Analysis
-
max time kernel
560s -
max time network
584s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
06-03-2024 15:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Endermanch/MalwareDatabase/blob/master/enderware/Deskbottom.zip
Resource
win11-20240221-en
General
-
Target
https://github.com/Endermanch/MalwareDatabase/blob/master/enderware/Deskbottom.zip
Malware Config
Signatures
-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
-
Modifies visibility of file extensions in Explorer 2 TTPs 59 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Executes dropped EXE 64 IoCs
Processes:
9955.tmp[email protected]TAgIQwEM.exexSkoscUM.exe[email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected] -
Loads dropped DLL 2 IoCs
Processes:
rundll32.exerundll32.exepid process 3208 rundll32.exe 1980 rundll32.exe -
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
description ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Run\TAgIQwEM.exe = "C:\\Users\\Admin\\mAMYgsUw\\TAgIQwEM.exe" [email protected] Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xSkoscUM.exe = "C:\\ProgramData\\nGMYQcUs\\xSkoscUM.exe" [email protected] Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xSkoscUM.exe = "C:\\ProgramData\\nGMYQcUs\\xSkoscUM.exe" xSkoscUM.exe Set value (str) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Windows\CurrentVersion\Run\TAgIQwEM.exe = "C:\\Users\\Admin\\mAMYgsUw\\TAgIQwEM.exe" TAgIQwEM.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
Processes:
flow ioc 175 camo.githubusercontent.com 180 camo.githubusercontent.com 9 raw.githubusercontent.com 33 raw.githubusercontent.com 171 camo.githubusercontent.com -
Drops file in Program Files directory 64 IoCs
Processes:
description ioc process File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_af.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\am.pak.DATA.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\large_trefoil.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\A12_Sign_White@1x.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fr-fr\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sk-sk\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_bn.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\zh-CN.pak.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sk-sk\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fi-fi\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ja-jp\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_ur.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluNoSearchResults_180x160.svg.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\bun.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\selector.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\zh-tw_get.svg.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\AppStore_icon.svg.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\selector.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Social.DATA.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_auditreport_18.svg.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ro-ro\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\pt-br\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\qu.pak.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\wns_push_client.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-right.gif.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hr-hr\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\devtools\de.pak.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\VisualElements\LogoCanary.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ja-jp\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\it-it\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pl-pl\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\MLModels\autofill_labeling_features_email.txt.DATA.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.MsiProvider.resources.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOnNotificationInTray.gif.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\az_get.svg.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\da_get.svg.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\qu.pak.DATA.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\close_x.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-tw\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\it-it\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\warning.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\it-it\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-si\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-il\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Installer\setup.exe.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\main.css.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ja_135x40.svg.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\MSFT_PackageManagementSource.schema.mfl.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_te.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\css\faf-main.css.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_issue.gif.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\editpdf.svg.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_ellipses_selected.svg.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5 [email protected] -
Drops file in Windows directory 7 IoCs
Processes:
description ioc process File created C:\Windows\infpub.dat [email protected] File opened for modification C:\Windows\infpub.dat rundll32.exe File created C:\Windows\infpub.dat [email protected] File opened for modification C:\Windows\infpub.dat rundll32.exe File created C:\Windows\cscc.dat rundll32.exe File created C:\Windows\dispci.exe rundll32.exe File opened for modification C:\Windows\9955.tmp rundll32.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
description ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 [email protected] Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString [email protected] Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 [email protected] Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString [email protected] Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
Processes:
schtasks.exeschtasks.exepid process 2392 schtasks.exe 4972 schtasks.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
WINWORD.EXEmsedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE -
Modifies registry class 2 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2930051783-2551506282-3430162621-1000\{E56D7586-80EE-4EDA-B628-9346956CAD24} msedge.exe -
Modifies registry key 1 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exepid process 2900 reg.exe 944 reg.exe 1548 1032 reg.exe 5480 reg.exe 5136 reg.exe 5296 4772 reg.exe 6928 reg.exe 5728 reg.exe 4628 reg.exe 840 reg.exe 6248 reg.exe 7104 1704 reg.exe 6572 1468 reg.exe 5480 reg.exe 5852 reg.exe 7120 reg.exe 6664 reg.exe 6164 reg.exe 6264 reg.exe 6792 reg.exe 5492 reg.exe 6796 reg.exe 3112 reg.exe 2932 reg.exe 4980 reg.exe 7080 reg.exe 7164 reg.exe 6016 reg.exe 7016 7160 reg.exe 2900 reg.exe 2516 6504 reg.exe 6612 reg.exe 6976 5624 reg.exe 7048 reg.exe 7024 reg.exe 6544 reg.exe 5808 reg.exe 1996 reg.exe 1184 5072 reg.exe 1624 reg.exe 5164 reg.exe 6612 reg.exe 6892 reg.exe 5808 reg.exe 696 reg.exe 5212 reg.exe 4260 reg.exe 6364 reg.exe 3612 reg.exe 1876 reg.exe 836 reg.exe 1980 reg.exe 6180 reg.exe 6524 reg.exe 6476 reg.exe 6488 reg.exe -
NTFS ADS 7 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Deskbottom (1).zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\InfinityCrypt.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\BadRabbit.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\BadRabbit (1).zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\ViraLock.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\ViraLock (1).zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Deskbottom.zip:Zone.Identifier msedge.exe -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 412 WINWORD.EXE 412 WINWORD.EXE -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exerundll32.exe9955.tmprundll32.exemsedge.exemsedge.exe[email protected][email protected][email protected][email protected][email protected][email protected]pid process 4524 msedge.exe 4524 msedge.exe 4048 msedge.exe 4048 msedge.exe 4120 msedge.exe 4120 msedge.exe 1064 identity_helper.exe 1064 identity_helper.exe 496 msedge.exe 496 msedge.exe 112 msedge.exe 112 msedge.exe 2288 msedge.exe 2288 msedge.exe 1216 msedge.exe 1216 msedge.exe 1216 msedge.exe 1216 msedge.exe 3484 msedge.exe 3484 msedge.exe 2520 msedge.exe 2520 msedge.exe 3192 msedge.exe 3192 msedge.exe 3208 rundll32.exe 3208 rundll32.exe 3208 rundll32.exe 3208 rundll32.exe 1232 9955.tmp 1232 9955.tmp 1232 9955.tmp 1232 9955.tmp 1232 9955.tmp 1232 9955.tmp 1232 9955.tmp 1980 rundll32.exe 1980 rundll32.exe 6016 msedge.exe 6016 msedge.exe 5460 msedge.exe 5460 msedge.exe 1388 [email protected] 1388 [email protected] 1388 [email protected] 1388 [email protected] 4772 [email protected] 4772 [email protected] 4772 [email protected] 4772 [email protected] 2748 [email protected] 2748 [email protected] 2748 [email protected] 2748 [email protected] 4604 [email protected] 4604 [email protected] 4604 [email protected] 4604 [email protected] 5908 [email protected] 5908 [email protected] 5908 [email protected] 5908 [email protected] 6048 [email protected] 6048 [email protected] 6048 [email protected] -
Suspicious behavior: LoadsDriver 2 IoCs
Processes:
pid process 680 680 -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs
Processes:
msedge.exepid process 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe -
Suspicious use of AdjustPrivilegeToken 15 IoCs
Processes:
description pid process Token: 33 124 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 124 AUDIODG.EXE Token: SeDebugPrivilege 4612 [email protected] Token: SeDebugPrivilege 3148 [email protected] Token: SeShutdownPrivilege 3208 rundll32.exe Token: SeDebugPrivilege 3208 rundll32.exe Token: SeTcbPrivilege 3208 rundll32.exe Token: SeDebugPrivilege 1232 9955.tmp Token: SeShutdownPrivilege 1980 rundll32.exe Token: SeDebugPrivilege 1980 rundll32.exe Token: SeTcbPrivilege 1980 rundll32.exe Token: SeRestorePrivilege 1468 7zG.exe Token: 35 1468 7zG.exe Token: SeSecurityPrivilege 1468 7zG.exe Token: SeSecurityPrivilege 1468 7zG.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exerundll32.exepid process 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 1812 rundll32.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
WINWORD.EXEpid process 412 WINWORD.EXE 412 WINWORD.EXE 412 WINWORD.EXE 412 WINWORD.EXE 412 WINWORD.EXE 412 WINWORD.EXE 412 WINWORD.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4048 wrote to memory of 2120 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 2120 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 900 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4524 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4524 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe PID 4048 wrote to memory of 4840 4048 msedge.exe msedge.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase/blob/master/enderware/Deskbottom.zip1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xa8,0x10c,0x7fff9a6b3cb8,0x7fff9a6b3cc8,0x7fff9a6b3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5552 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7276 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7856 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8296 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8352 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7580 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8688 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14234783024971139593,2076397095832970621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Deskbottom (1).zip\[email protected]
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\eebb4cd1a65e423c9a0151f38b0159a4 /t 3724 /p 46841⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\[email protected]"1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {515980c3-57fe-4c1e-a561-730dd256ab98} -Embedding1⤵
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\[email protected]"C:\Users\Admin\Downloads\[email protected]"1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\BadRabbit (1)\[email protected]"C:\Users\Admin\Downloads\BadRabbit (1)\[email protected]"1⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 152⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Delete /F /TN rhaegal3⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Delete /F /TN rhaegal4⤵
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 992845490 && exit"3⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 992845490 && exit"4⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 15:56:003⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 15:56:004⤵
- Creates scheduled task(s)
-
