Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
01/02/2024, 12:29
General
-
Target
2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe
-
Size
238KB
-
MD5
f93a8f4bc08f934f0e8675bbfd58645b
-
SHA1
3329ec7354e970f5d587d444e9ecebe097882733
-
SHA256
c176a8bbc51f2017fd854d77d3030199af42c64e992947460eab70c1235e6a11
-
SHA512
244abdb14c3fa00e6dfd87e11c036878eb219cb4c9850a13941b2535d02baec9fd1bb775b29cb1a2b7dc620f4d9ac8249b7ddc3b1a489b7ddcb88420f3e432ee
-
SSDEEP
3072:+hkt5XFIwUkqh4u2UxZarhPHOx/PGEnLfuFil4x2feHF5TTsax8rLk+J52YOA2sK:+hkridkqhndxZaMr+iJfeDTr9a5iA2
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Renames multiple (79) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Checks whether UAC is enabled 1 TTPs 22 IoCs
-
Drops file in System32 directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 22 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\uKsMYoUI\xeUgEUks.exe"C:\Users\Admin\uKsMYoUI\xeUgEUks.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"8⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"10⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"12⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock13⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"14⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock15⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"16⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock17⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"18⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"20⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"22⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"24⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock25⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"26⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV127⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock27⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"28⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock29⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"30⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock31⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"32⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock33⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"34⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock35⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"36⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 136⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bscwAkog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""36⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f36⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 236⤵
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\riIMkQMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""34⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs35⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f34⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 234⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 134⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mGoEEQwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""32⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs33⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f32⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 232⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 132⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JGQcYkgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""30⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV131⤵
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs31⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f30⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 230⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 130⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FMMAQIwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""28⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f28⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 228⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 128⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 126⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f26⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YYoQkYok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""26⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs27⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 226⤵
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uKQIIcsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 224⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 124⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iwQwgEss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""22⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSggEwIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""20⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RGMAssEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""18⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
- Modifies registry key
-
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock17⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"18⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock19⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"20⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV121⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock21⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"22⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock23⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GKAUcQwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""22⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV123⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xkAkcgMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""20⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OgcIcogg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""18⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV120⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 116⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DmAAkYwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""16⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f16⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 216⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OasYIIYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""14⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs15⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f14⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 214⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 114⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 112⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 212⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f12⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KyoQgsco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""12⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 210⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FcUQkAUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""10⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f10⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 110⤵
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gEcMEYko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""8⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV110⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f8⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 28⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 18⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yyEgcAks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""6⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV17⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gccwAIcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\ProgramData\KEMgEUAQ\NowYcUUk.exe"C:\ProgramData\KEMgEUAQ\NowYcUUk.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WQIYAQEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- UAC bypass
