d626f7bdb77b

SHA512
30f7b9268c2de1f3b3e4cf26bd225d7b3d0b0555281f113b30bfd6c33cad438c54ac6f343ecc01914a9f7ed0dc073295b45ebb5123f1ad1b60ea7c9520e2f16e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcMUUYEU.bat

Filesize
4B

MD5
5efd4c883358dfc8da50d006db30d360

SHA1
076698320cce835872fb9f21efe2a814d50cd865

SHA256
c1bd30a1d1f6e628c94639382c876a91b5cf461fc3488f9764edda755a846e68

SHA512
e31759087b41cd896d61af4c486a02906429040375ad3bc0be8eaaa07968ff74e506fe28f8e434c6f2c1525a23f4aed4eefab4690010fad306453ec821382cdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcUk.exe

Filesize
792KB

MD5
98ac298a0ba949ec4017be32625802f5

SHA1
483530ba010a0ef33ee48539cc63402433e7816a

SHA256
c543c08824c4e6fd7ceb6dfcc181ac13a5cb23d0efef5008ff4913f2d00316b3

SHA512
3110e15a30a6c2d5367194fcc6652bdd2ea5968d63d73b0a1b8257884322d1f20fbc07a8efbcea93ff01b754c34c591267d96f047cb1ab5a57a88bfc06a932e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ggAw.exe

Filesize
243KB

MD5
a571fab006f113cb959c97695ed820ba

SHA1
25cf9e1a482fe39a3ed3689464872cb92b5a91b0

SHA256
d14bd2d67cdbcc610354eef18cc0b472f0a975b77fb8ee887134cfca8e066ede

SHA512
efcc10bfe8cc9adf3b00290b717e907003ccb738c7b3db96b52002e3884eb659ba01bb0f9c5462f0d87b3665ece9d76d17bcb221bc09ef381508c8ef23b4d10a

Download Submit
C:\Users\Admin\AppData\Local\Temp\giEcMcMo.bat

Filesize
4B

MD5
172f165c94074716ca1243d59dd80397

SHA1
f4c14fea6f30126d837a36d8572e893f9120a81c

SHA256
1b1aacbb8d40fdb1503fd2340263abb11f2b3bf032c9223877f6c796f53c7e4f

SHA512
fe2d41d955224e217dd955b94a5d65fcf55dbae8dd98a23acdbbbc624c463ba895ffe0448290d2280f57f663f213b2d07d3a58c82d6785bdc052621d96ef00b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\goAE.exe

Filesize
247KB

MD5
0e8aa9cc30abefb170032ca3afaff220

SHA1
92c7cd70d11e69246e985d20a25dcea0bc214154

SHA256
a542ab5344876a9aaf108a04cde641a7da0e91514c6c67620b89d993cc972410

SHA512
534f8660eb8bda29e45b92375a9b77aa3c92a5908921866aef90cad05a900a198c7a08156298f62cf60fd7a4513529d00011d16d37350567289544206f216e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\gugAsUwE.bat

Filesize
4B

MD5
1883423de4c9bfc0a10960a2300c7393

SHA1
4a05ea4a2dc4600d7a52817c7992f0ab6e1f9658

SHA256
f143a2a929e680e54e142741a14b1087c053c43b78d53864d3dca2fc530eee6b

SHA512
7679ce30dd723e070cd74cb221365f9366d5d7255da8e126f487a0e9dd49c0d370ed448af260b0f84916dad205e2052553817f8722185e3c38ce350cfacd2113

Download Submit
C:\Users\Admin\AppData\Local\Temp\gwQQ.exe

Filesize
186KB

MD5
c7d09f3bcf31ab0e5380ed87d1cbebd5

SHA1
375a392488e77476a4f4cb5761726738300e1c4e

SHA256
4694019ba7705cd0355dc3d873ce9a0d707f9d1a32c572f50dcf8b3dd862355c

SHA512
0a7744a6e56d84e19366100b1f5b92545d7b52b66d5643bbf7727b854774e16296f337ddf9b48cb152ab69afaa8b92e09d02a96154a1fa7d4e9d80d1a52913b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\hcEsEIsQ.bat

Filesize
4B

MD5
5108681a6336374affbdf584572a26e7

SHA1
9f217d7fe8ecc8ad8962572532c7a6a58f6a7310

SHA256
e9b8031dbda3b5552279d4dd33b01a0387cc67d9d99e823a7477dd5764bb858f

SHA512
b613de0060f4036fab414d1c521e59f0eeb1e8261f090040467110eb96091e73fe0ffb5dc8bc91a257c4a27e91bc5fcbe98da18076386c90ba6709d92dc41cbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\hosYUgIk.bat

Filesize
4B

MD5
6d8dd9949809f098ccb6c19e3228087d

SHA1
cd0a8599e4b13875a8f37fbc0faa87dbb1a527db

SHA256
172dd7aa66c403d5f77bad39d64470841888c6383ceb50620222cf1b9567afb3

SHA512
11e3b68581fe65eac1dbd61751291c1b08e6791a06b4147dcd8754fbfc1e39e116f1c2667808bdf0b6218ea5cd62a129b461a5e2a5e4bbaf5ff726ab56e849bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\iGAUAwkw.bat

Filesize
4B

MD5
e502701a480765779fbdd321fe62214e

SHA1
3a9c2ca186ebf1b3355892c7cd477c10386eacd1

SHA256
351fcad14d7833d843b3d11a3e2730cbb234f47b031bc5a41de25387918823cf

SHA512
46518b7d91b1629785c5412bc57bc034b0c4092866d61736acce98d41db687ec2247fb543e48f73244cfe96b92910618c661388c53481e445fc92fd27e397b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\icEU.exe

Filesize
332KB

MD5
1ecb078bab94ea642a3952223434c8ca

SHA1
3f592d1782cb23d1077d2da70a26fedc3519ddab

SHA256
c7fcf7e55da5f0638175ac9f729750c70fe2492b1b159dc00bd9b3629aa1b263

SHA512
f051a1d6f5edc8712f595ad2ce657842abcb176de90adb694cfec7483421b79b28375e6e7d845d7ababc7d6e9345414b5e8f8c0eb5da484d7b1c8e96428a17bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\ikwy.exe

Filesize
245KB

MD5
b9e0f98e41e5d206509ad67122baaf17

SHA1
d2334a9fc935b8ead7e4641c42573fb396db1201

SHA256
9e387a2c1dabfd5abfb1bd3cbdf688f78b4417d3e7514a514281e996c221b41d

SHA512
420be03e0238c87527a1718bd32f41f62686ac5bd3de2604dec9316eb7ae64d13641d4590f8a8a0d54947a6acfd23fc7e0028b2704b527ee18a4a439b02c1597

Download Submit
C:\Users\Admin\AppData\Local\Temp\isQa.exe

Filesize
8.2MB

MD5
47eb6b64d556eaee92be9c3c83492824

SHA1
53baabf62ceaa0cf754681e8aed5388972c967dd

SHA256
0ae9dc3613ad29c34153c90d9bdebcf65f41bd9ffc4a59381d14b486d36ec7d4

SHA512
f0f039f60063b66e0635706d098d2ee282e0cba2dab2935a589b15fe51331392f09d3790893301e76408f499267c2e94e155d9f1cfb67958c0607fae70263c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\iskS.exe

Filesize
253KB

MD5
9dc1beaed9262dacabe9a8b7ffcfdba3

SHA1
a283cf15bdf000a7c0a5cf86414a86f56bb0e448

SHA256
595abb58cddead62cb1ae9363649c45030b45c3717e0a83b5645360367144de9

SHA512
75addab68be1c8fe2992beb19fffa159bf239fc680e9e6967d8a01f50602f4369abfd49f37cb3e5c51c45c678fbfaf19271f1dd49794f8db59929ccdc6520966