C:\Windows\9955.tmp"C:\Windows\9955.tmp" \\.\pipe\{6D5691F3-B3C5-4416-B5C1-CCD686A0D031}3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\BadRabbit (1)\[email protected]"C:\Users\Admin\Downloads\BadRabbit (1)\[email protected]"1⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 152⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\RequestRestart.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ViraLock\" -ad -an -ai#7zMap14267:78:7zEvent79861⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\ViraLock\[email protected]"C:\Users\Admin\Downloads\ViraLock\[email protected]"1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\mAMYgsUw\TAgIQwEM.exe"C:\Users\Admin\mAMYgsUw\TAgIQwEM.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\ProgramData\nGMYQcUs\xSkoscUM.exe"C:\ProgramData\nGMYQcUs\xSkoscUM.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"2⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"4⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"6⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"8⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"10⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"12⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"14⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"16⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"18⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"20⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"22⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"24⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"26⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"28⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"30⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"32⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"34⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"36⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"38⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"40⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"42⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"44⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"46⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"48⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"50⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"52⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"54⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"56⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"58⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"60⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"62⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"64⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"66⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock67⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"68⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock69⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"70⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock71⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"72⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock73⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"74⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock75⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"76⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock77⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"78⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock79⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"80⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock81⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"82⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV183⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock83⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"84⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock85⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"86⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock87⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"88⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock89⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"90⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock91⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"92⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock93⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"94⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock95⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"96⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV197⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock97⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"98⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock99⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"100⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"102⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"104⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"106⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"108⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"110⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"112⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"114⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"116⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"118⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"120⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock121⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"122⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock123⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"124⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock125⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"126⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock127⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"128⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock129⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"130⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1131⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock131⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"132⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock133⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"134⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock135⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"136⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock137⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"138⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock139⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"140⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock141⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"142⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock143⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"144⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock145⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"146⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock147⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"148⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock149⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"150⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock151⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"152⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock153⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"154⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock155⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"156⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1156⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2156⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f156⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lcwQQEEc.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""156⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1154⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2154⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f154⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zmEQQUkk.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""154⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1152⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2152⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f152⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\omsAUkUY.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""152⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs153⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1150⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2150⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f150⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WQkMsIUc.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""150⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs151⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1148⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2148⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f148⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GwgkcwYY.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""148⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs149⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1146⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2146⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f146⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VGYowUUs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""146⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs147⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1144⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2144⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f144⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VeYQoAIY.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""144⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs145⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1142⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2142⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f142⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CgYQYEcs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""142⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs143⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1140⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1141⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2140⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f140⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nKsIMgQo.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""140⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs141⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1138⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2138⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f138⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mGIUkggA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""138⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs139⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1136⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2136⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f136⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UYMMUwwQ.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""136⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs137⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1134⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2134⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f134⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JGkoskIg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""134⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs135⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1132⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2132⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f132⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hUUgUMYA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""132⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs133⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1130⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2130⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f130⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AYwUUEco.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""130⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs131⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1128⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2128⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f128⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yYAQUMUs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""128⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs129⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1126⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2126⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f126⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1127⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oIMIIcQw.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""126⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs127⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1124⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2124⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f124⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rocoAQwM.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""124⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs125⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1122⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2122⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f122⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dugkMMkg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""122⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs123⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1120⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2120⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f120⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hUssgQIs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""120⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs121⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1118⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2118⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f118⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yGEwIMME.