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"2⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"4⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"6⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock7⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"8⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock9⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"10⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"12⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock13⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"14⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock15⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"16⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock17⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"18⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock19⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"20⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock21⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"22⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock23⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"24⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock25⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"26⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock27⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"28⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock29⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"30⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock31⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"32⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock33⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"34⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock35⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"36⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock37⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"38⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock39⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"40⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock41⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"42⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"44⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"46⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock47⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"48⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock49⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"50⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock51⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"52⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock53⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"54⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock55⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"56⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock57⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"58⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock59⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kIQssgAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""60⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs61⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f60⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 260⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 160⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"60⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GgwQoIgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""58⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV159⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs59⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV159⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f58⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 258⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 158⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wkcMcwUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""56⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs57⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f56⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 256⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 156⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cEgkAcUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""54⤵
- Checks whether UAC is enabled
- System policy modification
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs55⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f54⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 254⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 154⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs54⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vycMsYQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""52⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs53⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f52⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 252⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 152⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mYkYgUkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""50⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs51⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV152⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f50⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 250⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 150⤵
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV149⤵
- UAC bypass
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ymcYgowE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""48⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs49⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f48⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 248⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 148⤵
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dqcIcIoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""46⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs47⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f46⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 246⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 146⤵
- UAC bypass
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zCMAwogc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""44⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs45⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock46⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VYYksIoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""47⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV148⤵
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs48⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f47⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 247⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV148⤵
- UAC bypass
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 147⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"47⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f44⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 244⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 144⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QUYocIcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""42⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs43⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f42⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 242⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 142⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV142⤵
- UAC bypass
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 140⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WQIwMUcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""40⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs41⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f40⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 240⤵
-
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs39⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f38⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GKgIoMAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""38⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 238⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 138⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AMcwMEkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""36⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs37⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f36⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 236⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 136⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gCEkEMYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""34⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f34⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 234⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 134⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qOQcwMck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""32⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs33⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f32⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 232⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 132⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock32⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"33⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV134⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock34⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ygAUEIso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""33⤵