Download Submit
C:\Users\Admin\AppData\Local\Temp\iwoo.exe

Filesize
230KB

MD5
7c25d07ec30bde030baf8b472f046fc4

SHA1
3b7649065b3397ddb73bdaf076aba485d06ed80a

SHA256
b5e65a51cbd8f4b1aaf0cbcd00f844991f2e442052c64b218cf24ae2c98d334a

SHA512
3a9146e4f63cffc264c003ef296cfeda8c06752214da645eb09352f42c8d9cdfe8be77b6429403a08e5ece77476fcc732cd99be5c1f3c3b1d8606345d2d90145

Download Submit
C:\Users\Admin\AppData\Local\Temp\jQUgwYss.bat

Filesize
4B

MD5
1731ec0023d9e3ee12d5345d7eaefe10

SHA1
faa4661c8073c997497fed52bf90345dd5584ba5

SHA256
6df0f1a2a9e7406bef222258b0261ef69b2846ea856a11df252193864a2915d8

SHA512
5fc7d387c8ac700941bbb814b8f98d344c486c162f607daf3c199d333dba455db7f0fa104fc0c3561ae36a2b56d48ef50bbbf7d6fd466ad0fa8c89809711040b

Download Submit
C:\Users\Admin\AppData\Local\Temp\jesEMUos.bat

Filesize
4B

MD5
f9622e944a18a1f5c77b2c28405162a2

SHA1
1c9b0823f0ad5fe9928b7b11190a16910f00966f

SHA256
330ab55fa3050f4a438fb180c1985ba8e9a63e779a30e358529b3ef39d15a3bd

SHA512
11b20410343721b0c93a32fbf7e1f4f2654e223148873cce25e3e41be488b8c3d770c030435156b8c479ea3dbc8ec857812b94a5a2326d97983ce9968ecdfd9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\jqwwUAcs.bat

Filesize
4B

MD5
008f264af53c65ca0d69af9309d2130c

SHA1
2eb1301f8480bccf42f7103e73abd8e697617bf8

SHA256
1e42ee713ccd4a27dd778f51cf611298824c664bf125d6cc1228323ce9a39967

SHA512
3dd2a25f506b9afd90f67e3804158de815fd5304d948316e6785eaffb85284dee2fa436a442a4d912083726868931d931d9ec7b6da0f1fbaa8bffc46c23be988

Download Submit
C:\Users\Admin\AppData\Local\Temp\kEggQUYI.bat

Filesize
4B

MD5
e567aa2aaab25233b6ca58c5dd100c3e

SHA1
6d75933dcd635832c012ee71fef58954e994af60

SHA256
a2fce80118cbb902737d878edf53874555c13b4aba7f5748dc1c9fa6ce583b2b

SHA512
46fffc6f06bcc01abec1478b6fa107056c9e0803bcb8f3a1595ab751693d7b24a723818375f4e00e67a026f538bab62b507a835c49168aebfe5892af08e16fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\kEgo.exe

Filesize
238KB

MD5
021fe90d17412b3880e0a82e83a336ca

SHA1
db7f5564fa8655601114fc98c90cc68dd9487545

SHA256
bf2bd5829a0d230493106b8f55a9c4dc1bbb7bafa989eee4890ffc37e83d7821

SHA512
57cca1f2218449501057ce6e37bf125e15e99dab7099c79e833007a67fa685afeebc7eb236afa974197d77df74578e137972bbbb1c9ae7fe7f43a96e678da893

Download Submit
C:\Users\Admin\AppData\Local\Temp\kMwE.exe

Filesize
317KB

MD5
23c3d67d9c410f5341ef24a28b515283

SHA1
afb21a1d463c2ae06470cf6be90198d5b64f041d

SHA256
b60478b47cf3770a2bf317ee18efb9550773b0fb32d68f22e429539231c138fe

SHA512
a3dc2e1116333e9b86d1c1fa6e224b43c5237a64dbc9b0083d91548907919d398ba302a448a1f5c7b6e25428c96f7bc5d204c2afa51432a3e40fda77f4405c07

Download Submit
C:\Users\Admin\AppData\Local\Temp\kUIcMAws.bat

Filesize
4B

MD5
697e12cdf868867221e7f99dfb3b2613

SHA1
74a1ce34d2c91ef927e2e485e4826cbc90c59d4c

SHA256
bbcf4dca3ad292de775518076a41e3f7578cee9f8e6c65ffc04f132d395fc545

SHA512
deec1f876adc9ff2e73d7dff9e18a5f8e5e08ae79fb7b7f1a2b71562b08d490746af00d2717afee8ca0a49c129d6eed16c35c0225bd88452f575ee19ebd262b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ksQoYogQ.bat

Filesize
4B

MD5
c51457308a6494e908677d0ce39fdeba

SHA1
7806a1513f341a5f5adb5f5ed347109c2d8f873e

SHA256
4e93ee300b19a9d01ed48b65b81c14d20e9946379d0ee7c5be3342e6402de8a3

SHA512
37e3742aa04084d70fdd6637ab522a7f4d300d2a3d47e000b52f354a803318795cb20805408a05ed454cc009bc84f68ccf3952a168eb3c6e5b0c440fa9793abc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ksom.exe

Filesize
232KB

MD5
88eaeefcfc6f735f33b7c5190d4ae9af

SHA1
d4229b4030156b644e9ab214d5f0a1910bca1d0f

SHA256
a6c6d7ba90d77801d8f1b1c30f9e889d1131223d49d3004047d3b35894a611df

SHA512
fb74bd5576ce55a642d7550fe37188a440ecf0eef1b2372a6c7985c9669a20f15386b18b35e44394f3168514730a3f910d3d699072ab064ba54685c19eed93e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\kwgi.exe

Filesize
236KB

MD5
6ee5746ca9df15ea4d333a8234c08a5a

SHA1
cc956f51a815aa735826e24398015d15249cb73b

SHA256
29b3d04677aef6cc99657713d086039145f2fee82ee959c08ab8bb32a5be8d21

SHA512
a577b3a6e69999a312e7343c6d980987d631a1dec2abc1ece8bf5965a287ce436f3895f94a75f20585d91095459ba11ff94c3812462dcdef9215b488a86dfcce

Download Submit
C:\Users\Admin\AppData\Local\Temp\lCYQgYkA.bat

Filesize
4B

MD5
9839661404269570b7614c48fa0492c5

SHA1
ec7924786baed5bc9cd14b7e605cfadce325bfce

SHA256
9d7870b102fa509b8567a84d23b3833d783f1c1bdc62956a602779a17439aaa9

SHA512
f071b8413561e5e7376e6710585bc339a5bc0582d26913dd291ea4b379b2a1b8c24a3f3a28a57f2395622e9415cac469873020a296c5a6c80d07fa4947e08298

Download Submit
C:\Users\Admin\AppData\Local\Temp\lUckYAUE.bat

Filesize
4B

MD5
3dd578e79c142834a658229cef5519fd

SHA1
d5c0e790e6763225161cf53c2dee904de91caeba

SHA256
958d0a33c77e7d064a5df0c11f224d77925a09a9803d4404893ccfdcb57bc2cc

SHA512
1b6d01e981f9fbb006f82154e494efbd1a96b060cf27a08def11f9cbc77a59ef95ea566987b921229d01be0197eeb68288caeda5bf3ebd3091f8ca7446817775

Download Submit
C:\Users\Admin\AppData\Local\Temp\leIIMAAE.bat

Filesize
4B

MD5
6ffa7685e04a2b4dea0691cce228fca2

SHA1
34ddbb59045b266d602b6fac2468426de15cc3a8

SHA256
bf96e2289d891c038e6507adbebbfad356848e1da65efb8ee73af6a4b982515a

SHA512
3efd731ff34d59cd7786e8544fb0748c127af722fe6122e299d20f6c9ea008d6ece86021624771d93a312e671c25db6a33ee7c90fdcd61ba043765f50bbcb3f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mEAa.exe