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""118⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs119⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1116⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2116⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f116⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\muMsQIck.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""116⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs117⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1114⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2114⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1115⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f114⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YckgwUYI.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""114⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs115⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1112⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2112⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f112⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fewMUwEg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""112⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs113⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1110⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2110⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1111⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f110⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xMYwAksw.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""110⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs111⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1108⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1109⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2108⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f108⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GSkQcUEM.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""108⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs109⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1106⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2106⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f106⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ycMYEMQA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""106⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1107⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs107⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1104⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2104⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f104⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UMMscYcw.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""104⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs105⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1102⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2102⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f102⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zSIEUgoE.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""102⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs103⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1100⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1101⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2100⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f100⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vWQYMYMM.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""100⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs101⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 198⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 298⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f98⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pUEcwskI.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""98⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs99⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 196⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 296⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f96⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hkYsQoco.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""96⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs97⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 194⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV195⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 294⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f94⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ckoAcMkY.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""94⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs95⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 192⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 292⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f92⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yOoEUkMQ.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""92⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs93⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 190⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 290⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f90⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zkIggEIE.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""90⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV191⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs91⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 188⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV189⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 288⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f88⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pgcAIkIg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""88⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs89⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 186⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 286⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f86⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PakYEcEo.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""86⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs87⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 184⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 284⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f84⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oWEogUMg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""84⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs85⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 182⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 282⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f82⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CcgIIIYA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""82⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs83⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 180⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 280⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f80⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OqkwQIkI.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""80⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs81⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 178⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV179⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 278⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f78⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sYMMUcIc.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""78⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV179⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs79⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 176⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 276⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f76⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zgUUAMAU.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""76⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs77⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 174⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 274⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f74⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VMAAowAA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""74⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs75⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 172⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 272⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f72⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VqMwUIQs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""72⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs73⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 170⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 270⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f70⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YcoAIQAc.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""70⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs71⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 168⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 268⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f68⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ycwQIwsA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""68⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs69⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 166⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 266⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f66⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iIwowEQY.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""66⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs67⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 164⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 264⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f64⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oYkcwgsw.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""64⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs65⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 162⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 262⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f62⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\voYksEMM.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""62⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs63⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 160⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 260⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f60⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JCwMwsAU.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""60⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs61⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 158⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 258⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f58⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PawAogQI.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""58⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs59⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 156⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 256⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f56⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vcUUIcEE.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""56⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs57⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 154⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 254⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f54⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WyogEEsk.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""54⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs55⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 152⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 252⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f52⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UkgIEQwA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""52⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs53⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 150⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 250⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f50⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmMYUEsQ.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""50⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs51⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 148⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 248⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f48⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lWUcsAUU.