- Checks whether UAC is enabled
- System policy modification
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs34⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f33⤵
- Modifies visibility of file extensions in Explorer
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 233⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV134⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 133⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV132⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUQMosoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""30⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs31⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f30⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 230⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 130⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 228⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MkIgwscY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""28⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs29⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f28⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 128⤵
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VaMAoEQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""26⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs27⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f26⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 226⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 126⤵
- Modifies registry key
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV125⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iscgMkkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""24⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs25⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 224⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 124⤵
- Modifies registry key
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV124⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yCgMwAIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""22⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KkwUccIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""20⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RoUIkQEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""18⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV119⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock19⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"20⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock21⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"22⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock23⤵
- UAC bypass
- Checks whether UAC is enabled
- System policy modification
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"24⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock25⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"26⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock27⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"28⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock29⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"30⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock31⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"32⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV133⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock33⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"34⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock35⤵
- UAC bypass
- Checks whether UAC is enabled
- System policy modification
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"36⤵
- UAC bypass
- Checks whether UAC is enabled
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock37⤵
- UAC bypass
- Checks whether UAC is enabled
- System policy modification
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"38⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock39⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"40⤵
- UAC bypass
- Checks whether UAC is enabled
- System policy modification
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV141⤵
- UAC bypass
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock41⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"42⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV143⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"44⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV145⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"46⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock47⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"48⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV149⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock49⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"50⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock51⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"52⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV153⤵
- UAC bypass
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock53⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\smkIIwUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""52⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs53⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f52⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 252⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 152⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TeEogMks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""50⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV151⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs51⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f50⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 250⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 150⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bEsEgcYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""48⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs49⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f48⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 248⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 148⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f46⤵
- Modifies visibility of file extensions in Explorer
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV147⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 246⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV147⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 146⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UiwwUIsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""46⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs47⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iUkYIIwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""44⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV145⤵
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs45⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f44⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 244⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV145⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 144⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xacMYMQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""42⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV143⤵
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs43⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f42⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 242⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV143⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 142⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HicIEgYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""40⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs41⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f40⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 240⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 140⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV141⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs41⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV141⤵
-
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV139⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UQsQUkUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""38⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs39⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"40⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV141⤵
- UAC bypass
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock41⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"42⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"44⤵
- UAC bypass
- Checks whether UAC is enabled