Filesize
249KB

MD5
a62e05faee25ac5514d197899e01d7b7

SHA1
4baa9e6ac4f059244f45d49646b8b8af99ebe70a

SHA256
ca71c209c206546ff32afdb187157ab4b75c7e0f8bb9ae39fd61ec31bf1b8dde

SHA512
2af8477012c9cdb6110ba17d8d9037e2a3daeddd998a71a715c0fabc9264047923f0b5e9af435f0fbf2d420c5c842ebeabb062a89c9d4e990d556e4c276a8414

Download Submit
C:\Users\Admin\AppData\Local\Temp\meYUgcMg.bat

Filesize
4B

MD5
07247e928eac9f3c461d8cc88824a063

SHA1
38771fb7f8af398fbd26baee52a6bd5a812e2bdf

SHA256
84af0c51e12b14e563e2886b2149eea814aee1f689562fb292198beac3d8e7d9

SHA512
3c6fa7256e7388f9f61c31f9bb9be7bb3f983fd962262527e96aca5e87002673944f91d1ac254f87eeb3fe5dccbca0e9cf5ef18d221cee64d1079a78f411d423

Download Submit
C:\Users\Admin\AppData\Local\Temp\mocY.exe

Filesize
196KB

MD5
7ff3ab3180dd6bb9c7b554e5958ba737

SHA1
7c1e1c7b221a230dd630f43c10c19bd988dcbad0

SHA256
1875294386b90c18f8547a4731d7bbac2ada2352d67d600313d0c5e65e713ecb

SHA512
ad3a0b4c5a667c15556068e388d8b8efa3aeb747719d8427b9596cb0d151a674578d2cf129e774b83f914d0cd0eff19f0b23ef5c840356033d286daa691fab57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nAokIkwc.bat

Filesize
4B

MD5
06ee0614b7b26287f2f313a9c8486c14

SHA1
5acd29bc86177e3488957970d9d17b497c275d91

SHA256
760ea2ec8a86bd1c7e6359ec86a0a223e8fe74133c1c88fcd59ffb44fa971f01

SHA512
2d930841e40693b126f941ce12d07716bb55a645090ccd24aa94ed918bce9d07d0ad2b3c0b4207dc9cfe8fc07f8776c13de15d46d098387431cfd446fcaeacf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\oEoa.exe

Filesize
239KB

MD5
769a0a0d3890fa56faf36e3a656a5748

SHA1
8456fba79283e2b2f5d93b22daa921ad9b4bc876

SHA256
65165a72176a4e5213dc8c6f752172f1e62fcf7941fbf4c4e804466dfe897464

SHA512
234263a6d7f63f460831fcef4ca115f3670f8a1566d0cab1f34e2219d846967fad6611ab28566609aa5223a273fc5937c4c34d5e35b495eac7d746e4ba8dcce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\oGIYMwUI.bat

Filesize
4B

MD5
a50f0e682a1eb390cdc4a67fa340ba7c

SHA1
02d61a0cdfa2a635f423b048bd31576f54a77ec1

SHA256
bfe3f3f63bbebb6845973501a7afa058eff77fae644afdb646e3ad73f92b71f3

SHA512
7ea8af4c9cbef09ee0158e81a0a72f28ee804b835166b44b88d2e93dec11781dbe47f3b7359d858fca57d0578fc673554359587fbb42cf4bf08a45034a38f20e

Download Submit
C:\Users\Admin\AppData\Local\Temp\oasMEIAA.bat

Filesize
4B

MD5
b065c0db4a8c3cde77c9a273648d793d

SHA1
0f47b6195488c8b26d59c3161596209b0e95dbb8

SHA256
23f2b2a61dc08e0066082713deb8a73bcaf0d7dad1fe7a63b70fa202e7fc06c3

SHA512
35c980575ca5cca16244bb07a42abc879a21bed3dcb87d47c7cc2c8f3c493de2ee221f7037b05d7940ce4e5346ecd4dfbbd6f5edecf9e9f339b7fb39a0dfda78

Download Submit
C:\Users\Admin\AppData\Local\Temp\okYG.exe

Filesize
589KB

MD5
1f8acd1b660583573f004a6af85c5889

SHA1
d847d5bd916d4f2712a43f56f4d00f5a301a52d9

SHA256
1d69f037dc951e1d21d5ab0b7b4d4d416668754bd527ffd2ae49f463e5eb9864

SHA512
e195c26afaf4f52114ed32d09366ab43bb94bdc9237e0e2976be40c5b5619aba42e8903c45159280c10359919fd8c3ec010a2e1a68a0e70fb170fed2cfa303ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\owAE.exe

Filesize
228KB

MD5
17852fe285d97a2646a658eeafd16e28

SHA1
aafa80de4553f64a627711673e758bf5f042931b

SHA256
448d607f0045ccf875adc1bdf4d8a22f2e5df2e511658228244b75601887d39c

SHA512
ff3d31e3e1dff7ba80d15fe77e73118a37a51b648bb2fe82dfc6cee6944f81b0224d40e96382d17762df4fbb6422dd12f3b44f5057e3c0138b8dba5cf0be6db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\qAskoIYc.bat

Filesize
4B

MD5
eb125c92078e51aac6713196b4135a78

SHA1
50396d29137fd06915438a01bcae5741a621c009

SHA256
18743e620ddba85f83680eea1b7adbf5f68b35726e54abf81287d382c1b1452f

SHA512
3e6d41577628094972830183418e67a23e24e44c8dd8fab17e162eecafede4466fb8e13caba31762bd16f0f06fe9ad28d2ebd69cb6a77f4792ef405991487a45

Download Submit
C:\Users\Admin\AppData\Local\Temp\qEAs.exe

Filesize
244KB

MD5
88439367cec9aa65f2ba6e4a2a03ef3d

SHA1
14df298ecc7294d3df97bb5bcb65f53822fe6985

SHA256
c05fbceb883193d6ddd8990ca5c91533f957c23b0f70600746406233b828c185

SHA512
78b403005b0395252cf8247d740f6505c4de232151db96cd4e7e8dfc795f3868cbb19f53ddd1b0d7bc19cfa4c2b393b2840e7342ac484db8fa52abe4cfe9b1ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\qIYMcQgI.bat

Filesize
4B

MD5
60291bce8b7a219cf3bdee85d3d07ed4

SHA1
e4e9cbc7f83de07266127d1446666aeb85c11857

SHA256
3d5f8629899f32925dd331171fde184f7c262e6b9c740441f767c32b132a4474

SHA512
25209a74c2136495dd973302b9f4bc9a5fb38c7f99cf4388ade6024e0a4e78409bc60951707d7d9ee7c310776cf7e6d82c522c9a731123f0788fd1dbe30b0935

Download Submit
C:\Users\Admin\AppData\Local\Temp\qQYi.exe

Filesize
1.0MB

MD5
56fbffbfd2dcacefd1df707f7e34c443

SHA1
bd10950a85ed800f8606fb7c406c632dc896cf9c

SHA256
87794f141b4a997703c4c82a493f5aa6b2ce35644f552426da6126fe947903a8

SHA512
5124468cc6c04af4c8f51534392c37edb55a463f57432dcdb7f07dc788230ce94db26f1efd27259335ef543276819237a753cb23145ac1d4106468aa3479fdb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\qScQUYoo.bat

Filesize
4B

MD5
fe505e5dd7109cdad95819713777d50b

SHA1
863afb0b2d409b7d9d4662a9ad801f50338d1a9c

SHA256
b515f8da82780b00173b69635c81b4f529c9062754175ff2b508b02bdcdda80a

SHA512
0ca473bff5d74d89e9523baa25135bf006c5680f56ba83bdefae06dd579c2e9de831b87f45a3e288d8b752f9f335f132fa5bcc73ac154ec2c7169cfcc19db14a