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""48⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs49⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 146⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 246⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f46⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HQsUkAsU.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""46⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs47⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 144⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 244⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f44⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DaUgMsYk.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""44⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs45⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 142⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 242⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f42⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FQAYYsUI.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""42⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs43⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 140⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 240⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f40⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OeUMgYAc.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""40⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs41⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 138⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 238⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f38⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YOUkIcUs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""38⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs39⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 136⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 236⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f36⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QGUcEIYg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""36⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs37⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 134⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 234⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f34⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rYwcgwoQ.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""34⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs35⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 132⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 232⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f32⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dccwAEMg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""32⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs33⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 130⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 230⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f30⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FoYQEcEU.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""30⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs31⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 128⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 228⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f28⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bgEAwYos.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""28⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs29⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 126⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 226⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f26⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uUcoAowo.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""26⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs27⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 124⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 224⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f24⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OmEcwoYs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""24⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs25⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ceAUYQkY.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""22⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ssscwckI.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""20⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PoQsUYEs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""18⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 116⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 216⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f16⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PIgkAsIA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""16⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 114⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 214⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f14⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KgMsUMow.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""14⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs15⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 112⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 212⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f12⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UWQUYgMg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""12⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 110⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 210⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f10⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\euUEUYsA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""10⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 18⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 28⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f8⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IuwkUcwc.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""8⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TeYoYsUs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""6⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lOcMQoEw.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmIQEMkw.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"2⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"4⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"6⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"8⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV19⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"10⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"12⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"14⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV115⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"16⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"18⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"20⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"22⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"24⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"26⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"28⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"30⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"32⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock33⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"34⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock35⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"36⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock37⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"38⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock39⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"40⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock41⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"42⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"44⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV145⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"46⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock47⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"48⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV149⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock49⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"50⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock51⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"52⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock53⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"54⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock55⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"56⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock57⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"58⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock59⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"60⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV161⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock61⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"62⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock63⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"64⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV165⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock65⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"66⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock67⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"68⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock69⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"70⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock71⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"72⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock73⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"74⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock75⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"76⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock77⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"78⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock79⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"80⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock81⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"82⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock83⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"84⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock85⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"86⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock87⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"88⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV189⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock89⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"90⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock91⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"92⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock93⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"94⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock95⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"96⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock97⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"98⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock99⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"100⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock"102⤵
-
C:\Users\Admin\Downloads\ViraLock\[email protected]C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLock103⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1102⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2102⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f102⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jEoIoYwg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""102⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1100⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2100⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f100⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\naEMYkAo.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""100⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs101⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 198⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 298⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f98⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uUsgQEwc.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""98⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs99⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 196⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 296⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f96⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IgQUUggg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""96⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs97⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 194⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 294⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f94⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bqgMgIgs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""94⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs95⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 192⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 292⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f92⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bSUQIocE.