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"46⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock47⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MSAkYoYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""46⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs47⤵
- Checks whether UAC is enabled
- System policy modification
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f46⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 246⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 146⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GwUgkIMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""44⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f44⤵
- UAC bypass
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 244⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 144⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UOIUcckY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""42⤵
- Checks whether UAC is enabled
- System policy modification
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV143⤵
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs43⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f42⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 242⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 142⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FGsYEkko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""40⤵
- Modifies visibility of file extensions in Explorer
- Checks whether UAC is enabled
- System policy modification
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f40⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 240⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 140⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f38⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 238⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 138⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BuQwsEQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""36⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV137⤵
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs37⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f36⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 236⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 136⤵
- Modifies visibility of file extensions in Explorer
- UAC bypass
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wCUIgEks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""34⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs35⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f34⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV135⤵
- UAC bypass
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 234⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 134⤵
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gykMcsYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""32⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs33⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f32⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV133⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 232⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 132⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 230⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV131⤵
- UAC bypass
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f30⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 130⤵
- Modifies visibility of file extensions in Explorer
- UAC bypass
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mCYwcEQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""30⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs31⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV132⤵
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pOwgcwEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""28⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs29⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f28⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 228⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 128⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 126⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV127⤵
- Modifies visibility of file extensions in Explorer
- UAC bypass
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 226⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV127⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Pycoccow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""26⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs27⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f26⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV127⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV127⤵
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV126⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TewYAssA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""24⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs25⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 224⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 124⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DSAcUwAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""22⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV122⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xUkAowwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""20⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 116⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 216⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f16⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OywIwwcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""16⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f14⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 214⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 114⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hKQwwIgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""14⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs15⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs16⤵
-
-
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
- UAC bypass
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OcYssUUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f12⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 212⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 112⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 110⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 210⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FuoIMQIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""10⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f10⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 18⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f8⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yekIokoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""8⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 28⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gYAgUYQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""6⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMEowMkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""6⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"6⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fAkggIQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OmIkoEUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""2⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\servicing\TrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exe1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\mousocoreworker.exeC:\Windows\System32\mousocoreworker.exe -Embedding1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IUMcUEoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""1⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"2⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TOAMkgYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eiYIgIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""6⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV17⤵
- Modifies visibility of file extensions in Explorer
- UAC bypass
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"6⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hCEUQQgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies registry key
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"1⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock2⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"1⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock2⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f3⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 23⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PAgAEYUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""3⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 13⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZEoMQAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- UAC bypass