Download Submit
C:\Users\Admin\AppData\Local\Temp\qUMQ.exe

Filesize
250KB

MD5
ac37bf6b26d5bc6c24c7a473a309b0b4

SHA1
36526ce0fc7420fa2a4b5077c08e11f48c79fda0

SHA256
590df6d1c977fa3659d154372e72bd7dde8e4c4d67b2a096dd0d3772f1cc96a6

SHA512
fb1d3ea67365b7d97089fbdd6f381478e633be0ce3539aab229ef256449c945deb98169f25a367c19ae135b7b363c9ce94b26e6926dd55ff57821b800726b707

Download Submit
C:\Users\Admin\AppData\Local\Temp\qYge.exe

Filesize
231KB

MD5
068ff0b947f8ec194b84611824cb9afd

SHA1
4aadf1ad2cbe1e5c620a0e27d01d06acaa1925af

SHA256
22073ae56296daeb4fe056d31e062a2cafd0406dc5edb07e3b7e2d6edfad67d9

SHA512
51fee38b5fd4a8e66c82d7ac25aced443a9f51c4362b8c4fe358ba7c47768521b3440be7f81bb7451a6e14e023cb9bfc785244f970de8dfe21e27e4107b7f1d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\qYwc.exe

Filesize
237KB

MD5
4b8deaf47ea60fceb4cb54fa13c5c7de

SHA1
dad5bdc83098c513dc8dbbdd94d049850c84615a

SHA256
2164827b767ba1d6856711c2260ede30ce4612b437994f2fd0933b0db9168686

SHA512
8354f996296e12574ce341f57425acdc4d8f73a182083f64ef89c3756c7e264436719b437d65b0ae1ef09ba1c2ae30b3ac66f491935ce96409071fd7963abbfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\qicMkUIo.bat

Filesize
4B

MD5
162e51cf2a01b3d42cefe7d45bc576eb

SHA1
bb0c0607081445fab4e967b04dad3421b0e6f27e

SHA256
d58cd88a8ad8bc0f340d3b927193073fa05a298034ce7a52486bbb91b745f702

SHA512
df1963faf53ef959b20198c2c77fe9b35ce02a4f8cba548ab73de660d85c8d6a03d2a21e62ec7480bf9860569c0359cf9b7ca257fbe99e7367ed9c5e705a4fba

Download Submit
C:\Users\Admin\AppData\Local\Temp\qkskEwsQ.bat

Filesize
4B

MD5
37b3094a6099b79ab764d2748aa8959c

SHA1
36e5b8b15d5e3b6f506fe6e2f9e200c64d9cf262

SHA256
bfc4ccb6679a8f645d8d0b21ad1ea03c99fbab386362d82100f3ec19b77d25db

SHA512
f650a6d97a195d797b9d4bf435debf64c1cc66597febe1445fe405cf85974796307d748527e7ef8871c5d7ff41ad6b50b7a06612d1ba496d45fb7831ad3e686f

Download Submit
C:\Users\Admin\AppData\Local\Temp\qscowgws.bat

Filesize
4B

MD5
8400297c6267cc79e3889374a1dc89ef

SHA1
76aaf5f19fcd5b7feb9802d7ede478fc3bf539c6

SHA256
a61c5da047ce37c7cf67434b26b3ca070cc496f1ce6826b57438ce0c33855750

SHA512
1164e397b39367d39999792643478a194fca49c19132d5e6f3c3534771c099da3d6ecb6e2a9fe7a627aaab150cec675a62f13b8914c8b593b6ec7a72788ff30c

Download Submit
C:\Users\Admin\AppData\Local\Temp\qwIgssEM.bat

Filesize
4B

MD5
15dc00fd63b3673c5f4263420f835920

SHA1
c08361335106fa47df93f206ebc7567621da88d1

SHA256
735569224c3942d464e00f7b64ab51644f74f7e3664bc6617bc588cc4666a22e

SHA512
42d5b01fa5590049069f3b65db1d7d61c08dbcad1f3683784c0890e4bd6f8dadb8b4fc369eaef460290129997a1f3ab572b54ccc4fa328eb5e209bb5f256bd00

Download Submit
C:\Users\Admin\AppData\Local\Temp\qwoM.exe

Filesize
246KB

MD5
d0b6228f27ab2c50f5c3a8c440926c82

SHA1
fe9ff4b7fbf71d7eb0de0b7b8f831c1cfccb67f3

SHA256
2d3f5ffcbaf1574592d40ffffafe9877827136f6b5fc1c93b624549da7c73241

SHA512
0e3debfeb1897b5fc6509fdeecee4c93a5c1cefd076eafc6fc4a28203e3e9a3cb277ff78462a83dfa20a2522e320df9fcb44884777ac0b61c9a563e1407b25ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\rOsIAocM.bat

Filesize
4B

MD5
c7c666b3dc53b71cb3f12e2206d6b819

SHA1
5ea8fa555de6981191e92d4ab1b7947f949d55f6

SHA256
0886b9f51ec0a52f248807d864f9190ded8f47f01e4fa62fbdeed1f51585db40

SHA512
70d7ea14e1aecf3c7c05f9be0b3a0f4f244e7b102f728bf90af2d9d6ca697e5c706c86b4c92e4599511392fee6a428014cc640e25649a3fd68468e523dbaac0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\rYMEEIww.bat

Filesize
4B

MD5
b163ef04f3220194cb80d90f45c3371c

SHA1
0c75cb289d27c32fe49a96c8476d72677e0aecdf

SHA256
37cc3be89b21014e880431e5f1ed75108b63202e6957eb9a2a0cc2628e447169

SHA512
780bf59bfe1dd350bf1d61fa5bf72138525857ba75429e136f74872a58eac5c81c723458b8529d2bcfbf054c0f49146d9f0df726e735fac18efcb43a98716cf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\rmcUwggY.bat

Filesize
4B

MD5
263d1d973be69b682b074e94c878db6d

SHA1
ea1f3c66c621ec491d61be47312c7f25f7920b42

SHA256
f305deac2b542a440971741216ad52577d093a5db3d186b235319cb0a707fe42

SHA512
b5ecc8a7dba7c96cf38797bcea9f3e5ea73c8b72181927066d9dc522ae29ea657b0d5b137bc253e7bde16fab60c140e2a20c917d75230923a96b76fba606be56

Download Submit
C:\Users\Admin\AppData\Local\Temp\rukYIYws.bat

Filesize
4B

MD5
fc0ab02abb1791072af4a1b4f231256a

SHA1
07d31b33ad1d6b61540c341a8ec3102dca94e0eb

SHA256
e0c4d719eb07063e75241623856cf8daba6c119961c1c8e1fd50014133e2f795

SHA512
29670279cbd6b34ac6d2d00e13bb99e125eba8825a3d2c1ff80d767619a610b5adaae9ada1a46790fb7c3853456dadd366cca9275dac49b869ece3d93940efcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\sYUwwoAM.bat

Filesize
4B

MD5
074b9a2d78ae83509544e74f1f3a60a0

SHA1
9bf97ebd1fc9e66ba73116e9ad0c5f9c05a6e42d

SHA256
333cad35fc2c44c0c166be87a930348da6b687f2de1af313186c5426b4ff1550

SHA512
ce3c117e182dc5c00c73a6a848b0d35826010ef3aaa6b14ea586f84a733d08c4b72cd185339c62ab6b01c18585eed0765dab9b223e0cd70ae8651b657611e96b

Download Submit
C:\Users\Admin\AppData\Local\Temp\sgcY.exe

Filesize
247KB

MD5
99e0c243375f5f9b143b207d664c9239

SHA1
38d0dc00f17310ccc80f20db0b588343ec4ec80d

SHA256
152047a75592eb7f6a9e62ab748d1e54b6d6a854d892ebb5b47c9d615f3d0c32

SHA512
c460da632bf79bc22de61cd3bc717f87e0f45f0891dac601d1e47beb4c4db8bd32ecf1465ee4d3727daa04b68e1bf2182fdca4f5f57883a75df3f91256206814