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""92⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs93⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 190⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 290⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f90⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GAAoAEcc.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""90⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs91⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 188⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 288⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f88⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WwoEEYEE.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""88⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs89⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 186⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 286⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV187⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f86⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RogwQYUA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""86⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs87⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 184⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 284⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f84⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AuAQEAUs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""84⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs85⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 182⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 282⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f82⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IOkkAUIY.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""82⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs83⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 180⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 280⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f80⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eMYYsAAk.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""80⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs81⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 178⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 278⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f78⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xOcsUMMU.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""78⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs79⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 176⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 276⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f76⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dasEkUIs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""76⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs77⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 174⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 274⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f74⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV175⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WUQwcAEY.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""74⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs75⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 172⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 272⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f72⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kmwIAwgA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""72⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs73⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 170⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 270⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV171⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f70⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YwEEYwgg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""70⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs71⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 168⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 268⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f68⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FmkcYUkc.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""68⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV169⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs69⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 166⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 266⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f66⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TOwYMIEk.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""66⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs67⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 164⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 264⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV165⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f64⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xMoIEwYg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""64⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs65⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 162⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 262⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f62⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sWQkokIc.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""62⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs63⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 160⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 260⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f60⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OWgIUQAc.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""60⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs61⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 158⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 258⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f58⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nkcEEEwA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""58⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs59⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 156⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 256⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f56⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VIcIUsss.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""56⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs57⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 154⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 254⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f54⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BgYYcssY.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""54⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV155⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs55⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 152⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 252⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f52⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV153⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yaAEEMoA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""52⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs53⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 150⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 250⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f50⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cQEYAMMU.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""50⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV151⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs51⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 148⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 248⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f48⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kiUUYcYQ.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""48⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV149⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs49⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 146⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 246⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f46⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV147⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KiIogQoo.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""46⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs47⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 144⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 244⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f44⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DeQYwEAU.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""44⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs45⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 142⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 242⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f42⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NuMAAAAY.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""42⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs43⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 140⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 240⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f40⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pGQsMksQ.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""40⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs41⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 138⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV139⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 238⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f38⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV139⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nmMYcEYs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""38⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs39⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 136⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 236⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f36⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CSEQYQoA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""36⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs37⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 134⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 234⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f34⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmIkYsEo.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""34⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs35⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 132⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 232⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f32⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GUMAEYcs.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""32⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV133⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs33⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 130⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV131⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 230⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f30⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pEcsIwsQ.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""30⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV131⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs31⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 128⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 228⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f28⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\teQwEUUw.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""28⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs29⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 126⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 226⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV127⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f26⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dMMMYocM.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""26⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV127⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs27⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 124⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 224⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f24⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uCUgQssk.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""24⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs25⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eQskQoMw.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""22⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUUkokAk.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""20⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XIAEoogg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""18⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 116⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 216⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f16⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PmIkMIIA.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""16⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 114⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 214⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f14⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dYsswUwc.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""14⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV115⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs15⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 112⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 212⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f12⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CwUYgQAk.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""12⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 110⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 210⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f10⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MWkMkQso.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""10⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 18⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 28⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f8⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Eqcwccgg.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""8⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yoAYIoUk.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""6⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vEwEUwAM.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xCcwkIAk.bat" "C:\Users\Admin\Downloads\ViraLock\[email protected]""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff9a6b3cb8,0x7fff9a6b3cc8,0x7fff9a6b3cd82⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