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WewIosYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs2⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"1⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NeUgcgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""3⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f3⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 23⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 13⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock"3⤵
-
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Modifies visibility of file extensions in Explorer
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bOwQwgcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-02-01_f93a8f4bc08f934f0e8675bbfd58645b_virlock.exe""1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
111KB
MD5219e6773f2941c803aa04b753bd04d68
SHA1f861998cf15354652231409af2b8ec0fe9ddd93e
SHA256b8f3af29e0f801070a7e130ef035ae171dbc73bfc1b558c3536358ca16a44b1a
SHA51260828fd108737fffab45072eaa7305d1530c666c395865c2dbd2de133c6bb933c64f11d2f383170345007347cb21bf62862d56dcfdf9bde6eea31a6d6155f9f9
-
Filesize
235KB
MD56f9a968032b084ed73f1fe01396ffcfa
SHA1e9a724cfc71e972419f6e481340f11cb52d06b68
SHA2561232bfdd9ad7371e55fe285b7619a85e9b3a1b2e0a9cd02d0bc8b74b8cfc880a
SHA512f15c82f6d148729e95e4863180f4bb5bb113aa93d3dae993eba76dfd3160e173667d69ffbd9aa3a526fc7aee073d44b51d637b137da08edaccf8ac3b1afb5955
-
Filesize
413KB
MD589be92b8dc66596c32c0148093fb43e1
SHA19f58be87d6f02c475e0f9e1aa42e1e51dc011ba2
SHA2568be9a97b587b5a8606fce60335d21691f06e4ad7c7df1df20017016d0b578f41
SHA5128be14fc570354b0ddd3696ce6023eb913cdfe199ab8b0a48ba6ae79dca22ecbc98961b33bc9ca031af8308ad5709de5f96b7ab1dcc3b8b6aab086ec75dbe4266
-
Filesize
101KB
MD5136581a9575b3c787d9782023c8e0b8b
SHA18fc0409892c3fa0762c26cec986d02cde2616db5
SHA256020ee7361fd6fb543ed74edb6af9d997d4671d0c4301987dc2043d2fc506c9f7
SHA5120b39d0e842b16d939c7d1d2a33a2184b662347782af0852a957d37daeb2f1161b86f35fdd37edc9bd62a94764e2336dca0fcfee52ebd27e6e9763a901f5d696b
-
Filesize
117KB
MD5a661a8ffc7a78868c454c79cd21a08a0
SHA15f5ddc25993117db615fb2ad3b5ce612a4aaa7cc
SHA25660f0b2dbaf875cb19aa1c11073923b1d3c06eb25fa942fc003e24363fcf5f4cf
SHA512a73c3f30067cc08d6813ec0ff586845a3a3c12d9667014c3c57a6785976c014298c4da9d454827de5e5ec5f05c29df98c0fa71f10cb0dc2b74c782e5faed0666
-
Filesize
110KB
MD5b5d1fbd193855dfb9e502d52bbf4f668
SHA1c342bf11e220586f26c35c5c680bf57ecde39134
SHA256fe4eb8140a0132fccbcd85697061e23fa85805e3c4dc6cad03fda9966a86ad29
SHA5128b761cbf014d9780b6643cd870f971754071147cce703459bf9398214291dc907a9bf8c298d9320aaafdcc2643556a6526c952a340ba27fb3e28988002841302
-
Filesize
111KB
MD5db4013ec33795fd01919e5ac8b3c9549
SHA11cfdda1ca89a2df4e3957731869530b68d2d789c
SHA256b85968b0a7cbe42483315f5e7231d51444ef129eecf8833a753a30409c665a2f
SHA5126db694e4621068c618df3164a40eda5320d2d1d3aa280187889bb2cbe510af409d2f5271b06cb6f2a3e0c5ef26c1ecfab5442f1cf770455d29b85c10e300106f
-
Filesize
111KB
MD507d3104e7b471887d55fb50222369290
SHA165231acea252f6f5a9e7c76e81ee617a740d5452
SHA25613afe81ffbe99355e7855443a4e802da94f4dbb01f3e1a9327cbaffeba81ea07
SHA512aa7710101a3d41898617dec81eadfb73c003a328f2d637f4ae4985baeef4d64853eed08c35dca4b513956b33bfea0c48ba86e8727144b06f27f859132075f4d2
-
Filesize
1.7MB
MD5f94971fba53b4e839a184062b29135f1
SHA1caf06ac3419f56ae3ec827d789e30e7279fd5c75
SHA25652243872c79b5bb2d988b9c1b4ec26c6803eff6a8b845a042dc6e4dae07e07e4
SHA5122bf87c6d80695c3b7c74ca20a8d631f1b72f78cd15602d1099fd11db263f5e384170a7d8a00a527d836aaec194bf5dc1da732887807214c4b22e297956f89448
-
Filesize
114KB
MD5b9def636e28d753dfa5662baddb2c926
SHA1f1b77821f28d53105e328ca2163ab5587867db7c
SHA256393c092211d879c18271c1201d4c7e85ee22573f7dfcde2378d60a35662cb817
SHA51231b6976739341c2472bb5b791875a11406d8853e68b24e9fe5ce7fd173d021a272494484a9b3a29fe4227ea8f8c7248d94b86d5b8ba7422d89307a02c7061580
-
Filesize
126KB
MD59adaf3a844ce0ce36bfed07fa2d7ef66
SHA13a804355d5062a6d2ed9653d66e9e4aebaf90bc0
SHA256d3e8d47e8c1622ec10adef672ca7a8992748c4f0a4e75f877462e7e661069698
SHA512e6988737153a0996b14e6baa45e8010ff46714fe7679d05a2676cc18e1c653e99227e7507cdae4f2b6a99b3c31478630e7e1ae13d0f7c12525406d8cf9867ca5
-
Filesize
118KB
MD5e1fc983dc2e44871e59bcdf1bacf5083
SHA10d710cae43a4994f6af29571c1ad4a85acc33abb
SHA2569b98828ef026a671cb24a6fff3f7cfa2e2c625552e608abaef10bf15ef9bbfc2
SHA5120963efd9baf7fdd47b2d950a49b9704a5e7b4662630ef35ec58347d88db046970bd5717b92b6091533fb8dbcfed57814e7a6d5c362854756ac7adb7e3a1372ff
-
Filesize
127KB
MD5261ef1383acb876d97b7f0acd5e32880
SHA1aed00a1d5fe811e8ecad918f91cd250d66fac9f5
SHA2561d7d13670f1aa9c4f2cffafb75df7b3f0e34d52e45f17f9882a69fe764059ca2
SHA5124d7c31daffa39080e38d0aefee06aa6c59653805fc075f24a3ae20adba4c73d7ec77107e177e53216200f732fadfadf030d461bebec0dff2e920d410aecb0768
-
Filesize
112KB
MD58e2cd0da44e89369a199804284269007
SHA1906284faec7be7610334748a7ac1dbea3dc5be0f
SHA25603765113c4313755faa332054ae12d370112eb06b768468cf5906cb8c31c2d50
SHA5126c4f35d89d5fc61606459634765ed62d2567c8908df87f08f03211b52d3a9fa466621df2702321ae0f513b03e80cb2d46e1d08de5900d2f603e62dda2c658abb
-
Filesize
4KB
MD5ac4b56cc5c5e71c3bb226181418fd891
SHA1e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998
-
Filesize
114KB
MD597a43d3aa380bb68d5f148d0d2dabd92
SHA135c89ddaccfad94484c0191981281d098d715ce2
SHA2569fa7a4b1a9c378873f472eff5147510b97eedb80d2b3afd5f9696c524e3aa170
SHA5125e781f09c23426498bbf6b7e1309f927221434db6174b9f1be6b797500eed3eab4becee2ae89cebc931c2ca665a12d17ed474fc00492f002a2734a4730f56378
-
Filesize
68KB
MD50ba2fe8b48274730b09ffa4a31cbab89
SHA136a56086ec572d7c44a5aa8652fe7e1e19808eb6
SHA256342307155250f412c43cc87f91a3a08a01786bde72b1735f3edc5b273cb676f5
SHA512306a19eb11b5faf01c177252de0de215818df537d2da799218af3e43b387025ee5c1eed49e97c78e3cf2d7ff014952346ce9912d5c68b2d8ad4938938a3fe5e2
-
Filesize
110KB
MD59ad839a1932933a987c19f4ea66b9cbe
SHA13d0f213dd4f3ee45ce45362655362b085c3e695f
SHA256550a2c8b72765b7924e0478e06d8e720a0176b715ac08ffffe63dcd8bdaf85fb
SHA51243f68593c5eeed3a99955acc4e3d51c9fd55f5b17871f395631718980e291a17b9e38a88103916762783b3cb5a20508ab8229beecc0f7128b4b65b94da8e321b
-
Filesize
290KB
MD56646d945cd599dc386812273d89f8c5a
SHA19856e4295fe126909e04203decb67dc1bb6ae552
SHA2567eccf74533b031e68e191ac4faff8366f863b7d496c5912b110ae64f99ba4796
SHA5124ec7ee49288066d57b7dbcbb88065f804a76eebc3e33f83f3bc6d1007c329b33deff9cae0f29d2d09274b1bd9e260eb162300f6ec5d84c044413bb6ded659c69
-
Filesize
110KB
MD5d685276481ec93ef729ffb0c822acb14
SHA1767b9c7d5bab95d6f2bc1a941542d43ea78e46a7
SHA256e7d2ca55b9f2a347bdea8dc5a6bd2ee829936b70accb66389a81c84aff282156
SHA512dc907f899a9bc1d984a499645cf166f4c2da39bb320fea912c1b3dfc027eecce3a9dd5d1f0b9b6389dc9e1cdde375b081c89b34f0007bb3e55787234945146d9
-
Filesize
111KB
MD5951200af96665654ef13414081e055a9
SHA13c54d27e981e1284b8b229a353617ae5f35fb42f
SHA256424b3175b413649c5f39540996082558749ecbbb99e3646eaa4808e0ea18915c
SHA512e518c6b91d56db24fbf81c6029431825c69dbba5fc5ae1f698e1c431e16b6bcb0b5e1668e1b1fa78384f51598b8b29f35cdedac71d73aaa42a946342fc4437f2
-
Filesize
113KB
MD5d4105b3e3aff02e1d39072099e379487
SHA11f5b96c1460cae2795f2e0f20cf58cd40c98d97d
SHA2565c88874ea1add7262a597e834264a189a6bce6bcb6eda8a52c66c14e5dbab4e9
SHA5128d0acc59a04c4e66541218f7f1953d8d8d4f55066eb493351cb1e755838f34b145c04728bd577cc6a9e1b32a99b3650b2b0f944fe346184aa95e6e0e277b75c2
-
Filesize
116KB
MD5c34596c96bc53dad3764332cb26366d0
SHA162b34cdab93621a81fd4f7de242284de072ba8c8
SHA2562b6bd99aa1cf41ce17bd463254d69845dbcea1a24a277b74b61d8ab174fed043
SHA512e008722fab5526ad41d63385a2e82cc6f1091d680cfd25cd3d9f9844669f8d1db0e9335e7c97940ad03de89fab7d35164d17e092b06bcd41823bd8619cac76eb
-
Filesize
622KB
MD5ab7a2b48084844655f0e44a6832e62c0
SHA1025369d9445b7864d71f3cc1e9cc21640bb7bd1d
SHA2561edbeb768500b5acc9782be948b3c3634727eb034601fa56507048b01e6d75a9
SHA512e4956bd6e099c7ad2f7148d70cb262c754aa687f39258212910e3dcd8cbc0db03d01ae02720d04864c13eaa5ea86d0360316ba68759b9b1a5c72bd3b46280d83
-
Filesize
247KB
MD519ed02024987b03e3d94be886dbacadb
SHA190bdfcd5763bf9c27519cad72c0c0e0a16015ef6
SHA2569978d163f4bee7837490729e9a12126d86a1ef63dfc331b2af9e570b10b06df0
SHA512f86434a608364ff8529ba3aedf43c6bcbe96a008321c36b236c1a1fb323902751d7626abf4b528b48fb553786944d096d1f4c2a16187aad8910fbe20838e86b0
-
Filesize
113KB
MD558bb29e44b16f4ede0963007ead66353
SHA15b934dd60a6d91e76e29f90df37cb14c8acc48d6
SHA256e29d74af80b01bb7fae989a79379b9895bb4d1ce7865454c74edb51a85adbc6c
SHA512db38f4e7fddbed1068a34e39f37af99e17d88f62163ff5bdbcfe31c302526694c05bb1a86573de638223a2720cde5320f7122002b85830ba7a5d2cacc4ba56d5
-
Filesize
113KB
MD5ea1548076092d1245220abd5e0a596a0
SHA1a8a4a826306abd86f4207b7e50b40fcbcc5f96eb
SHA256d9b015910e7d4de6197708fa899eccfd693742d8dbdf922f2bca8498c245f0f6
SHA5122604ca8d4909b9df62a1106ec9a95b8b44ef18b24e1bdc0690095db50fcd68be6050393158d37719510912c61eb1c54a658442c12110390ea034aafcb6bb985a