Download Submit
C:\Users\Admin\AppData\Local\Temp\skQG.exe

Filesize
777KB

MD5
f74768ae2038b882f4759cb2628f5956

SHA1
abf1563d9ed5adaf6a142430e102d63a893ae43a

SHA256
d7c5249b4d91b446da675c249dcf2dc863db0fdc35771a0ded644bf5f54b807e

SHA512
581c3097e90efc4acb30dc00f3fe6431cddd3e18eec2776a932cb44fd00a7199fa4f4e8819edf0b0241991d1a31b20e4d3071bc836c4b754e3d1e3f5112d321d

Download Submit
C:\Users\Admin\AppData\Local\Temp\smUAwYIs.bat

Filesize
4B

MD5
7b10b41096444a24d44a59a08c6560e5

SHA1
f83b098f6f4def54faf5e8043aa948a50fe1230e

SHA256
bc02181811b410f39da004ef0eb3a240e31543222b6258612c00e70802f7774f

SHA512
6fd43859b4df7f0ad21d9a04ca01a4b60ada5d14c9d213f65d77ed5b7dbfffbc5a4302953c84f4f84666eb82c969d596f9808fb374a27e4524b6a4b36738981e

Download Submit
C:\Users\Admin\AppData\Local\Temp\sykgEMks.bat

Filesize
4B

MD5
f459e578793733d1ad5d8da8d031ae72

SHA1
f71b2d4594c25325c32f715925b161b27cfd2a21

SHA256
ebc6d420fd164efc3cb02c10844a5ad796b4aaf85238b6176382fde0eb3f3489

SHA512
0c2c88f889ec414ebf4b663866f7be026b1d8af7cababb864130f0a7e92a42ad8d203c50e19d72add0fb90fa1680226d0f51f59cf5e336cfd7f26bb215a59ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tGgMIUEw.bat

Filesize
4B

MD5
dbdd5a1fb54ceb3aed0a98b4b6419627

SHA1
147133f5d552af84a2f2946876d679ab5525cad7

SHA256
15487f36698a28c3065f8028ad02b93d876addc30f958778cde149c887aa4640

SHA512
dabeb475368ec9b22b841536facf383a803fafb91f1ba45ca40cb7cf14eb9509847e7649ea98e075c90a489331db85382931ac99a589af37d77b0b101298ff16

Download Submit
C:\Users\Admin\AppData\Local\Temp\tOYwIosI.bat

Filesize
4B

MD5
bfaaf32cf31cdb6ba55e6db12b9bff06

SHA1
d7b9cd8072899a4a43559f4d291c44138be146c5

SHA256
3270df5d98a066d2a653cb3f52b75815f8ba767372a43b7bba1a7a42611265d8

SHA512
12c815f674d2f3d8ce8ab6811ffa9f03d8f84c2ca3735f477a0d6bc76a71b64dcc511578b57c087e7f515bbe78d659027e874eeb5cd28435fcfe7a1ab69e3e61

Download Submit
C:\Users\Admin\AppData\Local\Temp\uAgW.exe

Filesize
236KB

MD5
b883fe13cd4f8db80161d4e34925deea

SHA1
d51cd728e3e99a18541bba2fa12247e6d802533b

SHA256
a112a7de92372391feb1ccf8a9b539e7a69ddc020b27e598bc16685f52f5bff5

SHA512
d4d4bc0854cb67e171e5c7abb58fe1f9d47dbccc026dc76a516f2cf8cedeb038a5b760b831ab774a72efc8c8207255035385be535b0068ec3b1ce38cd2b2b3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\uCEYUsks.bat

Filesize
4B

MD5
ff21b930f63da78456f29a4ce6c37f98

SHA1
d531488240dd02ca03fabc56cf6c929f4e927deb

SHA256
6d186393fbc137584777ea8fad0a16fb1a19ef83e8ebb5b8584aa272da45024c

SHA512
b72f2630d5380b1cd88a489a674c7a4d030313b495318f0d575aa61b76335b57eaffcae6bd4d31e7e0a2c9ff1336fa12205d9fd70ee7aba2375181fea5ef6969

Download Submit
C:\Users\Admin\AppData\Local\Temp\uEEY.exe

Filesize
234KB

MD5
a294a6e2c643e44ef750c500a361bb8a

SHA1
1d12ecf72a43cd31ca594564fad66293fa3ad893

SHA256
da28b27cf78aca4175da04ff5d8fcee44bc9a85b0eeca08ad4013728a1b5515a

SHA512
892f8cc10ba7fb53a898f7c72d8e0a10849297108ecae4b72aac881beaf741550b90377e1116073f0c4137dbdfbbca4e36b304cae65926d4a9abbd521efee093

Download Submit
C:\Users\Admin\AppData\Local\Temp\uMoQ.ico

Filesize
4KB

MD5
964614b7c6bd8dec1ecb413acf6395f2

SHA1
0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f

SHA256
af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405

SHA512
b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\uQskcogE.bat

Filesize
4B

MD5
986978028a77c8a940f77d5cd9070337

SHA1
6e5c0498faefbf5d30d58f9d55bfd44949f2811c

SHA256
62afc65be9086ba5544b0397a8d9db5456dd8c284448c1fcf187995adf730aa5

SHA512
2c6e5766152100b84e18ba2eed6afb47e72a458affeaa3bdbbcfe5ec12f3719f468cb728ef439c794e342da3ab4546ca9f1b6ee423d759a3a521062f259bfbd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ucIC.exe

Filesize
186KB

MD5
a77dd7d14b20b7f045ee33b758e4bb76

SHA1
a0ba82e3163e3b9914072e0381b8638558c87d85

SHA256
0e73e8aa0d885e4c6bd7768868382f3cd76735fddcf90a9a5518cbe2ce2bd592

SHA512
4ba19caf2df045446062647c15074be1082b976058dd30745f47aefea274ee1873a5aadc30fb7607c665f1f40e8fbf4aaa8c9630e020dc09d9c72f9054b961d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ucow.exe

Filesize
964KB

MD5
2b28fb176711d1e31fc635b9a26d7402

SHA1
1cba79548d77ed8cb2f42f648bc8be40194074e8

SHA256
7a4e4dd0cd8516b82c8a867d6b4bc0aa4e14e006b4c141bc997305d30eb59cea

SHA512
6e60f76fcee5c498843d05bd9c1391a0e4c6b2c20db3adc84257ab5b6956b4315bed1c3e03db5ddfd9b943f3178a3f2c2ea947067c7329f124134ce480e8d0e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ukYs.exe

Filesize
241KB

MD5
d2f8a8ecf64be02c5b1943ff7a2b18b3

SHA1
6d663b8dd44fc5b91234348119aa4505aff4b545

SHA256
58570ac3646044212f46c12b6ee3544b7c9792c63258a2a1b9f5621f20ff19b4

SHA512
8f0f46ea6df520bfb5afb7c16f542289b8d40e5248909bb21c979fb4768a7eb30bd6b1f256e7ab14ddb664c7d667220b1eddafde8e3bc5d52fa36ce476fa4391

Download Submit
C:\Users\Admin\AppData\Local\Temp\ukkw.exe

Filesize
1.0MB

MD5
46fa58907a547fb375cc4fb45f3156e9

SHA1
cfde15ef7e0ce362fae6c6c934cc378452c72af7

SHA256
e96e69c1a408bb8f0cfb65b949ef153123bdc8853c4c3ae1fbd1f4dcab1c4678

SHA512
20a431f9b2f94febded342917bb0f5789c4463d06499d61f0b676229c74f32332a26b01cf7bdef6b454912e6a748a9f66a460ba7469e85ab74bb830b937a5520

Download Submit
C:\Users\Admin\AppData\Local\Temp\uoEG.ico

Filesize
4KB

MD5
47a169535b738bd50344df196735e258

SHA1
23b4c8041b83f0374554191d543fdce6890f4723

SHA256
ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf

SHA512
ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\uoss.exe

Filesize
238KB

MD5
6e867ab7c55b5f7841db3c7bd933843f

SHA1
ce3736e53e7d2866c07d1e2846295447dc19deb2

SHA256
5cc93d667b3a0042db9b0583778e343ef49862ea319baf0aa716a06e95b030f0

SHA512
1ac4f6c45c477bf2cd8a281d8967fc08730717d8e6348ce0219638b99846abcb75a774d41c5ec7d80cbe7d6d959c58592de919a7f12fec7c76b19448063416d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\uwYUMokI.bat