16B
MD59fc575f0ec16fbf950ab44fcc38ea024
SHA1875572a7f0c02f125b638ffd75dcc7bd146e6ac1
SHA2562ac3a848717a2b3f6a6c1763a051d092bdc50c71782a8bcb2c4a00fb195e9e3a
SHA512e54f72d6c33ba390cbffc2494eb0f6e4363788e528ffb270ac6af6d972d4d6c6cf9971167871f2b8ec01b5de1c20ea5fae90036f7fc81a38c3737c38ead0a59a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
720B
MD5578727e445ffe42d1de2571a6142106e
SHA1b02b3ca70ef66ffaed60a2c901290472a3dade6b
SHA25670b278d692789d100fdacc32d6fd40fc87d233deb04e31db3dd2c382f10fe0e4
SHA51259c9578b11b608658432298e362594e3376a9602cc7a2e03715597d91ee5cacf4c951a9c83ec665d97190a14006ffa63f5796d41a1c3f1e9f6479770b50662c8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
688B
MD56e997b5c42d7b8fa4f957fde7726fe9b
SHA1ebae1a56be547cce4568e893c298eb02f2bef1a7
SHA256ae271fe57840f1e62ab7c5a6f7be69a629c2613b9b7e280d1c4c93658e7bbcfe
SHA512292f55627521c812727f1f447fa496bc2dde73b1c7f6b251f2bb7b0cb343b165e8405efc0e54dd75531f22f7e911354a8b5271fc055786e445d4daa0f0f97fd7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
1KB
MD537c64b1b5d0c1e279108f97f3d60d326
SHA19fefd87fef21c1d30e9b628c4252af323e34f594
SHA25623f50a5bffb30663dd4fa762c7c3d6b78e6c9967cb1283cc2ce87663f5d2ce5d
SHA5123d7f4e3b3e0aebd78dad031efea107ef0a4ef093db24cf0b37720295140488e1b4762207ee8fc1747bebb67d3151a1e8ca9986739acb4ee7b3f39045a68f4bc1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
448B
MD58af93d87a3c2da935a31e2eee7ff233c
SHA10038ca9ba99a91f41bc473295fe9ba3924a4f0cd
SHA256f082965578b5770c89dd9ec868f30827b761f71544a8a0ea284317693e92a334
SHA512aca1c63f735c4a991d2f7a47b1ce9899df1a5b9922c30d3fda3b2b2fda52de200f9daf500d9dbf92c2aa3637bac4175e5e597a08988a9d37e66f636e364ce970
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
624B
MD594917e0e1738e36feb2a7e2aa6c5eaa9
SHA15b9bd2c9295000c2272d6dea3b976bf6ecfbcdb6
SHA25697b0bf3dba624b7f02ad77473b36400de926587d62afb8a7363fc683dc8a5873
SHA512c6539c2ad6cfe50a0a5f65e3cd61f8d4bb613b1027c24437beb60c7f687b934ccb9cfb1acdf5278be822c45522b7c328a1cec299b5272bf7652bfe0efefb25a5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
400B
MD59adfd526969c564a4e75af95deec25ec
SHA101063e0d56cf4dcde03fd08d784352ee63bcf537
SHA25685b954d8a75b0ed2fdce3d11c45132e79d61643aba68a141ccd96ef312899150
SHA512b826a5f66bcc95d2d06fc3c9de82ab9e34e54fe83048aca44019fbabf61026e3f31397c29420d5c1d0a3be6bc6d46553f7c5f2eba8f0002e1343009cefaec906
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
560B
MD5a8eaa5920a97802fe3a68b33852c0cae
SHA15e252a15ba6c3cc227873a7bbc390c9fa0d4270f
SHA25683e5de5ec1444b6513948990db47c37133abf0e52b27b22b7984e662bd718e41
SHA5123b037cca63f7338f8d616e1a2251f37655f1410c11a02d9234f6fa4153df61a6bf13dd393442533980299edd74ea78331ecdbbcf6bc30e59cb594478dd64b654
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
400B
MD58e1ef774d07e67454f6493ec6502b06c
SHA1f6c4d7ea9346a6b23a9ea180153434eaba22fedc
SHA2561f1d0d81eb80811bfc61700eb1000405b239314cc49a833c542895fdcfe474a7
SHA51291a864248275a031f8736b8e05fe0c06ce87795f98f8e903612e528de80d3121e9b58826671962b390eca4f433f6912f0bc9e442fc4ab3d44eae1846cd6857ab
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
560B
MD511a6a2731275e4f31a3a6cddf971fa38
SHA17ed35a977f85faef427ca96cfa071df4ddb7952a
SHA25606f88a82d996c6bc4e5cfa6d849a999bc98ba7245261ee01f16e982dda70af37
SHA5128a142f5a68531fa85873722018a981dcd496d96a981e0b01e6edb46bba9ce638acd5df26835265d6822f9538bf6f86194add6fe5071d4d199ec54992149eb117
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
400B
MD58d5de9ffcb09283ef1d036c3ba765a23
SHA1c01b65348689f819a7290ee93f8cd57a2c12c1c1
SHA256a253b10506a542009bb9c1043d4deebc25a6d9ff30a0b25301946d0484e4d8e1
SHA512ed9088711ecaa536abc5266e97e9dd7cd32cca052f64b9e6178a46d6a9fb4b873b2e77b32f69d27779e4d3ba5352e0b1bac324f1fe20e64274fa5bcb08db7328
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
560B
MD5d8e0b574cbff98a0c0d49bdca137cccc
SHA1b3c43b7bf1dfebdb9b2e6bc58e95fa253dd0a2b8
SHA2567226063ea31ac3ccd21a98c50255ea73a8ba30b3b8f8712e78024874b06193a2
SHA51277de647a3989b9650c4242f2a1a4f38a9a0298d1033882e0a86e076537228432d32294e2f98145854a4c3799e8d62622278290e617da7f5062437a7643395e07
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
7KB
MD51b7e5bf69c07720b0d17eeac89d8581a
SHA15cfd534d17b156108ef2a993f96edfe18003b8e6
SHA25668ed8bbe3367e39d892bf8972e4c2744238d19f8121aa4cf79d61f8b2c2dd5e1
SHA512d9a4d83edce7e3899fee9f476dec4b4614b2ef7c4c636c44c97db132d249d9c2ddcc95d27d651a624741eb0456b54ec909d9a5c8d3679c2987ece74644b32e47
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
7KB
MD5aa931e956b5601fb54a1cabd1344a129
SHA1482cf282a88c6b29e702136405c3d7467c18c5b9
SHA256f9c51ca94a3ac4ad079426669df634c2200b9e8339c31095520da3f35097bd25
SHA51293d55e61191b35b835f45058986a1da835d5a04fa5aa76b12b34d0acf2d1c597af6c544e625e8c920ee9bd6255c9d36292dcb8eab81e9cdfedf1948a4f12f216
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
15KB
MD5428b19b836765404fc02a9255e5b660a
SHA169a6c5e766c3325c24a0325072c4832224466b35
SHA2567199971c067d64987a7194b37a53eb6cd166ba7ab578669cd68443c581bf9fe5
SHA512e9419ef2d59eafe6f7027dcef50c84cb2e1d35dccb715a54d7c1073e580f8216d2b435368e0e0e1519b1f24fe220a6fb48e9dbc777f21f31ed911b8d2ed085e4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
8KB
MD56485db5780eb6b45dc2c002e520a9b5c
SHA1160641ab91834f308a5fe803fd8c8fc6ed6a3da9
SHA2561ed703d5eba66d2538866c36b23097987ee2e9af5a7353f45950a72fe92d75e8
SHA512ba9fb2b1f8f4e4ed4985e67eca8844cc8dc1d762418d503978ad73eda58426b9b13b85aa0fca338821654f176e524f518d99d4c1ac09a581662166a085cf721a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
17KB
MD520dcf42ae2f73c5ca87e29a76098bc58
SHA1d4e939583be59e60ec1bc9a52630c83a02cf4cea
SHA256778f3bceab39e66fef1d182d1c549e4aded0e508c161dbf058bffeaa3771940f
SHA512d34c928a621f4097f73a489f024ce0f015e4da87c99655f0a12d12b364463b1b1d2266ee069a3c84349a973f54c046cb6be8d6b8bbc6f1dc43669c5e4155d3ae
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
192B
MD5d5c0fec763fbe22a1f70a6b3128504fd
SHA14d9b77e23119a3878e197fbb47059bac0f3af5f0
SHA2560b8a41814483997d14e414c624158e8cde5886366902032cbef158ededc9236f
SHA512b9f77f22efab56ddad04574b3367d2578e3fee7829654ab44ebd671b84d247db96fbf49001f994221c83ce7c500a1d2d115b844295e3a2c5c42d632aef42373b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
704B
MD5cf2ffd5ad8846804d62672f8909f0f49
SHA144e2a74eff484ec8eae3a154ca735c2de939e9d0
SHA2562ca0c3e6300e3aa8821ea8fb0030e8a2f0cd3391515249188c5a764ea2343ec1
SHA5126c48941ac4f411310e8e304a06ace19b301f432793252e8548c9e9c918637bd2ae1e0359409eeed0d45a24d9c964683cd2f225cf771bed83e2520166c80e7d6a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
8KB
MD55aabcfd25c2eae6028f5c434a495f2f9
SHA1c75a80d8785bed3eab78caeb1b9d16725a9352d0
SHA25690eb0aaa0e1e1a89e607dea9250f841762f9c510108c868ff6e5480891fa7a49
SHA512680cbc79f7bcfad27f2ab5908c669bc363d2160aa81b40ccf10a18309b81a019f2172df258c4d8b27e2fce7120c65dd4b50b92630152855ff682882737da015b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
19KB
MD52971f6f133a53e640943a7369066c242
SHA1b3039b64bf479a2df89c498fd0ffd47938618e17
SHA256c311dc8c3d9b6fe224e2d872e5d5c6976c73641593fd0a49bbadef558392945c
SHA512c25b2509cfda7cd9ef6e5e4544f193e349efb3ccf5bc2bd699fdf414e303c9ebe9260ce862ccd29be0a0738712ec9e301bd9f35184d04c1a2308944f8728addf
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
832B
MD5ff5dbeb7ae5d2c24c4147f96f29ba333
SHA1527e21a9fb9226425cb4409c0dd4dce5ca88c331
SHA25638a341da9bb81cec29b95dd6e420d3ec15febc902ddd3c5c9baf677d9cfbf3e4
SHA5126668ecbc83f4370bd3257123df17ab7e1c52fd808136db64dd92d7ccf0d17c2f23238a9c51120445036a504fefdcbbacbbcedb75da7ed51c1a9e94d96664f47a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
1KB
MD5e5ff7e90347bf7886fdbe3681734d739
SHA1363b948c402cf119600c60fffb7ca471cc3d290f
SHA2562f5bba556b96d14315e604be44af174c3bbda3a746695de5e86553a0c4008436
SHA512430630f4c5805753e1abc71e91505fd8335d46b2cf5c75045dd9158bb9b12d2e5b7cf6c861eb23178a9767522bce27961b22024b7ff666fc00730cbac879741f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
1KB
MD51dfa5ac9bad0255d0b1f6cdf13e79dbe
SHA1991ef241368d74b2511707d33642e659d49a5077
SHA25647cdff30beee4f55665e82989153445c37dd336e6f29b725341f2f2312f2b335
SHA5126a75e6962471d8d936f8ba793177b5519add0af609934dffeaea2bbef830a5a5a8aad2232fb16cc514cbe318f5b72b67786ce336926d4eded67bf4cf0ca623f1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
816B
MD59e66257071c513d7222ffd09877ad411
SHA1dff7fecbf8df15096680fdc1e4440ed73da8109b
SHA256ad75c334926f1bfd6cccc9d517db9ce2b94615db1b015552c8ab1418a427aef8
SHA5124ba6c563075c5fb799f0b1a118463213d69ce45f38db001b3ae4ad0d49ec37f34ffb481833614483a8468e75f0d7359f73d625f4a2ab031fe21a5b6e45f3e04d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
2KB
MD52c446bf24ed91446b4fb94ab269ed243
SHA1f423911a5309277b88fa78fe2b65877b36442cb1
SHA25657ba6ac0b2b17c9b6a938f98f0a63b575afc4ead4411d88d158815c36135fbb2
SHA512712afdd250b15899a95ac1afe710fbcb131256b1f1b7f92d2f3e6d3dd3951b8102de414fa7f4420c2835cdf30df149707c9c61fb94f6ac4c72e9594233ec981f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
2KB
MD5034891fdd1e6f2e09646dc2cd4ca9fb2
SHA140a1223febdd4534fa4b490d6357704e400f0e28
SHA256c0df86eeedceac852618b9a6221d75670471a1b377febf2febe65dd5ec9deefb
SHA5127b77b3accd24652061c73c6065f1e6cd1fc615602d0942bad6409a068575f558d4ba588fa2707e47125a18942fd7f04ee5e5ed604ad4fd883c60811e6ed8e9d9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
4KB
MD5bb6c272eb4e1efd531ecb906ef57afb2
SHA1260ef8c0b7c9ba27c2d41a6cdd4f81d617e3253b
SHA256ea78b2f243f8dc23106fcead3922c9b580222ee2249f9442b913daae17e649bb
SHA5123e08b191b218fd8b758eec90837d01ddb9110b512650ea1f3cb395827c01e2954ef95f281f840cf51fc4a4be3ae42fa545252efea39eef40dd6d2fe18fd392d0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
304B
MD57d18b7e95edf05f697720ac8bd0bab68
SHA114af1aa5ed78c8cf55313c625bd330a66ea7b4e0
SHA2565da67f2d1105f076ebf61f6ee5706b3fb9ec72336356c4d47e4fa8938e22a506
SHA512923c84fd072d2b645a98723ef1d5577d1d68d523dd4726c75dc834f852b654f1161ee8088df82f31dbaacc1b0958cf667b90f0c4b05be7c7ee15686cbca9b352
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
400B
MD553a611d0dbfbe4a024c166bf6e95d860
SHA19316cfbfc455a2469c344fbbff5f132316161ab3
SHA256f2bbd58685ec5cdc4a75c1fec51710e2ff01b5a322a7ceda62645bca22bad143
SHA512bba71cec42ea1e5707bf2cc6a97d2dede1ed225040b26f5eb06644fa93a8371f168dc9f1d2097a2b2f3bbf428a89eff787c0cc7f8c37b41d847984f622dbd7a8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
1008B
MD52e87b8204ccb052dede3e0c997c244e8
SHA1e530532e36f5e01c17897db9458c1ebedb4583ee
SHA256584c308a138e030500d8568d5bf415fcb22396fc600d9144528877511244f657
SHA512f1e6b9f9c1e0843b487bdd787e3f5a92298d286b302316ed6fdf4a1dccc49c453a5ff1dcb5316c026c7087bdb23315cecd6e42c929cb506446672b50805358b9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
1KB
MD5a7282b6f14cb7a36b661f23d10a6bdb5
SHA1c32dc763dfbb57c366128fd6fe46b8b2e8979390
SHA2569c2c8c8aa0b003cce989df4701eb0a5223b325a03305673d7cdc0815043af21d
SHA51268a9fc28b3a27bc4d51531c494c4394d5280f159f8a2a39b1f510c7149ab424d84f49746c2cdea815f5aaa2253a9144628da0e192f892ad3dbc68186ecf3a3b9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
2KB
MD55ce692ed4cdf7fedc4bb037ca52b27b7
SHA1beb9b8e5b2fea610f97c9b21e7d26924881cd420
SHA256cc5ef839225c59ba211fb6ac2434ce1f4a7a69c0bd92aab473fe383b95803ffd
SHA51261ccc58dea22741508565375baf987f8225f63b01882ba387630602280869eb6177bf7897d71f2d4530933b51e690f93c7871ad41007d23346d9292b26d20edd
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
848B
MD56ae31836db481542ff600592804d87aa
SHA1df49feca50b2fc43355711a151d173753e2e0618
SHA256a620133068c39d1ba5e662414e84997e3a5aa33ae0baae47312ab14f260bf46a