-
Filesize
746KB
MD52ea29e02525c2ce2b199f8a044b954a1
SHA1bbc1f5fd7d7b9d1177184293951103443077d727
SHA2565d6281be6735ea13f9099284d2d8617cef2a62f03b3af9205bcc779d0407c259
SHA5127024eff1e47389f6be51315c8364cfd7f1a9965ede59ef9d9c4279ee8dfa5d48f2ae05c998aa2d8f991cd79b904edef1476590fc48fe0ebd21b2ae01bd8fcf75
-
Filesize
111KB
MD58ec5eadb97754e2a0e549213cc8c6d17
SHA1d7b2ea44ee27155801cf35e0f2972aaa82812094
SHA256c908e59b158ba39b28403fef7f4c158d10e1dc21e54bfd68c02b444a54f3e04b
SHA512c44c322428a436d899b164aa8368f30f9d7999a9d0ac93be10c2ae296491969e995339a76970b6111b44f49f46f9257c7a6d04fa900a407b5d2cd0e60364793c
-
Filesize
148KB
MD525b9aea4512f4c8c67929596ba7cae67
SHA123871d7e6171e0105a29a879c2bdfdd316d8c51f
SHA256741eccdecfa7db4c6b085a1be6f015ad80fbfecb1bfb3a4d52897b5a6672f68d
SHA5120fef11b2d547da3d8a8cb4fac033afd26fba38a5d68332b5e3e75066fa7613592271f4302f11fabeb9164633f7e589de57d5e11a5b03d92ae13fabf47202a0b1
-
Filesize
279KB
MD5c79c57c08275104c51c0fd8ebf3b76db
SHA186319e4c11e3b25386d3017a289c1365bb22bf08
SHA2560d685fa8794c5a8edc8adf8cc80f4f61e9de59ae6abbd901ffc18da268dbe01d
SHA5126e2af36a2ff207a0aae8b24910e3bf0877188708b9a5636ae8fd25439a5a656bc0040b50f02bc0a576ae1ac6add2986dcb858838468e59682b76385f2efb1f51
-
Filesize
412KB
MD510bef6a28edbe2f62dec4141f8e36797
SHA119011c50f5dc22767d6dcc2fab4a2a3638a86a80
SHA2569927aeaea58c211163101d36e9121e732f891d9cc55b7306e47d8a6f3a971a34
SHA512b07b41c6ed837dbc51a3043dc95759d87f4cf5fffde377a559b45613d2642158f7c7dafc7b7b5ec39dc63efe1682a88c31e2ee72c5d84eec227dad7509d7d7c4
-
Filesize
1KB
MD5dad9da4a8b89a258b8e4e47e460bec8e
SHA19a4bd7b1750260e7ec549b2dfbf0b4c8710329ab
SHA256cfc96e0c1b77d53890035cbf6287e14a7a789b2afd22777766e3733927be55c4
SHA512acf29972057588a2d8ac0ca2678600c3ee4c4057bac5e77280a0ecc8efb2ecb15455a7f73cee0e98f3819976d4f9b47ecbf007a9447d89481a1e44d5299a8919
-
Filesize
111KB
MD53e2f1494092ec86bbd1c99c2ce916e82
SHA1642a85bdfeab5dadf066a6617cddb8a11b3f7f45
SHA256adef819986020afe5286626d9599b1815713d0c86750ccf1c7dbe6dff964d9a4
SHA51249405cefb2ffe3c49ebe85512969e0df2d1b45c1e6ce1bc2dadfbd9839f50bc6bfe237088ffd07f8375c29ae0e483b4d1af3be0a3d71876d040f92c66b125d03
-
Filesize
117KB
MD5b2d452b5375419b447a0629b3d24ad40
SHA125200acf7e722cd29db6cc6eeb2e4e6fb94edac0
SHA256993faddca9c88edd8410773a13915a817a31aa68287d81926a72d28174ee994e
SHA5124fa40d6ffc1736417548a2581d2a26388b31d748fb0faf2e8fbd33a8db0f61fcd0a578324e16202c90c80a507c1c6f481f132959b265605e8845922b92dee31e
-
Filesize
869KB
MD51f4d901eae74e7d98c82caca83991333
SHA121270645dc120c02ebd27a2242e11efe5370bc7e
SHA2564f3fa08fce69c01693e50f167a86acb14c887f30c817aefd4e496859f5281b5f
SHA51254a3de9d92f37576160be118920c65202291d134662b8c9ded2f62988355e0d2d8f0e232a524b06607cc08865034e7a7b1964143f323fa85a63af7bd399954c3
-
Filesize
111KB
MD58eea86d7da1a77d91400ba2b2ed690bb
SHA1358021a30a420dc106eb0b0af515d5467be7da41
SHA256cc892cc8a1aca8491643be7786f875f010fca47471bc42807ccac1d3e24d8345
SHA512fa8c6e32f26d921cd1042f50a1c86f94ed557f730a57464a53459f3f1691e22df30371b2d8fb462056f50edf692d5398813b1948993d0ff0f577a80151079493
-
Filesize
14KB
MD5f4da4bde5128271ccedc2e8497f6f239
SHA1c912cd4990f229258dc811473c68c382830790c1
SHA2560ed9adcd9233d8dfd98ed9cbb6306c3d3c51338eeec3c02f32e6c02fa51f375a
SHA512aa15cbb3bb765c48bea162d8b6aceaac31b346d04c120f3d39eabebafba51c755ecc53534701e2800ae196465d10f95bc6e142d8953d001d4b6c466714379ba1
-
Filesize
118KB
MD54da3ff1bd6ac96cfb49fe9084f7eb862
SHA1d2bd1ae40f1dc5a5e5912eef430eb749de172943
SHA256007eed9dee72df5ee56e9e043e97d07d5a90b8b56ad57b078e072170eedde5b1
SHA512f527a2024051c48741625d3ba94d697991659c13e99352dcda3ce86f991575258badcf1f29d5b73927fe70b0a1120de6b04f135552e444047965f1abbf15a33a
-
Filesize
110KB
MD52a504abce770046afa54a8566f096644
SHA156d9840f6e84cac302221e70240011140ba05cbe
SHA256805af165bd6a423efeb77944ae4ef58dfcc4c365114461a6fc2d1122063d5c90
SHA512a95151345bd7829e234fdc4723c1a507c5ceab5eb2922c7a69ab8c42114742eaee48200e3039abb21687e8e1ade8e0f93e493434206a0cbf5562ebcf285fb6e4
-
Filesize
139KB
MD5bf7dc15576a7a5031b7127b967a93029
SHA1f032189365b8ae548e235705f2cb82502abe3535
SHA256d81924694ea90c3fc7fb3daab42fedb60e07d46851e4210fac04b328bd2323bc
SHA512d11f964fc5fb9e972a54415b7fa670e190f94dd5a2f01d8dbbd226519022300d620045a13f91866b0032f4a7f2afb1c41aa68c66f485a1daddaf2635228ae5f6
-
Filesize
111KB
MD58306f5195b84efe1fc40d9b4acc10693
SHA1e0e7a14b1b2bce802acfb6941848252b52258779
SHA25687075e2126db30657680b7886661b4701aa06deebe9d60cd8c2367adaac57051
SHA5122470c339215904f3644f2e4bb7bb06fe6691d6101eec4e55792223b665bc22a7c3524b3eb00bc3b3a1c80eb159e32c5624badc0a4d50cf9892e4c0d2808117b0
-
Filesize
114KB
MD5fcd41e47fcfcb5cdf64fb60d992c2914
SHA1b416d23d7fb74034e8c00a77ab59313e86784e24
SHA256a6082b05c679a6a3c6262adefa47a205ff36e51e74d48b68d2a2dd3f3b99b01a
SHA51240dfb2de640271d37cdf0d11fa18b8601d0636864487b96c5f7ddbd57f9ade4fb90fe95655d508c02e95db3b4ad2b80afc3165b5794e093b7d60f50979e8b0db
-
Filesize
112KB
MD5599c1328d0791f10a6895ba6c79b6ed3
SHA15d775b433e96f50920846fc1dffe285b4a8173be
SHA256d5240ae12fcb25b6e62d5e2c29d01a57627783a21856f34863cc3da7c1496d8f
SHA5122028c45a7d303c89bb31152148ae0dc338c8ce28f15e5c5f8ad4fabc703e96ad29176faa63bd55a09c953289837704990469f5ed428d62208e7b0c567f947fe5
-
Filesize
310KB
MD51ffd258e87a9f01e69face9fe925356e
SHA13ace764c1e9e4ff92c8ac27ba4f73837192da8f6
SHA256653cc4bd43ad89bd5ee39ac6145d374795346e9c491aeeed402864745eb0c3ea
SHA512e2f43459d97904cfae34b1fe0d264435ecc962905beb015fa80d59e42eb673d5f934e315a566037b532b827037f8244901e12bde4ab72c780b65bb69dccb07e9
-
Filesize
112KB
MD5826e5befdbaffce446e050f89418d1c0
SHA145f80d1c106d07f06889497cf3160ce087a43baf
SHA256a7857e8ba2aaaec8da25c48bc7841041f4f92019c91242f379f685dcb74e83ec
SHA5124acdd4b98edb79441d0509e46b65d8057d4b0cceb615569cff3aabf5075302c4e7e4bec63359fa8169ff8cd67a00388d234f7bd0ec99dcae76c14999abd9be3e
-
Filesize
112KB
MD573ad32c8cea3f83420f7e32cb227fd24
SHA193c3709b09e6065f962f3657f2e63815674e26ac
SHA2561f54c1ed55dc6a7623247f3de82644120bd939eb5ab833a35184030975011df5
SHA512d95b1d5c921c2c54f5fcbaf8ff718e52b1f313b8d9f4a0ad1cae11ad5465c310f0e646c115d91771a562c48c92b4ee1c0e547fa921f9f7bbde8a77d75a7c6fe6
-
Filesize
110KB
MD5ee145c71ca9e46901f8e7ab257a796eb
SHA122a650bf2a17b1352be770d0b0c0033999d0d1a2
SHA256e851275b4ed0e2a94616049fef150eb5b1bf8f20f7c9938e3c1e9ccf70b0f8b2
SHA51258329609a98801a2ea26079fd2f0c9da89e21a66d58545675d8af7038a02bf00bf63e7b328105ce5328cb124c5cd0dda47c1d2a6714b723cd1fa913be19b2a90
-
Filesize
367KB
MD56b3ef9b72cc324d16e0c04b0f4b771db
SHA1feb835249be0c4474af639ab0bfb4adde031ddf6
SHA25612bdbe20c864533a21416a98f297a2d15e0481e8270d6a76ae11136dba927f6b
SHA512a22b927c4dec047e3d03cecce9734972b639eb459c249e9eddf5cd69c9a0abc743e3da6eec7800e06d8fdc53066ae5be2873dce0e7a6f0b6cc0e11e4e57e377d
-
Filesize
707KB
MD57550b9c43b5eb63e7175e8a0a4a86247
SHA1dd337edfda360507b93ef20e9ce4b2d717193850
SHA25645c89e0b4ad6f80bd1285feed75af869a6b0655097dd7e2adee4f33e44463340
SHA5128463be9b7edb31c64c9837493c473ff13fe633c0a18afc82ab420be214dd5fa92931d98db88da79838b3c22015c8b5fb4ee0366ece6f68c133b8fb758e3f316f
-
Filesize
113KB
MD503476ad2f7b010c475d24d851850ffe1
SHA149618691d5c37fc9601499b9a206bc79ec84f7c1
SHA256ce106c01e20da5800401fbd52fa13b5c8790dd603a73bd82802505aaffe02e74
SHA5121723008e777e4991abed44227bfeb8c7d14733495cdccae95fe5949cda4e647ae87c85b7f6ea26a2e42f1921fa0dbbba5e45915929c4372b4ad07b2f1b1acb3b
-
Filesize
563KB
MD5ee7d8a378b597537b71b36a57d74ecd6
SHA105140fcfebf94a35ff3f2dac1959a0808c53ad21
SHA2560494aeb1e12e80a36afadccba774ef7c3e3d5836fff2a7c02aa7ca67b5efb5f1
SHA512a2ddb226842c9c99ba023540389ecdb1acedfe999e3d8f40b9375065ac39967dc1f178edbc4e0f4ab97e93f0c261bcb0a77dfe7d72151d269147b1d47f29a578
-
Filesize
1.5MB
MD59a98a75489cbdbfad2ef7c9aaed896e0
SHA1ddf144023335b59be64db5c070afbd3ea91fe310
SHA256919a532279391108881a074effad78693c4a73e583957a7e0daefb3695e12db7
SHA512c12b3c226d7ec0f7fcbb2ff4774675e25d361b23d9800720e8c58b18a6d7162679777036b9c4fe50d7da00e46ce581d9561701bd5277c404246a77ebcd666a28
-
Filesize
113KB
MD59aad939a0a481520b753825381d3723f
SHA13d871fc804551f354cc874fd7d6b1afb3f2a99fa
SHA256d9c064943cb9e8eca4ac35bdaa1cc4a08d33b733e2afd1a81b585d6695a36d7c
SHA512a0008791d0579522fdf21606e09578bc714d54ecfc53c80b45b64842e2d31f4f8570a9e618786dc8a2cdd8e8020500c057ede08d39a9240de65fb36163100931
-
Filesize
238KB
MD52b192472bb1e417b525e30907888fe02
SHA15cb65e0e33984467873e4494eed2b20b9793f41a
SHA2566b27fafed1c5ee9889e425efe16e6702a15a63ff4779dd97853e6f6fa5a85b20
SHA512c4714ddb3f869cded399d4bb04136382a5c924e4983f9ee50d17f8f408482b77cb06903eea46665b2039adeded6c73628cc0c61857199df927f856a65ac767ef
-
Filesize
236KB
MD559c6f20cb0daa00310e7bf5934388e32
SHA14d76f8dbec10922e6ba1a3fb2403a52741ae8f41
SHA25656cabcc7a061e6ebca0ecb9af836226cc983f667c1d7fd9d1b048c625ccf90a7
SHA5120904919855361baadf5119570c9bfa57865a9810e61409eb19a0114827ff4db591b0a8fb7c187f9b186ae22282873ba2cd817b602144e375e6625ba060feb6c8