Filesize
4B

MD5
7c8cc009fd9beb76e8818cc6748adbac

SHA1
da87f9ee5e01359c18e312e8b6c2321548a313cc

SHA256
4232d0fec36ddcff24a851366d2e2a58e795d429f2eb29daeeca1711c2d772d9

SHA512
895c34473f86412abae3f7ecac28a04a57e76b9c7912bf7faac43503648686b9a8124ef2d855b6ce7f216293416e2ff54ce3186b51c1566e9a855e700f12acef

Download Submit
C:\Users\Admin\AppData\Local\Temp\vYoIwQQQ.bat

Filesize
4B

MD5
0f55bb0b9ce504f6ffff1bcc61381f05

SHA1
511ed3394667ab75b9a2b66229710a639ae4053f

SHA256
569d127247a6f05ff2a138db9cfc03b13f621f7bff470a88fcc9240b155ea2bd

SHA512
31f876b8203dcc2e38138bf7c7b2b2e72e541e5a7861863e63fbcd18730228cb7cac8c35cdab8a6ed0a9a2ea4fef4868120b2be50181e08e53a2811197e07b29

Download Submit
C:\Users\Admin\AppData\Local\Temp\wAIi.exe

Filesize
1.4MB

MD5
478a90cb7772b7cc26f03d4763dad4a3

SHA1
6599cb4f9453365b2538471f2fc27ec06b1028fc

SHA256
7ec6b7f1483f69f78ee4324bf80a01d2f06e6ae690d9ccc7af7d9ee993b3677b

SHA512
0be508858fded8ef3d78aec1992daa143bd2eeb099e8704a8d5726b7e781dafd38e7f2c28ceae0e43716a006167aea9783626d3a9da570309bb413d91f235cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\wAcI.exe

Filesize
247KB

MD5
833bf10344444d29525391a644061aa0

SHA1
a73076b5e7970666a723fff36b85b1ad8cb78ab7

SHA256
b06a48bf9ffdc1c7d3b1b0ff97e0d00c6fc5207351238b1b1222c119c48698b1

SHA512
45955f787ca11aaf627b874cd073690d021dc80b97f39bd1e4f97fb1de8111c4338aa1fa52a5f824a3a0b49a44ff4dff59409ecf5dc8159c0c576a913ae9d93c

Download Submit
C:\Users\Admin\AppData\Local\Temp\wAkMEUUk.bat

Filesize
4B

MD5
11ed452201f2a3c2ab11441c57330be6

SHA1
6e09126c48e2b3c8d887a8479c2c7da5e48a135e

SHA256
bb74316e689be491bc2ad5b59481ac22470c1148c434e3506806e6463cb3b5e0

SHA512
69ef55599386dcb082aad9a2b2ffd62798492bed306449b2a1f0c1ec556037e340ec4ee55c4e77e2dfafdf8bb7f2de044fa81c859ac505712eadb81f6617de44

Download Submit
C:\Users\Admin\AppData\Local\Temp\wEgQ.exe

Filesize
537KB

MD5
293a2917731d693adab22bd10221071c

SHA1
fcff1501edc794579912d9c9f111211ade6608d9

SHA256
4500abf554e9d54448dcaec3499afff67dccc698789e867a9768bef0c115000d

SHA512
3b165387e6c7156e4a5172d22fec372d100ad6c0667d6dda10e2d9dded37a8bbc8c36d944149d186e1f67643c50a8ccd92e19b6a0057d86fedd629015bc46a3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wMEIAogA.bat

Filesize
4B

MD5
657d5e529ed655b62dbcfece312570a0

SHA1
48ec730a127329d332d9dad26629258258742d87

SHA256
dc4105dff4d5017276d3238896b141e4531238276c498dbb8371939ef2825066

SHA512
dfdab9e155df45142ae98194c07f1c490378f7e3745027212da3263cdd9e6fecd4a7c7fc1a360c9c1641921d43f4904174fe0b7ee73177a6a874ff281483f36c

Download Submit
C:\Users\Admin\AppData\Local\Temp\wMQgEEwU.bat

Filesize
4B

MD5
5713b01d1ef7dee9bf4718167bce7801

SHA1
45ac6f73e3727b93c7cb3f62e2ffd95d492bf5c1

SHA256
253d3035756440fe067b1707706ba97e770b76255424696ff414adfc9b796072

SHA512
8b646b75aebeaab81af47365ac509173fa631de803fbb12fe70f5f9c93d4c608f5944e6c99f6aca613a36d719941bffde01fa45d3bdb5b3faf4db7312576f43a

Download Submit
C:\Users\Admin\AppData\Local\Temp\wOIEckkQ.bat

Filesize
4B

MD5
81e1dc48aa8c719ee73c1cee8a5093ab

SHA1
636187fd529727aab909908fa2230749a2f6cdb2

SHA256
056d7b29b97a14360c47c5609e9b356f1cd91d70395da5883605c2d4515d32e0

SHA512
ebe1cb44ecabcf498803397ae3e17e870d194ea817cc6bd4c0603eb4df03e94b0003a3f1ede0708923185c63b008a4e969a4b9c353a3d423a6df90cf6b340fa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\wQAm.exe

Filesize
246KB

MD5
20d2605dfcf263cd24a0b083057ea62c

SHA1
30a13d840e51b58bd50d5c36cde6a4cd39db8557

SHA256
ac2b8dcc1f2d882cd1251e7c56c470aab77b7511dfc0d0c5e11d53afc3268bf1

SHA512
9f3e724f32ce40f3cc3fdd556456e114d703f5ebc6640cedf78ee8575c57c27563ed70696e10cbb19c916816a88fb1ab38b08bdf4b261b7f2261d79572a7d9b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\wUUq.exe

Filesize
202KB

MD5
374a96e19d14fd8761514980c3b61b45

SHA1
fd9dc655ff8f323a2d9a2fe2abe3883362743910

SHA256
535d46575382ea9808b1473ec5f89a350edcc48b633780ca2c1ba1a661a05fbe

SHA512
aa03782699072b0f05a7ab325d4c01b43747b9f18033362a47a46c5bdb193c7daade97130ed10e87599e4f54953e342b87d27ba7ac8ad59384538a08b691c131

Download Submit
C:\Users\Admin\AppData\Local\Temp\wcUy.exe

Filesize
450KB

MD5
a51e5ada7afc67788aa3b669fd14d2fd

SHA1
01b08e3794d133d9465b8bbadfc58eb438635263

SHA256
221d9b7932a72a02b7a29ea6a5731bc4b37abba0b5c56224da9bbd03a6592f7d

SHA512
8fac446b8421aea972e5b96da06465dee140ea3f851ee28767fe879665bfc31557ac22599fce7d1e0d5c9d8977d4c34d011f8e4e697cfcebd01afeef28dea6a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\wkAI.exe

Filesize
247KB

MD5
17f79b9ffff45fa536ff7a3aa6cef7b7

SHA1
1a7bb81ccc3196b2a39ad01b0ad30d37a144adda

SHA256
1031a826ba464e5070c16cfb89df0c9babc44b1e38c1f9126a8d589b3e5886e5

SHA512
4b29be2e238a8556e9e58ffc59f587771009b45e9ae12f0c5d78f8be02a5684120e0b93e2e2f610f79a7702d38b716eb25a0e85ec21233f983d7a47a2557c796