SHA5120dca06cb337773f58e20f8533f1200beb9cf8f0911d7b283d819f9a3582fb30519a406dc3499f23b82fa52c2755e3c8e4969179a085a195ea0eaad262c4537da
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
32KB
MD51c267aa92f7c867267578973be09125f
SHA169499391fd66905387bfb5493d01aad0d514bc65
SHA25628f4c64052ae1f65792b77b37552943bc8a8437e8c6cfd0394487313e2c39707
SHA51279d7eb95e391b2ea8d03212cbdd2f4c5df76501797bf87bba88046a619e982c10dad6224659149d31234c1d8224b483969bf79602307cb9b440858d96bcb7550
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
596KB
MD5d219abed1bb4807baf2d9facc0b44796
SHA13bd11b7cc4e94d990b28fc55b9de3878100b379f
SHA256c11aff4d7b61059bb1033bd5fe05df2c2ac031f5097450a6da8dd16d0d1bf9b3
SHA5127a0df8c5264e77137ee825298328a94c246f2297ea87da19de212b58c9282163e1b3102f6eaf0b7d86c52619e0ada7c39584057d6df874932961a8d822ac286b
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
596KB
MD58aa2e4c3d146b587d6e5d83c40905634
SHA12cccda30176111c2af5fd48fb1788d86f0ec1850
SHA256b7bd7ad67ee1e02e456e2489434db2627ff2eb466d96b84bfe54185d72a069a7
SHA512734014d4e5560752bd55565675c15bfe704408a1ae8f413df71b351348b4caf6ea1d862e9fe3725221b155666fdf7364bed86cad97dc846d3f7f067c342127a3
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
184KB
MD564629daa8142a8bf6799f59d92e9978b
SHA13b3e6800a0ea23405efcb894febb104f98fcc401
SHA256372192abc1671394ce2068c7fc9a80b028f0121a1dde0ea02a3e8ccfa4fb15be
SHA512a12378ac1680dff1708b05faddd3726a29ebdbb6878a19ebf4b05e27b0ca2803554a254d845951d548ee75414817f2ca3bb5b0d9505260b762c93dfe0b7e6c6d
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
184KB
MD5eae5f812d160d8aa557e2f7a72117a29
SHA17ef17e0b0039f5b3c1c6b16dc92321bdc3dd9b48
SHA256d4465ae2d28d85a3a91eb42e71d755dc024c25b35dd9e89d849d9ff8bf9efeb4
SHA5125afa2844062b20f509e34640a462a20f52a6f8bca0c3804b7102303e9b6339f975a28e7a99ff487919728fdc7ad74a1217970e19d743bea21a324a2659edefcc
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
267KB
MD5cbf442008b8f6de29a4e8a9cafb6e2b2
SHA1e26a903969ab06984e0a8b6098e78e81b0703b39
SHA256beba888150b13f9c52c95d372ed7f27878ae10be76006efe7ea53e800b76a987
SHA5124b5f1d10d14748d109c750d8ec4e270224396146ca7be8749668b9d19953b24c646679e4252492c6c55a0987d1ee1c26b1df1acb3eab48ef058233fc3fa3c187
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
267KB
MD5996a94d82d548ddb91aa323d22be113d
SHA1393bf0b139581e0a9ad32f701b424fe1b3b7f5d7
SHA25687fe0c309f299d86c581fc200765c6e5d6e581745b3e666a4774bd3552132f67
SHA5120c5b64b07e6cd00fae5c3b2b7f3039b51fcb2989cee01960f8ca020e244aedcf6ca499fa71553b83c2f9640e8565e5fa4b12c6a192378235cde4fa45297a3001
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
802KB
MD58f07066a370746a7a1a9535af6ceb652
SHA12664a6882d3c32ef5ccf36c980fe4b3dd205e11f
SHA256a852b6e8a47348bab5586dba58b8ff3f1de13f49197f1e440fb62a0f59875d1a
SHA5121b91408cee749d2d83eeb46f0bf36395bd3139fa8f0d138f959b43f0dfae28402bf617e301e758c197c5f94ec9e9a197ded69ab1536c1f07c8b1e5aeaf73f51a
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
303KB
MD5bf74b515c0b7c4c916ecb46ef527159f
SHA1451c2668c65d86051fbeb2754c3276cab6cd122e
SHA256f4ebd96314409ed81680a2537f8ec8a6dc229ca860afbe62d4361a683ec9f43f
SHA512019a59d541da74b63ab449eeab78c587df2d272caf8b4a0c1f64f6bcbd27ead21d73ce1c46e9234dd6a0c671451292757c125ca16eb157c5fb3651bba94b546b
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
303KB
MD5f64218eac62da6568e5e0142d5e368cb
SHA1f7c65e8fc5ec011de11c047c3aedd8ce5903a253
SHA25684b1acda6a7e4a53ffb8f66e5b4ef32b7e18d1f39923134ccb3fa3674eaf8648
SHA512b276aa19573f65cecf1d0a53c28a9aec5c13feea9583a5c0462cf8e5a2e5773c797b4ff62462263575875482366c216dce42af9b03d3d5282c61e388128375c4
-
C:\Program Files (x86)\Common Files\System\wab32.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
740KB
MD53236cb51b33000e0bcbcafab323948bd
SHA1d5fffee94ed4f45e11a4156abd32311413ed9b31
SHA256379880a31fd4d66f4b6f1b55dc6fb19bd8fb5a506fa2079aeac21e78b5d5ad8d
SHA512511be945b18b3018e2ddf0335956b5fae9c95da2ae773f81f2fc8a39ceaa6b3e203f1b3b177af991689e2a64c9f908d99213734f2e028a2d01cad18ec6a6ac79
-
C:\Program Files (x86)\Internet Explorer\ExtExport.exe.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
47KB
MD53c827f1d1c7f6e828e348b50a94e1b81
SHA1f762fcdb4039c274f0992d7cabc65aa1ef877562
SHA2567e564f1ac1384e8c5b9771513b2d61feb54c73f65edb6ab277ba3519baf3bdb2
SHA512a085b0d5feb61b7b41e4e080927ba77e068e3d3313a897dfa9616c3ff141ad5f19f72c27bd3cd220e65671949b6e6317e320387a7f71b84782077b5b74e177fe
-
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
7KB
MD5d194eff970bee061a6c1df3040caa555
SHA19d93f98c1c8823478988cea9a68d94824c122d51
SHA25684a023430f0c33d66a5ac088e201523706d329d1223f5bc8106f872bb564a7b9
SHA512ebe8a8667d41e5a77fe7df0f962ebe2888b9f43b0c0b91cdc2a053b8f3ba34c7d106b3c17ad1a010d4ec67e76bea1c14497bf93f73fb8c8afd40e7f0bf0a5bcf
-
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
584KB
MD533743f013ba99949c772edf9f569d8c3
SHA1d20d179596634c9c3b5963b1606f8ffaecf0f9ec
SHA256e55ccbeaeedce0cf73018f5c834ff1409bc12e713f997888c65172c8c762a425
SHA512605fba7294334d28e564faf84de6b202e6a58da66679cb633ac49d050f0b763d3612f8ecdf38cebcdc684ead156ff772e28d047dba5a63ec3986768d8226a048
-
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
104KB
MD5faced7922b6bfca9ec6c78a6fd12d65d
SHA1ac52b0a7b1beb9d34c3b32a3d07aaec61e19c9fa
SHA2561233b678d20d6253d4dade83c781ade4fde3b0aec50d8d13608cfa04a1293eee
SHA51247353b61f724f935cbe5108f204dcd004116bab107992857053d3382ec777440067dee7bc657ef03efc167aae21144794dc6fe4f30bf73f48635b8dec959cdc7
-
C:\Program Files (x86)\Windows Mail\wab.exe.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
505KB
MD507213b775463c5271e647d8d83bfa4fc
SHA188360ad96996e2d0086ae95ac645a55b4d7271a6
SHA2561f272cd09edcde06d26c77ad8ab7f1f8700a4fd34e65e9453d677228fff5ddf6
SHA51235a57ddde34b095c521e5047fddcdd8b11290f52723efdad56747afde41bbcabb805c58de8dac0122d25d97c5c05d443608f87d23a34ad673bc6f0c1d3fbaa63
-
C:\Program Files (x86)\Windows Media Player\mpvis.DLL.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
161KB
MD52e993b1c65957fad31c45428c79b7679
SHA17af919af32ef38db5cbe05fdda0443eaaed3843c
SHA256e7b5aaaed9dbcc2e3b1b02bcbfcb51de488cd5e221082b8fd3c74dc92e805099
SHA5129d76d1712a8122818ed32ab509b70ebf1f2b53f3f299f329ce2b9f7765334891fad518cba397fd0bae9ab49829ca533bfb315dcbd07189c6645e2f3a3ccb4c61
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
2.7MB
MD58baaead7d1bb2bd920e02808890ffcdf
SHA1dcfc75b44855cddee22d3cb2caccb6911f9d29aa
SHA2569e85913433e63f2635d76ef08b02b944bb461793fb5d494d29d7b4a528194c1b
SHA512dd1cd5cafe169eb63213636389b8895a8a716de3aa3820f47258f800d9581e0025c4cc5549ff46aeecdfb4b0ddb82930cc50876c821abadae7489d3d9f6ee434
-
C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
622KB
MD523308bbb35a278ee52b2e46c6c552a3d
SHA1408677966678883b2b2edf8d63fe731fbc687ec2
SHA256db553631265cc2c28634e3fbc736b148a29cb1d8db68094ed81498abfd486966
SHA5125f11bee9d8bb6595bc152e475b8d3e700b964d2fb5075a8bd95dec84866b64141bfce81ceb9882075bdbc55bfdd62ff817013e9b23ede3164de4dd373afed014
-
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
93KB
MD5d21268a96061c3163d79a6bcec95c7e0
SHA1bdabf330f641c9cdc0cf2c5aebd4e0c4b959da0f
SHA25615ae63cb70c33c729aa3a99f0e3c61faa1f62b30eae2119d02dc7dec1605c2b5
SHA51288324c4beab1e7480d4feed2489028433976ba652bd72cde068dd59f42b62312d125cdb5d9209a9d86e38af3c48a1368096466afd5f40c00bcc6c48e8e453fab
-
C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.Format.ps1xml.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
3KB
MD59a4ca76b1c6433d03438a1256f30f091
SHA19ed5f1250885d90cb0e00e21410ac4367d1802fb
SHA25657d1b05b6a90264563571633682769780b15c1f207acebdc9f1a1214140914c7
SHA512df657cb119a27140f2c08ee207e0442460c9e2b629f9fcebe784786973b254d3297d037ca806f22ea27e7c6c244ad63913ab6ffeec7a043afbe2fcf3cc28e2f6
-
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat.CA5A3AE6706D57D1008755026212403BAABB67B00450B14EFCF81610645B34D5Filesize
752B
MD5d11c854a98b0ca5fdf5d2c7d9825f92c
SHA188ac8f86490cb3a5880fd38dacd3685b96420b80
SHA25645a6db79bc1d543be841f972fd8054d59e0d80edbc531d75e52a83ecaa660dc5
SHA512898ad21b6038bf850613ade4e13f37c44384e6d8e1f3fee8435569f9d729cdbf3a226788106dd7923d191952343ca83132bcf75177e9de7048c230b1b1a1ab96
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD596899614360333c9904499393c6e3d75
SHA1bbfa17cf8df01c266323965735f00f0e9e04cd34
SHA256486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c
SHA512974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD519a8bcb40a17253313345edd2a0da1e7
SHA186fac74b5bbc59e910248caebd1176a48a46d72e
SHA256b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e
SHA5129f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000dFilesize
236KB
MD50575625e5ced1be9f4018c5afa456406
SHA170f86daa07564d318c2825e08e2f70e8bcbd7967
SHA25637e612d9c4d2fdc46c132a1ebac107c720e45135f5c79956140f8d38a951332f
SHA512992f17fe1348d9f4d5f3870302a268998194e8d59c1087b3474568434e8dd90aeefe57aff7d0caa91fcfe7239cf9e9f38094b3767ae9d9bb592c41942282088f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000fFilesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010Filesize
69KB
MD5a127a49f49671771565e01d883a5e4fa
SHA109ec098e238b34c09406628c6bee1b81472fc003
SHA2563f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA51261b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011Filesize
31KB
MD5143851213a8c9bb73c3df32d032b5fbf
SHA19a08b253f9298b3a0abfd2848765893b9f684bcd
SHA2569e9b586a3286d9c7df98e2b06517acf8cd21079a7e9d4c319233a8db6baa964c
SHA512baebf636d3650998cbce2a986e88eec4f75016b7936d095c58330bc30c59138bbda32d19bebbb57b26f582285d1f8840b70b93ce55e5d58fc2fbc5a6c7311188
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015Filesize
1.1MB
MD5764666e3debd6fe7ff0c0b625a41a62c
SHA1d89070fa6d0ce0f1d23a734d7dd59df17857e002
SHA256eb96750ea92f4a0869b8bc96e6da246127aac54b53a336c924c7a7bec891258a
SHA512ca32adb6382b05f136afdc5328729ec2af14afab7a55fe777e06499ad2dd11550a09d278432fea9d9ec831ecf5d4952f08a8c1abbf299f2db9f226dab1bdf1c6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005dFilesize
393KB
MD561da9939db42e2c3007ece3f163e2d06
SHA14bd7e9098de61adecc1bdbd1a01490994d1905fb
SHA256ea8ccb8b5ec36195af831001b3cc46caedfc61a6194e2568901e7685c57ceefa
SHA51214d0bc14a10e5bd8022e7ab4a80f98600f84754c2c80e22a8e3d9f9555dde5bad056d925576b29fc1a37e73c6ebca693687b47317a469a7dfdc4ab0f3d97a63e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005eFilesize
132KB
MD56a47990541c573d44444f9ad5aa61774
SHA1f230fff199a57a07a972e2ee7169bc074d9e0cd5
SHA256b161c762c5894d820cc10d9027f2404a6fec3bc9f8fd84d23ff1daef98493115
SHA512fe8a4fd268106817efc0222c94cb26ad4ae0a39f99aacaa86880b8a2caa83767ffe8a3dd5b0cdcc38b61f1b4d0196064856bd0191b9c2d7a8d8297c864a7716d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD50f9fe227caf02d1f05248375a77fc781
SHA1f5201a0be45ceb8a81bf51cc47347ca5435f51e5
SHA256e1fe841a646d42a2290a615eadab5ee8c85410964cf7bc275f38c272b5f6f971
SHA512e342cf8f14e80db309bd6c7e01d45022beef1bf86ec2a6a504260db8ec44db5e1175700878ca0804643dba2ff0d03f0570c6128a1cc8d067923364decde43572
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD57d7dc3491291e2f233e2b7738cc00f09
SHA1ff74c04c2b565477f10aa2d222fc7878dadcf247
SHA256a98c3600696704ccbbffe79bac8cb5b513ad00656adf267acff857d895f4d65e
SHA5129d8dd6534d5f1f4d28bfb15f87cc6998f7c767ce76219ebb7a57752841045336494fd1e9cc5584709bcbcc3b2b15707917a6b5c7349a8410e3185313ca58ce5d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
5KB
MD582c2cacfc22cc39c602f420031abad3a
SHA1e92a877fccd324e1ec2c0afa6a79d15b56e233c7
SHA256d21aaa94b34a67fed4989762fc09a46169484c24852e68eff7d35e91e16024dd
SHA512585f19da514c6619348da4b8c29e2a555f0c369cec4400c2407d0f49c79483bc2a5a609a674c25ec194aa6886b58caff9dd9770b958898a62346301e07b5219e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
562B
MD520d59204d2f9df9f5085287f08452ead
SHA194d14ef182a30040b92129dcefcfb8fcb9688b62
SHA25659d961eac264baa586f5e9edcd66dbdfbefe08be2d67f371b74e260d34bfaf87
SHA512d3518d35ad6c177edd3f36fdd872f420f4f6988ea4e11633fa441aa76951db46c47d31206133f3449e024ab3a637e76b13ec08d1eeb5d5264b73ac99dd216011
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
6KB
MD5502bda715b3ec5f64545576939c8efe7
SHA1a7af00defd18194a489fe0ecc8188c75896aed37
SHA256ec43937531385a5ce652f239f71102dd119a47dab09599a31fb24c7be6428ef3
SHA5126b855a7f4045e476221ffedbf8491946e2ba2c143b3b4f9b2c773344f7314a90ce5f228a5e45452cda5577ecf9ce842cf8a884a226835c83d48e78466579af0b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
562B
MD5c4a215f378aff8ee01a8073d0ced6110
SHA118632b6c91095e7b41337dc55f11e02f52cccf94
SHA256ea2d050ff3075c8efc4d649756d8a97421b0c7acc1d62b43d5af9a9cfa323fc7
SHA51213830fb9fa2da3be865c7b82b7d2b594ed5d0bd79cf210e74e98c787de76dcb9e30f5e2f9ee12a9864007d32ad6515e0cabcea8bed07577dae312492f71e4461
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
5KB
MD5b30b1df4c1615d8350283fd9e377b1a1
SHA1bb4dd813c49e832805dde1d59cbb41cda092e562
SHA2563f96c60293a10db054e73240220fb536ffa093b23b679a7375e4a52f495dd68d
SHA51214dfc83054ece873c1f8d057f94be768dbc3cf55ef995c8a8a681ed132d71ffb76b60bacea7c1d04775606e2d77f9617728c4aa51566f50645a02f25d5715af6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
6KB
MD58459c4f00fd900a1ef8328de8972de86
SHA1e67918e6e29cd059a29ac10e9983af3dc2e98e88
SHA256d9255bfd0b48c2d2804e6acea1f347cbd8a3c14d4b8b8455eb714351174c71fc
SHA5126b7c9dbb5b22c801adfa66590975dbf370febde75306d655092f7804fee07b49bbb43bb5d0444fbd1953d2373c4b880e1ae2c007cdcb7f8cc547b00a734a0450
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5a8eff0b7869440fd519d73e1bcb797b6
SHA1cfb59678d51535a66e0fcd2195c866a31f6ef30f