-
Filesize
139KB
MD55e5390393b479d81026b7146cc51cff5
SHA1ad2435371d356849e21a37319212ee809faa4dd0
SHA256120ed43d63954e62e84d4b2124a3148e525dc6f5828f7c8c40231bdbdbdf6bd0
SHA5128cf5046dd0bf4b846fb53af155ca565078ff32be11dfb8744316af3db353277ea6940ea8706c4ca66d15ab5fb12a9008412eb9924b385bbdeb356db7df7b6d9f
-
Filesize
109KB
MD58fd841c63ab0f1c722ff27fbe70a4cfb
SHA175bf26b26f8d88b20d74139daf9c4602a4315b40
SHA256c022117d0312079054185ec0f4b36b2af268e05a44a94a8d26176f12d3e2530f
SHA5129514146a781616743f8c0c6881785fabcaf66391c62809b7bba972b8c1781357ceb495283478757dc8df48c4b318721fb1a98e8ffa2643928cc3ffc296c5fb6f
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
1.1MB
MD590db410df8680e49c9fb6c948d359ad5
SHA1ecfd2c64fcd26e015e052e54b2dd3543e315d2b1
SHA256b66d8cceb1765e80bd39acc1669f368edb664bf28450cda5cf4dee35965a0744
SHA512937eef6a47bc768c8f59a81120ff0ee3a2d3599261a6537660b179772771504084b3e789b69ceaede94a18de876695536c6cda8429f53166d368f9bf50f92000
-
Filesize
113KB
MD5436ba37d8f45b24a2d737ed1f08655c4
SHA1fa417e723dac0317ddd2fcf30981aac75c3e9fa9
SHA256e7878bd6d7f129e9fc88066aab3ea2bd38b8daf64328ca4b841b9ee0f686f2e2
SHA512dea0b5af603f73490c1f1c3f79b9dd779a1c93624f9f1302477f3a4b3a6171ffecf47654c0e333df4c0da85f299d444e0d93cb4237efd5716af7b6f56a5d2997
-
Filesize
113KB
MD54133c2578e31076873a10a36fd6f09b0
SHA169bb6923791c8a5223119772cc7c2f9459320881
SHA256e5eedfe504c01af18b7a27d9c1fcaa648312622c7bc3ed126d39e1b2c0c62a4f
SHA51227e9224fa8161c6b2af50e6b880aca3c5ac15333f81920748acf6350710f879fe5e55808cca89c17cbf88e06e8bbda75bff81f8ec19a797895cf5a57615a19f9
-
Filesize
115KB
MD5611a5ab8966adfacc17d15dc0ce3ca71
SHA1caebc17706d061e50bba9ec6481cc4dc8aba100f
SHA256c909a792e766c6be4af02a70ffcff6b3c0e30d38279d071391120397daaef6b7
SHA512fe5bc1a4328fccc7d8b1210309a496d9c040a38853bd78827789f33b7919e326d89f672e774d3291cc2fadedf1b63b75d01571d37e980ed1a9388851e1fece04
-
Filesize
113KB
MD57f2f086604ff792da3f51945aac74277
SHA196e929584b45175cac1e2d4c09380f9578dced90
SHA256886d1f95aa02100c237f349b9127980e0303e0646444b011bd7fbf15e44f6377
SHA512445bde3e89136c48b794ef99e5cab53f1decef25a0f9193689c6373f1477291bb53003112849ade362f6c02d19513cccaea69c4ec8b18ac979c8084088fe41b6
-
Filesize
4KB
MD5d07076334c046eb9c4fdf5ec067b2f99
SHA15d411403fed6aec47f892c4eaa1bafcde56c4ea9
SHA256a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86
SHA5122315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd
-
Filesize
137KB
MD55a81163079cb41a0eebc1f2223c09e68
SHA1d187031c40d7f3a0c5190d42ba7fe08772258acd
SHA2560c4792819956dee58f428a411ed7a428ab377a0c6fee91b7a53067703a43f321
SHA5121353998e31991050acde3368751566c187636b1be4cbbbbeecc8de0fb7c71a027bb6c4ecfe43a0682c1e52412434e7b8157ae815fb0fd157d764da5957f5cf04
-
Filesize
113KB
MD5cce05299c45a1ed88ae51eb8a1a7f6a4
SHA1e455b9ecc31ec82e2df03d09d7a3d6a4324c6cec
SHA25628e0f7371fd915ffc76b424e6d53ef403396b7ec2888bcbc8af58155a285102f
SHA5122e7d028c0cc29785448da3a0fdcf45929d327667d356e6b78aae0889a1d488ef24ee52851f668d345575404953aabc9e2c112d6113740fa39a4d48ec172529a0
-
Filesize
111KB
MD5df0f59839799aee4cd62ce1313c142dc
SHA11f78c0c15fedf275b5c49a3e1172b10e4e7e1432
SHA256947320809ad95fd2e7121f35ad9cbf23eac9f27494ba7af19fffa70d86981ea8
SHA51297d0253698f5a6ca41e423cb3cf7e713e4e4fcc54fda9121963450337266af19e628f68bfe1101cc37b786ea1c18940b2eefa67eb697674af600b38ef8aa51e5
-
Filesize
117KB
MD5bd720c7908bfefc06271f514923c6871
SHA1b35e1f0bf8c860be603c5c009af142e4cdc9da62
SHA2569465efee5eb50453a3da814ab39087106be98a81d28f57451b016924d1b5a30e
SHA512aceaf73ed81fd1902101b64584e9b4c443cc726496c1bd3d3af70a194dd7c38ec4c49cbfa0e01bf635509fb948c33de80e718bd839c8ad8f6e79adbcde6d61e3
-
Filesize
112KB
MD5cfcdd4e93fb9f87d5d063a7a6f026773
SHA1b19cf6f3cbfbb8c8a42fe33919948d87e2ddc962
SHA25605bee2f5b4f7fe42d1c773744d4a41985804c5a18fe300996e89a9f68bcec3d6
SHA512e48cdeea956b8b38bf8fba462ebf87ddd3b0495e61051b6057e5b2f15404ba62bdf42c899fbcf386918b710af192d0e9783e383732a439e94ca71be0202bc7c3
-
Filesize
111KB
MD538a6aa4699780d30bd2097f0109c1e6a
SHA1e9b4b711898ea6a5c7ae18b48e45285953555dba
SHA256b4196eba1aa2fa375ebdab0c2112083c556d738544949b3bb7f79c61ba2be6f1
SHA512fa47deb14d9d05b3a47896fb774b20a28b7211cbf6573f2ad6bf2f608b7f7e33a2c437d429bfa6784e6e56feeff00eaac2cf3eee3a1ed92c47032e14d09ae4d3
-
Filesize
123KB
MD57ae87b194f738f3d8272bf43e205a504
SHA117902d3072e6e44b417d9cae5db9c64468613124
SHA2566832210c1beaf7227b419157339b87367e974061ee322a39c8a8a1bd2a8cdec5
SHA512db8a71acea79c189a39d71078c5b0934432e0f6dcf3cd528eb0c2dfe996aeba31acfda0042d2042baa6d070a61a9572e66fe3e432e80f386e10b5956e0d7bad6
-
Filesize
112KB
MD5cef6de407292f56fb4e00baa698995f8
SHA10c56977007ca40dc8e241f7df16da85bccc6f9a6
SHA2565c64c494944e1f7d5e65454ab3b5eff01ac1b844905aa21c5608ce4b87bbb006
SHA51284d982847291aad495e709cf3744a4fb480f87e8f14c0510945e297163be83d98b113cad738cdd3773069c18626717979ca7be241cfda70c4fb5d03beb59cd6f
-
Filesize
153KB
MD59dc8dda088df18844a68a5d0d717b96a
SHA1cfc161a8b77bcc76e16d981ab2cc405e5eb6275f
SHA2567753ed77e80b36eae9e6a6b694e071b65bb8b8c7ca8a66e766a83b1fbda83944
SHA5120ef4ab58f207c204c633ae0beb661404e89443695903e860173fe6dc2c5d65bbf52b3b96d4e22cd3c6fee7a86ac1b6776a57c08cdb164868675f0b191fb79fb7
-
Filesize
112KB
MD561f8776651789c65125b78f2bd2f75c5
SHA1b0f24d7afb2ea9512724a66de8103c1a4f0c3881
SHA256f1cb7d9bd69a4b4b30af0351cad5f8baf5b36ee062b142dc7a9a00d66641e741
SHA51234b476f5fd410cfb325731685069d4e3690b1e139012573997d208a99c5b2eed55ff53df8bb479b936e6a374ebd65830e6091a0cee5f56eb3f53f166a096517b
-
Filesize
118KB
MD5b827a95b95f36a7f5afb68080809c4ac
SHA1215630ff77d49797aba62f92695d7608b079d1c1
SHA2568c4fa9f5c6495892b5297c523dc71ee2dc9a940f00bc5c2ba3b31bcf2078f7d6
SHA5122dd57f91d7abc25ecdc33d2ab49305ebd226e3ef14823c7ae50248223faf17ae53c2ac6f0b233a2343abdfb9148f3edcfa5ad8dde64321b96b1f3df4fed3f4c5
-
Filesize
115KB
MD52dace5121adb33e4ac5f80ae7e998c81
SHA1ae404ef715c165a4b6377441bb52b09f14c627e9
SHA25637b0a323b2726f2948d289132cd2546020ed715b61725397b82fb98ec821e34c
SHA512f80ad1a6e9a261ddaed7c8d43645ad911a19a4a62ce208782723168970775231549c85748efc9c2c129ef15051c2bc8f7cf8f30c2ee49ec709db29f06257f6c7
-
Filesize
1.1MB
MD55ebed315c0a6a65dd7a0d76c2891fa76
SHA1bed6ea87b946f22cbb4b8db6fa202b3a19742723
SHA256a2090d7911702bf50b8a4dc78005e49fc679cf3307581b4a56b5e6fbb57e7b2d
SHA512c11dc04f5379082f82a0283cda84879633f9ad2c7ccdfe22e93a930edcdb8e609406f56376d9714024ba8b9cb5faf073d8c443d494ae62544a947962942bdf5f
-
Filesize
110KB
MD5ce65b62493f6c4fb6727613afb71c2de
SHA12097e80142e8705282f2f0e22ebbf8638d71c2c4
SHA25603099ece3ed9993243130e5ce3fd931f946f3b667491248fc23164b05ed19fe8
SHA512eae0831a8b107a5bebacc4eefda3805f73d5737a1a524c4f7964312615f15c2dbf4c2d57bb85b6d7e55f0f9a92453672fb5644ccc6379d9dcd0a090e2e0183d4
-
Filesize
504KB
MD55829a7bd397ce0bd572d1b4fe307bcea
SHA1fa1479f4fe93e6f06243cc927977d5f1af626d01
SHA256e9d9d4173cc970e98a874da2583f658d1cf04827bb316b24b70b8c4710cf9d9a
SHA512aa07aebf96d178719e88ec15a4d6430cb99885f6bce4da0c80ae5202a5c94d429d013761e58b7ddd3173291e3284769c9b71f4f0a3ac9a314f3e88ae6063d9bf
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
307KB
MD50d650378456a6b796e6618187aaafe49
SHA16c62e2201bfd5694fb2180d2895851909e851ba1
SHA25650d2c061a0347565447ed64ce9faf4e067fa6241a160659de40c43ae9003345d
SHA51273a1356d8f39f7c9450a1689fbf71950e5ba3ac23544eacdd833d1b8b2bbe608590ac809779f13a79e12274124ba4332b0b8cf18ea80d892afd4d337a3b2dcf7
-
Filesize
113KB
MD57abdf700cd52802bed5799f49d424a61
SHA1be821927ffdf84ce6f2c119e5dda7352a91ae503
SHA256ab60c22af54970a51b30817e34adb17a51a2e9f3effa63e4dd865374c912ccab
SHA512aa5b2ff15a2930f209c89aa8a3a217f6ca56ca511afd431796739b1c20dfb15e17212ee7933e03305551d31704a25b849afca7f9c196defada5cda4a122c1f5c
-
Filesize
486KB
MD5fb1371f66e6570754929f3eadc9503ff
SHA1766da41088b7ae5b1d8165691664a28b5c1816ff
SHA256a34c9581c88c449ee3321c8afd73a03e0b96aff93a5d88df9abda0a85912c45e
SHA5129a6b100a454a96716c10081d65f4875c9f0d069e95266a3568fc130bd3a42f5cdf066f54d837abce6526dfea880739498150f7acb512835fa95963c76d4d3b85
-
Filesize
103KB
MD5ea7034dc91f1093cad969625af114da1
SHA14c10aa522a78b3a313cbb301ae7acbc5b98d080e
SHA256226e69052998dc80ce474df6fa65166a236926cb7464f3708630f6c321d3a223
SHA51288868d575974059dcb64d837e25ae6dc7ae62ca2254e9c43c34514de172d3d85cc160bb3855533180fe22e35b079ee82e0c11a95a085cc96521d3cc2c3a39282
-
Filesize
138KB
MD5e82598dcf8a11c8244e47b47cabca440
SHA14054e681c78656487148e99ded29cd228ee4d42f
SHA2562bf987b047cbb2f36bcc3771ae0ff8ac0e280ae7f3356a24dfe495dab000ad2a
SHA512b703c77e5dafa6caa4df1b301e29c9e9c4bc388476b45ad28ba9b46461cae3bfed5a8520d05b2c99b782aea466bc5ef3262e7e51c20610731db9f0e9bb33cb85
-
Filesize
150KB
MD54fe184d6d361420b9e96bebf29bb0159
SHA1682f660853b19f1d2e43f1445566a724db90c4e9
SHA2565f41f480ce32c1502e33ac6f64663bff7b21f884c99e3cf04ccd2a3701478d42
SHA512c1c7819ef6ef48b105658272b816eeb8ec8e60bd1ce53fecd85dfaed4d2cb0715510ab2ed01fa6008d25ae31ac94cebf79efb566e0f52da7124f12eb1b8cc62f