Download Submit
C:\Users\Admin\AppData\Local\Temp\wkwMgQYA.bat

Filesize
4B

MD5
cab6bb2c28c372e2f2a0df3c6925d56f

SHA1
ede237113b17f13586e80cde5926ab07c9756d41

SHA256
49125baad3bdc403a718e9c94ae783f1e4d73648a63c4dc8632a6fa9b8095915

SHA512
f0d3ca40478b05b9d3ba7643b3fa8cc36f4215137f198b36d0e75e3fc76e5553c80a652865530d3ce6b2de2906c186ad95117b29e8d0493fbb3e121b1d65fa6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsUs.exe

Filesize
235KB

MD5
6f8e9a1cc2d7984863b1db5375fcc897

SHA1
34f506ec653e4484f22deab86d79274fec82af46

SHA256
6a3c33441c288ef75b96880d79e748ad88bdcc3483517fba757da0615b95cbb5

SHA512
9e28f3aaa6a4cecb92ae2f3d40ca2ff7dc00261a2c526b2c70503e6a554bdf646473b03db0bd44b9743d9ea7610f287692c8a44c6244b7580ddbf6f58e5a7d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\wwcI.exe

Filesize
205KB

MD5
fd5246b483b587bb8d557180a3a1520a

SHA1
90b11dc7652c578c24f469a1623b4759b284d291

SHA256
f464c5986931c465fe8e2733ace94f5d24c7b478dad17310fc23d30e503df193

SHA512
41f671fa370837104af097b36ee8c5ca502395ae729e56944ec840de9a516626e1f7f4375f55939aa3731c3f283c3cd2d92acaf83cba04106388ee7cab4420c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\wwwS.exe

Filesize
204KB

MD5
ee6812a3e5362c33c030e3a3f7fa32b6

SHA1
4db99ce7960a47a95a6bde04113f922580039f2f

SHA256
59f115ec463bbdd28b3a7c1385dd20b99a92fae1544a3d0bc2974db95dcca073

SHA512
1b08d3859a98c4727f9799979bb6c12844c1cf351f9468832c32c54c582031cb7a69071c1afc7795c6c63c74ae3a233e624b2fbeeace2414904b22cfe9331061

Download Submit
C:\Users\Admin\AppData\Local\Temp\wygYQcEs.bat

Filesize
4B

MD5
4cfe5098005ed1d84419b91ba97ff90b

SHA1
e1af5b7778cbf7b2516b2740dd6d0eb329f47dc2

SHA256
9436d319a49db764fed74494d78b877f00d563724b9edf4498c5dcb2b0f7dcf8

SHA512
09b3ab82af201c294cdc1ef4d953b944a28e1c3a1776dbf7d65007e25385c794a35ba0320cc114980b70db90cdc3db3c3ccc35a42a471e6770a081e3fd9ff03b

Download Submit
C:\Users\Admin\AppData\Local\Temp\xmMUUooM.bat

Filesize
4B

MD5
ddac1b971d86863d1b4b28ab2094db38

SHA1
6055cfdfa24b1861e28206d74ffd342df2d8ace0

SHA256
85b57b4b5b5902e99f1bd9a345ba45b75357565bbe72e26d87b94cb2cc636afd

SHA512
4641ce75f48cb403199b84cb86cbb97da80c3b5ba9f4fbdec50c82b4f58f933f664750a80ea46c1fa6f18283b3261212babc38ea2835d10c68623ce467350f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\yCMwUkIQ.bat

Filesize
4B

MD5
a03b497b75281a648024e59638bd0a52

SHA1
90ca135315d02c7cd03b3923d16792654f36f5bf

SHA256
89137b6cd8e0279b448c7af36066522dc19750eaab5b14e95189040fc48a0510

SHA512
1b3e2f9718244632af26b4ab13c9f279369c845b19b116875b72cfa16c0f67eea5f955bfdad1d755766a6ae23abbe0ba0470fc9ccc27d1c3fd2c24a3550ca779

Download Submit
C:\Users\Admin\AppData\Local\Temp\yIkIQAQs.bat

Filesize
4B

MD5
8cab3f07e76463854cf11d21c6a43ead

SHA1
e69b39b885e399e97fe82076619cd46a64a047db

SHA256
339de9312cf41184129b2b3530a7909f1800e8661b6ae242dd426fa70b97efbb

SHA512
5ba4e76fd7c1ee40813d841aaa6ba7d5b48240c5b457fe2e0803ae13e9a52a9d87e4d5fc4d945eeffe4d8c07f90792f016ba4d2f53a9d5a14d57bc74875068da

Download Submit
C:\Users\Admin\AppData\Local\Temp\yQYwEYAY.bat

Filesize
4B

MD5
601cac7daa86f1553119983de6cdc7e7

SHA1
acd908bab3ff2ac36e811f180387373385a6bbaa

SHA256
c8e8de83cb1791c61ff689a0062a07a996c79d75bb87cbacb6dabbecffc985cf

SHA512
27da527b052ff5218e7a4bfa27919252fcc357f4c1c2bc8456dd3ed102d49fde272b2851a863bec2464b6822fad66271d5da21798dbe886c7d01b5280bde544a

Download Submit
C:\Users\Admin\AppData\Local\Temp\yQgM.exe

Filesize
197KB

MD5
3011e23256037e289ecfb415dd3ad089

SHA1
bb860cf2184840078d92c2494911583beca700fb

SHA256
b4633f545d705afe93f6e53848062ab1f652584ae615ddaf1ef3a25e2132811d

SHA512
488ed3859b02c38ed52de10da1f9e95e6eaec1027913d7225a83aec6cb00c0a2f1ab1d6dff8dc54af99f37632aec3daa108fc0c4432101fbc5d4cad3ab2c5276

Download Submit
C:\Users\Admin\AppData\Local\Temp\yWskEsEk.bat

Filesize
4B

MD5
1b816882cd8c9a944fad2dccafc9897d

SHA1
bdfeacb71716415bedff3a9b63c33bab709da113

SHA256
6d15329efbf0b0ba9b2090aabfc680f03e331b03d956b94be4b4f721ddc6e880

SHA512
6b464540f15b81ee2e4acb5457e1b16afa51295ca72227b38f2dc81bd3476c63412c9ca9dcf879ba757cb751b73360a55da91ba25a177bbce8e6dbd3caa1999e

Download Submit
C:\Users\Admin\AppData\Local\Temp\yaYQAcog.bat

Filesize
4B

MD5
373d977e4e54d63ce622f082d4810170

SHA1
c74ca576dddbde46474aa31f4bccabe0f7951259

SHA256
a797b6f173270c3e55f17a09db2ffa0ea5f3f896cb7de76e0225b7b9efd9bd8c

SHA512
ec1b295ab38bc27c6b19f79789ccc7ebfa5a51067f48a22cc74adaa6d9692b02f6fc74d6bcc3bc6eb93003ef78ff9b58ff1f3329cfe4aca06d0c01dfa066ddf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ykUw.exe

Filesize
192KB

MD5
a8b2773c22c2a58457e6f3ff1f4e497f

SHA1
16d0af18d0fd843b7e37c5a73949da810999326e

SHA256
4cd82987fc0412d07d9f0ec28f589f052bf456e0c3abdebcfdc4ac5dcc39dffd

SHA512
e762be37f31d1f2c85ba99b4c64c90da6c1bb09552a0ed57e775d5ab5f844033fe83d344109509cdf17f772275ad7f9e973da13cf49510ea303cdfc5cbe9ce6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\yssC.exe

Filesize
772KB

MD5
ed6343153f033f94a70b03b0490bafd3

SHA1
3efbb4ac882de3ff70d73a017f3c1579709f544f

SHA256
b613034fe9153807f275b48a5f3b63d7db0b64bfd3b1aeaa06d6df281684a79b

SHA512
8e6a871c70e4b3b2b1ce518720ac66521afd5a58e8c9b58d0a366c2286189dc49531e9d866ab22c8d6884e8ae3cb84712b33f7bdd14d8b4c27fa94c41f462bb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\yygIMUwk.bat