-
Filesize
120KB
MD5741149d506c9e3bd35356c71d20cff86
SHA1a376e5b5535e42c5e2e6ac44f421cb2a90af382f
SHA25661f908b9c7c8d6616b2a5b6d3b7a4fe185d9238ab0a559a1cd59e13cb0f20641
SHA5120444bdd2c69144435debf3134e9f1aa857208eacbd9334e809d1ad3313beb0053ebc6374a535a05f9b2fd8e056ea7bfa43474034549ff016a62fc1f9d1df27a0
-
Filesize
110KB
MD578e44c659d20a358817498eeccc47233
SHA17b7a8a616006f814617620ecf49207e40bcb6e6d
SHA2561d192ef3b066053f7cae196318deb7155edb08bb18502af3ed1acef3c6b7e0aa
SHA512d202f8a65d15c34a1794dacc9294abdbf442033334d9f4dd5eb54bebcac0cbc9b78b9ef3b90180e07bebda435a7b1a38ad221237786478d95a85430a49b3a9d6
-
Filesize
115KB
MD5b2fdd042a1a9dc9e3a8dc10f82b31a2f
SHA1c08f005b60575eb418ff56b6087c7b0a24ba169a
SHA256a8c3bb5a593bc6800438511f3fd1441340193adf833209a6244e7ca6cf3e442d
SHA512d9a5635eeedfd879ba036b8cc5f76d3b1c9f3e0defb372aeed3f0c966b69c5b8f30c3570b3ab9a9502f8370a1ad162bd93c1cba37d74185512b9afeadf50ef85
-
Filesize
407KB
MD58f4ce896c305170ce4423890c4a263ba
SHA1a6d14081cff621ae70df4f2d331453b14f47e892
SHA256a912e5e255b8528760940870632df550e04b3ca8be6beb46ccf18b9be885398d
SHA5120ea0fd798bbf9b30b41797cb1c1477159f598873bd8f3de57524baff24d40989d8b222c2be6c16236c79b41168bc6f06b176943a98ee40195c1923f8db62a548
-
Filesize
110KB
MD568a74e879c02e2bf6229028b457fee8d
SHA1e12727d697aed604e18ce7939f80432c7ceca77c
SHA256c9f2bb35dd3e592eb4f0248f5e640c1629a7ea44b47505dc0d062e2c4c13ba64
SHA5127ef82e6d9e8c5f8c0c186392bfe471ba4a814f80ab06d3606f35dd885861763e8479aa8ad94a9cf73dbc486f3dad728d15d0569fc0517072255d658a1e0bba56
-
Filesize
113KB
MD59368c41608a0e2dc4fbe21671d2b3984
SHA1f26253a851c169fa8b6c5dff2a17646092b8eaf4
SHA2561b0b75eb5fc3d1f6fb79d7fe9ff688a5243795c71057bc9f8fc908647b8bf693
SHA51297d692642526023d8cbaa65b386904a482295a6dee245df28b9c6229c4b4867abbb4bd1b6c9d95b87d29db6d6bb3fdd793afd033261ecad37b2cecead467cfb5
-
Filesize
111KB
MD5c37ca54c009d5ceb3b8c211bbe403054
SHA1608a5cd54ec1970e92fa154e7409864e114426c7
SHA2568c15756c51944cd2aa2c082c467f75f34a5c02982d2837d61b370e6676e971ef
SHA5125b16a0195b51faf260fc0fc4b324dbe9094d66deb4ebe22aa88414fa1023531b44b177bfd8f606011dd4305e5670322a7d54ff822fb495311ba966e719200fce
-
Filesize
566KB
MD50f65d521b7c28e55e3cafe6a83075e00
SHA14420da4a1ed7050e82b3d39432aa043d53a51c9b
SHA25667c8b60ea992dd712d8f6a374377961e48d877fc9f4440c90c30811cfbbe62ee
SHA512cd6fb78debfd11a6acf0c2d75e05bc3c3483fe451f8d9b5ce076e29870e0732e55509bfcdf1ae6e7ce064b06681d1c94f7c48b936d171f6e7e5979bbcf63567f
-
Filesize
113KB
MD5b97640bf549901c33c2263818a5028da
SHA13d9e46fafba950605ba21a553fb860badbf6e696
SHA256d477d9dd7a719b4c0bdcc4b075ed15a0b1d0511e7b815e9b46d65bc1180221e7
SHA512ccd8bf503ad2e3757e938042627c1ebef9afd3761f15f21022a1d837c9de3cf8a1af54136d5eea1e7e86524fd043b884222c0b281380cdfdb5df030de6df4fdf
-
Filesize
110KB
MD5731d1a59e47c6ce0f83d33ef274dd714
SHA18240bc70c53abbe8ac13ab5d6c921640b8ee0753
SHA25649b99f6c7d48d822f7ed4ba1e56f045ed9d4fac4c97e0fa1df8723a9e63ce9c7
SHA5124163e997b5cfe316742e42d846a4dde50efb37cefb5cd077c70d30aebae3d276c7a32e3416168ad774bb827f83e283c4dbe93734a266487b38e30d77a0f79f1d
-
Filesize
120KB
MD5f69a20b59d5f054b51f299d153dd156e
SHA19c4bae1280b21c61be02fb486d3e05ed55c429b3
SHA256528447f91a8472b0bf84e88eb760ff47e38f517a6c427bf91fcd7f8c90e797c2
SHA51219ad06ed119a7294d7306df5bd1edb9303f8d05bf5b807817144b6fef012ed595476bc4b33ab790a41c852db30cf6bb5f0622990bbb2c05b2e7373c05a12b639
-
Filesize
4KB
MD5f31b7f660ecbc5e170657187cedd7942
SHA142f5efe966968c2b1f92fadd7c85863956014fb4
SHA256684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA51262787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462
-
Filesize
111KB
MD5a473373be94c4cc621c9c8ac74f59d96
SHA12b3dc644fe0854b49a67bae9b9f3ad98c1641df4
SHA256baf9db9797eb520a5d6ff365dc3fefce6e1343427e28918c0322ce6cd3a18993
SHA512dca085af2f0341b648e8b9c2b0838a9eea521f57d3e462b2099e452de16c20908270f2d9edc5a11db1647ee97ddb8664a707326ea8f8f75adc4a40f08253c739
-
Filesize
133KB
MD5de4a9f78b97855eedd5722f41ed293cf
SHA18aff01409beecc9b06726bed29c74bbd85ab4c8a
SHA25624fc8726adcf16b56c177a4280601cb0dcb19fbeab73524d617c0487f0591f8d
SHA512e3e3bb8bcee89e9cadcd6e2b651f53f7f4e14b8a9bc6fb2a9943544d707643d05ef437e393454bd1c49287707291d50bacb83994fa02d6fe8d1e185a5cf5ed76
-
Filesize
113KB
MD521bef92c3498918f2fb91267cade2aed
SHA17faa51a9a6ab316a7e77cdeca136233d668540b9
SHA2560e36395213742c9ab226eeac925ca89e407333698b2395b1cb4ffeaab59dea83
SHA512d70f75bcfad94c4b949559c9fd200c062934bf11e0acd239c9a8d87c6366335c9d577d2cdd81cb0e748d7114810f89b2cb5df44f4f7280b294e9d46959033af9
-
Filesize
4KB
MD5383646cca62e4fe9e6ab638e6dea9b9e
SHA1b91b3cbb9bcf486bb7dc28dc89301464659bb95b
SHA2569a233711400b52fc399d16bb7e3937772c44d7841a24a685467e19dfa57769d5
SHA51203b41da2751fdefdf8eaced0bbb752b320ecbc5a6dbf69b9429f92031459390fe6d6dc4665eebe3ee36f9c448a4f582ac488571a21acc6bba82436d292f36ac5
-
Filesize
4KB
MD5ee421bd295eb1a0d8c54f8586ccb18fa
SHA1bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA25657e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897
-
Filesize
122KB
MD536ac6458634c313773c25323a29c9f2b
SHA15ab5f0b2999415733beea0e73612ea19992989ca
SHA256fdc696761d1c08a6a629d14895f4a8ced2461f84d62ebe6a609d1093e406ddc8
SHA5120abe8cf7b723a150ad9c725532c83486856b8c6a05d8793311bd005298988b444178c07a202cb3f8c3ba025001c8d2d0bce932f1e16b18a7d8da90f40f388646
-
Filesize
263KB
MD5ab2f9614885849d679ef5134fceba52e
SHA14e5e7a2a6e88965f480efcfdad4350c7de4a0d22
SHA256c42f535e4d5eb5e9168663bf69a0dd4281b3f8dccffdf44e5fbf698f5c8432f0
SHA512df147331c191434f8ed5a2edcdd3f6d4eed4778c8c17b2bc59a2f5890372f317f2e1fdc25ce9910fd507eb3151bd0e55920754279d1488e82482159e709ddcf5
-
Filesize
205KB
MD509f93598243f8731cec538322e26890e
SHA1545601b4bb47a5028d8ca8ae067fde75cc9f6cd2
SHA2561ec6533fe6e8ec7a3cd1785e74aa9c3e3a588e0e20b399ce275d4abf797aaad3
SHA512bc49dd35021d9976ebfd0f66cf5f0d5b8a828383ee9008ef2d7510830de8242326f3b832303bead62e8c466dd812488d5d9742dc2ad8bdab2202c51786c03d98
-
Filesize
1.1MB
MD531fba16c34ce164fdf3025e82d97bc71
SHA18ac8fc30952b22c0d0e7f88d34a5a0f1475a1ab5
SHA25653d9771aab5329a748ae42e21c7aa57e519d838ac6f9cdf7d0f8a0dcc63da276
SHA512f8f950ac59dd9a78a118e242f2e8e373fd46d70e06eacd1acaa3e52b5d3eacf8f36db54469dd9d69203e598e03772772b4962ce5cd5481275df88c9adb97c3a9
-
Filesize
113KB
MD545a11ef2bb0104ea7306c51d31432235
SHA100feb1e95e1b3f073e651c03353fed40f4908f4e
SHA256d5916e33af448875eac61a91e29ff8ecceb300c1c66a7d1cc190098060c0dda8
SHA512933dde96e198499dbbcd8b92b760a2d0b186032d64a5091ec7b4b37464ba3d9b14d711db7dab17b9afa82253749bc3582cc84aab0779fb46e45b6546af24ee47
-
Filesize
564KB
MD5df8a1177179f632e2ce3f7d00f219d91
SHA1e9918ad3fd187369df2585a38fee6a4cdef8bd0d
SHA2566f38d1553f4147ac8290726a32e4e5b0000017158242ed9536f5944494b1179f
SHA512c62fa10853f2cfad90fcaa257639148c642614d1b4cc79630cf2413781975d918cc27e8ad36e4d8ed09c684f43335506561c6f6ef099d4980170fa1c86e7f87f
-
Filesize
111KB
MD55412ed7a28b729535fcd24d25eeaa2e9
SHA197b29c14049d11adc01ea28fee143820ff16460c
SHA256452bc94732f7ee42bd5709abf1acad1e6b63807c094a7d2eca00d1e88721c308
SHA5124d39f907a1703e97b7e40b7f72f871df4946fd9ef9d4119d2954dec2370b5d2d88918fd5267740f614b1b4e21ab36bbcbaa53f487da3360980fc75d319530411
-
Filesize
348KB
MD569928be734d0f87882495cd70a3f483b
SHA1033b5f73eead028e9852fffd612bdfa22196adf5
SHA256e8faf2280d686cd6bf56ca16d22dccc2f0181fbd2a4ae4a09c503f9b33c1a365
SHA512eee062b01b6cf7cf769dc569c6a8beccc112913dda7ee533114c6c348da62cefa23466f25b0fc2a34a174323b69475d35be9f2d655e6752cb7191dacebfc941b
-
Filesize
238KB
MD59ca0b7256645ec56873dacc227033559
SHA19be28983e4370b0da0e4ec0fbc0ccf330c14cd0b
SHA256c0ef9b290bc8d6e93fe3587c9122498a6a9ca4ab8b0c2ecf74ab11c149e6e3e1
SHA51214569bf4f935391c4025f07a7d22da663659226824a4954e6fd11dc816cd56c62656009816a8f3b8d0aedcbcbbebf78cd3af963212f8a112e283167b07717340
-
Filesize
2.4MB
MD51635726ce267460746a6d958d3e104b8
SHA1a3124c38298473ea19dd5c0855c44bf0d1edf645
SHA256fb269a037e85195f6283ba76ad983148fbcc249aca686f1bd717fc4ae3aeb324
SHA512a5818f5f9fd3e26c6a9e6a9999e4a510274ccfa1f2bf773d5758180178fd7765b29faede3d0fd54ffcda667d2d7ae6127159f38e61b6a3232c2ff8cdf076c19a
-
Filesize
628KB
MD55ae5729ec0ddc4cad15214697d8ad42d
SHA12a0244eba2f1ffdb2653e4f9df16a7760dcd9cfd
SHA256bd450cee16bd853cab9677c1ae521aceba948b06867d502b40a445443a4b4628
SHA512c5daef61925ec1ee917b7b26ba8a78631aa2a9923cb30837e2fbd5796c680d52109c808be3caad30920064d08003cdca7537cab2c22bdd049ea848c50d7020aa
-
Filesize
109KB
MD50650af125e5f554834784db39b507c9e
SHA16c362c6f0ffdf61809c5aaa18fc7b9e58d441a5f
SHA2562560b4ceda5bd0275e3dcc04eb422010b30d39e7d51b8edc0620286e91836ca9
SHA5127df66d4890283c9a528e47e78a08b61e9b8a793a69d9ac4fbeae86ac2762575c31e84e2987e3ab2a2b30db3ed2d999bd6da3b632499c09f394828f3cd4a4e62c
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
116KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
116KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