Filesize
4B

MD5
c1c6747234d5437ad69b97b8087f2c2c

SHA1
25545825f661d70e3b4ce0a12280f2a4389c62f7

SHA256
02822e8db088ce1ca8759fc8a84b77ed67b499fa9362c0b51cb0c195e152ca76

SHA512
636dea9017d6624a3ea3776236d723745da60d51360c716e82721944e3e2898766ad19aec6e7f8eaff17a76a3b9278a90416b22771419100b8bb700db89ba3a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\zIooEgMk.bat

Filesize
4B

MD5
dacda7a5568dc203d8a7ea3600f56566

SHA1
4f8d1333ce3c41e4dd5ab72d5eb99598630b8146

SHA256
949263bdfae668628385ec499676e3d7a62e25f8bf6f1eca0884e50505ef3473

SHA512
ac114361bc6bed2f0c12b9f08fa0c1ed849f891c001a37c5090a83292358e3d1e54ab77613c4ea44e90141c8540544d6aec9bf47aa86d765083c606004863b56

Download Submit
C:\Users\Admin\AppData\Local\Temp\zcMosoMs.bat

Filesize
4B

MD5
32a21e4f19c841bf8acad709b2ac1671

SHA1
eab2ac47f9801087a11a0c1309eadfbb144a90e1

SHA256
5222c1a37ded8d86f8c7b213d793efcb2a49d6ab59bd4aeb66dec4c58b31b991

SHA512
40129df69771079693b5df65a5ecf2d0f7e359149da417ad31332bb190d1bd18dede816c48bd375ee10f60020ca7d7daf7a695bc4595f11f4a8420b1fae69a9d

Download Submit
C:\Users\Admin\AppData\Roaming\DisconnectGet.png.exe

Filesize
320KB

MD5
bd69ff687cf364487f0c6c18009737ab

SHA1
13c951b517387bb1054f83f76a8a422c9d3b8232

SHA256
8c5334d89156f9c0ef8746eb49c9a84ca2dbdb2ec8b793bdea93c98bc5118d00

SHA512
5314dae169bd876e471fc67b3b9cf3bc0bd19dc0e3c48b33cbb75381e14f892ba45504de61eabf05188475bcdcabdcc37af4f2fd23111df45a55a0d1b6a63c6a

Download Submit
C:\Users\Admin\Documents\CompressExpand.pdf.exe

Filesize
560KB

MD5
2396ae50d941a3fbb91a3625aa5ebbeb

SHA1
7fb307134b8260ab5b81ab0c77a3cab501c0b1c2

SHA256
c85fa1f466d94d8e21e4827589bb1989bdf32ee69884640a6382eb6ac127053a

SHA512
fab9a16195f731714bcfab98ef27c2f4aa25b5eec90ad6cefffff68457d4de4a0c45e7e654bfbdb85f96cf1fad9389e3348d150ff617a5468255093a12ec9ee6

Download Submit
\Users\Admin\jkIEUUwY\ViIIcoIo.exe

Filesize
197KB

MD5
a6eed0f670ef2efbc7337018bbce55db

SHA1
57836e83201c8dbb282b70e682ac0ae63c279e24

SHA256
880c1a6c2b5285efd987a7496d2a8d7e91fc851090d601d6eb8bf01241df1dae

SHA512
02c80c9e187a1bbbcf7312e97872eb45a6484fcece9f71bc452c4d43753d9c9dec92a7005061ebabd90b2f373793afbc8fb47ce60564e100bc96d2f3b992ecb6

Download Submit
memory/268-750-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/280-3807-0x0000000076FB0000-0x00000000770CF000-memory.dmp

Filesize
1.1MB

Download
memory/280-3617-0x0000000076FB0000-0x00000000770CF000-memory.dmp

Filesize
1.1MB

Download
memory/280-3618-0x00000000770D0000-0x00000000771CA000-memory.dmp

Filesize
1000KB

Download
memory/332-434-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/332-403-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/344-125-0x00000000000F0000-0x0000000000126000-memory.dmp

Filesize
216KB

Download
memory/448-356-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/448-389-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/584-263-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/584-297-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/624-79-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/768-521-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1040-471-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1040-470-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1120-849-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1244-533-0x00000000001B0000-0x00000000001E6000-memory.dmp

Filesize
216KB

Download
memory/1244-534-0x00000000001B0000-0x00000000001E6000-memory.dmp

Filesize
216KB

Download
memory/1260-195-0x0000000000160000-0x0000000000196000-memory.dmp

Filesize
216KB

Download
memory/1276-250-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1364-412-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1456-599-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1500-425-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/1548-859-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/1564-731-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1564-704-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1596-366-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1612-770-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1616-789-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1644-103-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1644-135-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1652-241-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1652-273-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1808-648-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1808-21-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1840-839-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/1856-288-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1856-320-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1904-333-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1916-218-0x00000000001A0000-0x00000000001D6000-memory.dmp

Filesize
216KB

Download
memory/1968-112-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2012-126-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2012-159-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2040-678-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2040-650-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2064-629-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2092-40-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2092-4-0x0000000000560000-0x0000000000593000-memory.dmp

Filesize
204KB

Download
memory/2092-19-0x0000000000560000-0x0000000000593000-memory.dmp

Filesize
204KB

Download
memory/2092-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2096-227-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2096-196-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2104-66-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2136-580-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2148-240-0x0000000000160000-0x0000000000196000-memory.dmp

Filesize
216KB

Download
memory/2192-590-0x0000000000270000-0x00000000002A6000-memory.dmp

Filesize
216KB

Download
memory/2236-457-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2292-799-0x0000000000160000-0x0000000000196000-memory.dmp

Filesize
216KB

Download
memory/2304-149-0x0000000000440000-0x0000000000476000-memory.dmp

Filesize
216KB

Download
memory/2304-148-0x0000000000440000-0x0000000000476000-memory.dmp

Filesize
216KB

Download
memory/2308-543-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2320-659-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2360-380-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2392-553-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2416-402-0x0000000000170000-0x00000000001A6000-memory.dmp

Filesize
216KB

Download
memory/2428-638-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2452-808-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2456-492-0x0000000000160000-0x0000000000196000-memory.dmp

Filesize
216KB

Download
memory/2456-493-0x0000000000160000-0x0000000000196000-memory.dmp

Filesize
216KB

Download
memory/2464-649-0x0000000000300000-0x0000000000336000-memory.dmp

Filesize
216KB

Download
memory/2472-287-0x0000000000160000-0x0000000000196000-memory.dmp

Filesize
216KB

Download
memory/2476-182-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2476-150-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2568-205-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2604-828-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2624-502-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2624-472-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2656-741-0x0000000000250000-0x0000000000286000-memory.dmp

Filesize
216KB

Download
memory/2676-481-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2680-780-0x0000000000180000-0x00000000001B6000-memory.dmp

Filesize
216KB

Download
memory/2696-88-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2696-56-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2716-310-0x0000000000170000-0x00000000001A6000-memory.dmp

Filesize
216KB

Download
memory/2760-818-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/2760-819-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/2776-562-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2820-703-0x0000000000230000-0x0000000000266000-memory.dmp

Filesize
216KB

Download
memory/2840-713-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2872-54-0x0000000000220000-0x0000000000256000-memory.dmp

Filesize
216KB

Download
memory/2872-55-0x0000000000220000-0x0000000000256000-memory.dmp

Filesize
216KB

Download
memory/2904-512-0x0000000002260000-0x0000000002296000-memory.dmp

Filesize
216KB

Download
memory/2908-102-0x0000000000280000-0x00000000002B6000-memory.dmp

Filesize
216KB

Download
memory/2908-101-0x0000000000280000-0x00000000002B6000-memory.dmp

Filesize
216KB

Download
memory/2936-619-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2964-342-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2964-311-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3020-30-0x0000000000450000-0x0000000000486000-memory.dmp

Filesize
216KB

Download
memory/3020-31-0x0000000000450000-0x0000000000486000-memory.dmp

Filesize
216KB

Download
memory/3068-355-0x0000000000190000-0x00000000001C6000-memory.dmp

Filesize
216KB

Download