SHA256f49ce8f90fdfa469b0a4037ee416f1b916cb9c22f422f49c0e9e071bb794a96b
SHA512da5f307b79ed4465549f0393a2837818e3c562a758cbc8beb1d04041514d79b7a9fc761f0d2428929c341341d6fc3cdc64640db2415bb5ef73a85f2cb038c6cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD53d23f24088714bb50c82b1dad4a36159
SHA1a107156bc376cc2db6c99d81b4bcfc0354cfeb33
SHA2569dc66fdffa9e8b8eea82189d09958817512a225851df62ff587bb088d2b82f96
SHA5122cf2ea8375b0e76131c7e8a29016abba16829d67c593f3ed390b348f48147818e19c6c3ab8a8433b2eb9c7f89776ae14bb40ee2d51c6e374e24cee211fec4545
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD57708af25c353c2874c20b1bfca479403
SHA1aa624b1e8d45d8f5c0f9fe8a25b324227be72441
SHA256d4f09768d105aed2c87dcae2a16f33ab6a18d7ead54abd531b6b1199c3afba6e
SHA51201a8163c4cf3f2fb889af46a66275efdad4e5c3e2dd3d2aae7e17c85a75888de45420e3db9ede3843187dfa003f0e1877d9f5844e5d2d37e9fb3fd5527a43c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c252c620e1ae1122e846342ba353862b
SHA125ee32dd87fe53db01b207ca12cb625e12f44406
SHA2561763eccf1a31f9ee22b15b343b75f8648875b163dc4ea4891315aba75ce092a6
SHA512fd4869de04ea2f098dd53daa3e3af517d1f52dc5d83739bca86cdd8524109d1b69ee7c4aa34a295034125de6f845e96415f363ae09e36b6749be2d9ea4ed3983
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD52b3241d13829fabdb4a0f5b722129beb
SHA188bef08422397016ff7f73972fcd387355150a43
SHA2566ca2f323c2a87c0db4fefccb7d1221a4bdbab93bcf2e24835cac5c8d91b6c374
SHA512eb1288ef808301e3bb7aea839a203d1c58a3619382735edc2a63cf3137767a3d6792612cd50f9f29f7061d6b946a2c3de43c8e1474525baa5317f4348d10a015
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5cda39c5b8d3cda0422b3f4c5ecbffa77
SHA18db46140ff75b3c654b35a4267767e38654b0279
SHA2560c4ed9df6207d802125875005443dccace4fe11e4308ac871ebe2af3f4addabd
SHA512dd9f245a05939f0f4668c584f37ba3c91d7eb235b4c3d96502707f3fe5f9ad71c4e6e3d59e346dcc470c56785c0d428a3b24e9ced39e8a2d5d62978a6320ee0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD50c4a0b392cb5cb043ca1e36aa41e4c6b
SHA1aecdb7329e7e91416f53db7c6952917258c1cadb
SHA256241f93455ed4a22b33fc02457e4f64f6db6b7cbfd1986e3e80f186661a9c1a2f
SHA5122b98d502f9b2db970e64dd205ec721dd2b082507f260fdee695686f5bf4c359b36fb6e3e3ecf78656d4a621523a01551d6a26b3aa37cdeceaea22f524cc364af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5b9a324664d85f25f963b905c8768117b
SHA10d464ab6ae9947ded74b8ea76cd10467921adb7e
SHA2563942f1e8ddec8da65ba3e80785fa1a91a03e60b027c9aca967943645a8af80c4
SHA5129015b0298b32271bc40e3004609dafd3482b90906be72cb9458e82a536be5acf18a942ae810517458879ec9a6eaf955570c2ab739c6165292a8b54adbd739b68
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD5db89167538c663c3d78d5fa1d0a5cc6e
SHA17b61f62f5baed14f1f5826982162d06088971b7d
SHA256749c37b3a79ea21d9fc6a8bd2aea24f10bad49e81929f73df31939f90d264c8f
SHA512379226a5b7842001260ca1578559d6d9f8b97495630896fb1389950e3919fa1596d513651234320405173af8a01c4601e6f5a45c289bd6fbde39d43b93605312
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
96B
MD5747fd035fa20ca6f7faafa475a54fe2b
SHA1f677e0fcde49bdf9b75c559739a58196bd436d72
SHA25669c281b16f3454c10b96cf5ba8502ec2af1082a9456cf03d11f7de07aad62719
SHA512fed6f21a7c6248733e0e53b8c4cde03ef5b5267105ab3b5640e0fee39865c1e2ea8d751c8eb647f0f70a0d4e673f6a89288507c84d6848d1cdf225392b5f8300
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58acb6.TMPFilesize
48B
MD51fdf0a01e0aa36a37af3e6120fdc0cab
SHA17c1e36f392a500132f15a4a16bef959ddd4bf9f5
SHA2560ecd2a166e036a0f3931f417c8571ee65e2cc8ad59214178a561d644fa4d4f49
SHA512b9d196a9027c7c510bba6eee6d396d313565ef87b9750b4fa7a9ac00e763ac6e98bcf29b38d0d38da5b848b7887c998d94a45a380bf71ce30c8ba79188b0ca28
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD56c92eaa48cf1051a35148e2cbe976e7d
SHA195436c29f38c68b3193c2001602bbf5268b91414
SHA256e2f342ed75a58681e6f788961eb8155e58929d7a4bcb1f31cd629c7b9723c9da
SHA512087388a0091f0732dde1d5cb1a0153d63bc4e3103e4a3dc3933ab67cf1720c66b04a437442b09dba6055dbce9162b6cd91fedbccdc88e6fcfb4f7487a11cff95
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD599ba17427b85398a032d70e86addb30b
SHA14169d97934b9ba6192fbbd2f022893a4b497e71f
SHA2569bbcf4b6737373fb59b995b4b42309f99ff583025248371bce19842c7fc91e69
SHA5121dd1caacfc7e0e0f8e79a30fb2e3fd107cf73ab27976d36b1154514c7ae311513705b7bb799958d496cafa6053305429c2fff570084c5bc7388253121ace3c89
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5f015225db456c42288c37cb7b7ace019
SHA1363124ddb8bd39bbb9717cc89a3329abde518358
SHA256989949e8a2c243f29bf1969271f948911ea86d2f54f88b119ba111aea747afa2
SHA5126716f223e9f44fc0fccbc87630043e5d32d9fd47bbeab9e60b3dd16d76c55f5a2eb389207bc4fb427391d4cbbc9b7f4eb51da2e258546932218b3bad2a2d79de
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD53500770056d10c9b6cc8ade4bf70abea
SHA1acce915a54e5c1ab1019378426e88cb2e1d5e53f
SHA25604698b7c39ab2656883169013fc55c8a2a3d088d9ed8ec47bdd1fcf2cba67e7a
SHA51244e67bf61d750d61fccda0cafacf4a03982e1ff26dc574454d3456b7c441d3f87d23eb6b8e5cda8337a0da1ef3260e87b565c337e0ef1ae7d21c14c97f6005dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5f0066babc6f5e9c7ab4a425a12a79988
SHA197ff59510a6bfb804ae0343f8e0ac1174403c39d
SHA256dc2e097c062bf29c3986eae62cdf9913ff1b20f02a5ac3fabaa6c0650745f19c
SHA512e9b7652f32015431ee9bfe165285b9ffabebe5ab00a0040f384627ce26f061db4bc9f89f9f8193485a26bdd2b2837b891fe3397cd11b939823811916c6a18d74
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
874B
MD53e69d2b054cdab29cd593483028bafdd
SHA1734df4f6a6e93fff90e1a0478b0d476ea98fa56a
SHA256912a18687e3a59653b82eb9122e90b6826f65428edbffc5743a8af2c770c89d3
SHA51226fb682791c95d0b3afa858f0533b101ae63395cde4ee46f7ac34bba4bb01d86426e32c4850a04f12282278fb1941bbf5c1e100ee55d8a9643b43fd4477155e0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5c183808734199f073960ea6a7a590500
SHA19cad1371cc230a2989aea1c774ae949903abe6b0
SHA256ab03ed718b88450ba7855ca78d3198cb85220373d912216bdbc48552041799b5
SHA512c2c0d01ea447b3ae20bbbb10eabfcf1a47838494746221f9a65c7b4c2b522f56d5d0a114e8d787ae56ca7fbc1949d232bb8bc05c7dbff799001ddc3a34d761d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5681e9cc0b902fbd8704ce957065982df
SHA15f8212765bebfd27135f2441a8f52c2e105b2119
SHA2565773462d345be1c6d7074a4de47c7093cb4f28658d9873f0ca4ea89d6b9f5ffb
SHA51271d2bb2345b5feeae2837b45de2cc8d4b6cea297d9b7351bad0b497bde2488c0af11b974578f6a170086571d49ec6720ae568dda939e25835fc10f33a1dd8445
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD527e87c23807bd722f2251fe38435a27d
SHA1d12ed2644d8d7f5e50248968f1ca1601b354b8d0
SHA2561c03e6e5932794d90baf8cab8558d55b6ea16423b72aaeda4b64f6bf402fbcf6
SHA512c5538e5444c8e8bfdb7b24c60ed5eb1ba3576d46cb8166b568ea565cfae02dd53dc4e4908c4f95724329c2fa135deb9eeb04849a93f1f7e733a14c1f53676f20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD50207b12bd8be37e0e3bce12217407eaa
SHA16fc56872bc8fb1525eb4cf9911342186400e2e82
SHA2561903f58850336ec4d4e370e5e9d26ead9bd52904faa9f5c955021484e7251f1b
SHA51218e8fec5e8a77f990913a1886411d40cc1060a0e1866e42870f1db3df80c92103704bdc213be715b1831a0460374e9e7af0a35dda0dda49309f5ecd58a242f89
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD587829b94a242d5a89b198ceafc5c3382
SHA1d7329292fa2c31115d4d774e978c9439b228296f
SHA25692cbe583590707bb1f026651da74a48e91918c3f8ad04f2a0917011d69250a10
SHA512802d305c21bd72e80122360e74d496253d6df7a3793dc952b52a2d2310e354cf7e7ef8e7bfb200deb2578a313a6fe817ceffdee3bb94656274ddffd4a1d8b211
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD52dd9c21212098a2d6f440da55fc10224
SHA1e1c5ab9772b3fe8a5e665243470c4f017e076597
SHA2569057a99c591ce3de28db7ee27fa885750bcfb938061c163ef266f70dd7853908
SHA5128f0165b9a2615ba83416f8f9f3a87ecc07660e5d4838237c8b0477d64cce785cb40c7687b6a2e648e3c01971ad3e23e3b51af3474f7bab0b61ac5105d84fb243
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD524cb8cc09c5f53de49731dcfe2b170af
SHA1cb4c6a083b709834694bc87894a2a57ca16dbef5
SHA25626460b13d44a377ce76746a42887d1276c2399a023707a8cc71ea6505243f8f6
SHA5121b1180b0c62eb717bd8162bb8f71337a62b64250029039730fab096a25a00c12ae6a98acd88ff9e289ed872d9cc677e2ad75bf3d88d3a05a4a88a03dc8beb4a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD52c73a7dac63a71f5a21f3f1e9cb98692
SHA1cfdfb93fa2e45ae5aa8f718a1e9641f04a58883d
SHA256ae87d2c1fcf7341245ddaade2b664dbb264033b49ca0903ec19fa530f50098e6
SHA512b7fc9476ed66b189a36c167b35df2012e27f0642b592680b585aeee84fed468aecc403414a39d95c309e02737370e9f08bda36cd47b3d46b5739f8cb3d3b663c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a652.TMPFilesize
539B
MD560f7d3bb7eea14bce2506e9f3f3fac4c
SHA17e2b1f662e4d277718a66c125a562a720761ae64
SHA2569453aea15d49f3f02d9015d3d31d9a8a6300ce835fde01ebf723a6978f84f51b
SHA5126c72f5dbd1a1405528390148d75e19de7d98ef6306626a92172e01a4dd63df678bbeaa103de2a9c9bfe8408f74b71ffd5ef1adeedd1d2cb81f236d9c8c864753
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD56f6f58e20071f063deee3ae021993692
SHA1897f2fa903dd93db40be4a50a62bf689f88eddaf
SHA256fff5c92947de132732675c826874024f2da278aa8600b43a18f8a1fcc075f90d
SHA512420f872c096a2436980c2cacbe47e5ecb8af4061cb9da648bcffec47193e6c3ecfb1ef84b8989074033e48b5fbf71b8fbf0dc7a47ec2dedf573b3ec9f8fc8428
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51ef21cfc932890b7ec1ba16898725f85
SHA194f54aceb4d4950e729c68bfb8d5c3aa4ebb9f14
SHA256de35088919345b9bd753469a712edd275cc68504926205d42fedda8daa647cb3
SHA51275267ec9a20785de88ba295a6864e5434e8594fbee5d6f39ba7b974c16dda330d91289591c6a683f73122f5a36ed7ec4d3e7ced0bbf14ffffb965a31267a7b7f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD59c02792a2749dc21d963176d43a1990a
SHA12e2112d72983158bcb6032e67a13eb8a6f5190be
SHA256f1b2638b3140cb81166e6bc335c1bf72de1fb57ac64c6fb5efb5a425e4d50205
SHA512d47b5d8368566d1a5a759fed279cf6d9994b8a0e9f9efe152af84855a26fc0907e8f3d6f44c0ad31c9faac9cc885458549f363de1dd418cf8b5f28a7c5c72288
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5579b4df5daf06c01df903d1347bd3d9b
SHA18a1eabf6430cf3803ceae8c8bcefeab70d9e6f29
SHA2566787ac9d1bdd3ca516b224e3b2320a2e9442829b9f7a48b18d36359693c67a87
SHA5122704a624ad86192ef0bdff378d13d1b93614dcf55f42f381e331ad2ea555eca8806e30a6d6f717e8e6bec6a25d79568497c1daed0e0f874b64d3dbe06127125d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5ca7af04e292c2e3c35c30b0d65500cbf
SHA14fdc36fa9d8a3b61a2b2735513f8421b91e48d0c
SHA2562daab452a9cb772897bfcb51dcd974f65a275f4604c13869c3e81c25e3c53303
SHA512a8c3a8fefeac2accbae15ad520c5ce0468cfba78413e65506b5299ec52677cd34f01e10fdf3f6a880eeb05a80e4aabf02253a884d06cccfdae601e2b2fe004a9
-
C:\Users\Admin\AppData\Local\Temp\TeYoYsUs.batFilesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
C:\Users\Admin\AppData\Local\Temp\file.vbsFilesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
C:\Users\Admin\Downloads\Deskbottom.zip:Zone.IdentifierFilesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6
-
C:\Users\Admin\Downloads\InfinityCrypt.zipFilesize
33KB
MD55569bfe4f06724dd750c2a4690b79ba0
SHA105414c7d5dacf43370ab451d28d4ac27bdcabf22
SHA256cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527
SHA512775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165
-
C:\Users\Admin\Downloads\ViraLock\AYUA.exeFilesize
191KB
MD5ccf9920ac8950bbc43c127f75d5911e2
SHA1a9cc9e58a14503d6781cf9b124ab4b3e02b83d7d
SHA256fc8c9295fbaa503bd69b5b68a7836cedab2fbdec1597aa628e09d6f47bc55320
SHA512f77134596bf93430aaab64e033a9a0fca8a45e75138aa098f78c01a4b97c85146529aeec3193bc599942e593d6c7ee55e0b674cf17baaa6b892572beaf80a3fe
-
C:\Users\Admin\Downloads\ViraLock\AYcq.exeFilesize
192KB
MD523c9e0fba35698c9da141d4f99c32091
SHA1dddebd071a5e4b50dc1810da9e88bda48b55b329
SHA256249f4a0fd827310aae92f226529b55f01760fe86e268ed5bb8695be56d0dc26f
SHA5121362c0cdeab34c4f7cd3be025d5630e30d394020273ae6a37c57b555b13017126e4a0e28c9a02f5ebd03208e59c6b4d6c58a789d2dd04ba8085fadb986274c68
-
C:\Users\Admin\Downloads\ViraLock\AkYQ.icoFilesize
4KB
MD5ac4b56cc5c5e71c3bb226181418fd891
SHA1e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998
-
C:\Users\Admin\Downloads\ViraLock\CQoE.exeFilesize
193KB
MD5133382d46f3385f87966d8e5ee24e43d
SHA1dc06f67f0f9ef8c2e4b34a852d5fbee15dab9d88
SHA256f57e426d52b1afd0aa403c687ae805a3c314617adb8ab720d61dea45c5171730
SHA5121fe565ae4273dc889996d53791fafd22a5f56f26f9f48f23b67f2647bfedb7ba23a42d14dc7cbb90927d3e55b88fdcf0e5dd6747cec05dbbdd16147b61a231be
-
C:\Users\Admin\Downloads\ViraLock\CcIs.exeFilesize
187KB
MD579ee3f04ef42427a7860ec662f7b3569
SHA1d01f7f52aee3b3a48d74a78ec646144088be4f3e
SHA25691fc91bfa6091068454e08833e18cfd510753d8e99bc85c1d4aec6094e8515c1
SHA512572875ff9605546b92fce0c5d3a15152845cf024ffa4646f32246d833ce4f402b0f58b711b1e61caae70f6f47acde7bf950e5446d61d63709d01c545edc0fa56
-
C:\Users\Admin\Downloads\ViraLock\CcUE.exeFilesize
214KB
MD58f02fdeb29d9afa892d03a9731698cb4
SHA161b47b5d034fcffb22b77c88f2aef306c12e8809
SHA256238d4efb01625e9c3da64ebc87c08d45d6b90572a63e0737c31fd800c7e0b616
SHA5128617185f4a028a8c4f409d37414f103a008387872636b77bc1f4f3ad200c98fac0558e7fadf23393e26c8367f75bfb98d6a13cc755b005c169921e91eb4f69b0
-
C:\Users\Admin\Downloads\ViraLock\EEYq.exeFilesize
633KB
MD5922e95cd5012808b5771a70b4defcdd7
SHA1efb62a9c3ba97eb0b8245ed3d549b1a335829e8d
SHA256a7172df40c93492d3c420d1030523c765c9877b02910b6deda53d8ccc65a4513
SHA512e4dbc49cdb6d4a6ebd91c0efd696ebd7a667b347d640d7c832f8c6170bea8223b155731b511fdd21c9822328374f59164c1d4b6e201073f0e96e21dca53d786c
-
C:\Users\Admin\Downloads\ViraLock\Endermanch@ViraLockFilesize
6KB
MD576e08b93985d60b82ddb4a313733345c
SHA1273effbac9e1dc901a3f0ee43122d2bdb383adbf
SHA2564dc0a8afbf4dbb1a67b9292bb028b7f744f3029b0083c36307b1f84a00692a89
SHA5124226266b623d502f9b0901355ff388e1fc705e9baff0cbe49a52ef59578e1cc66f5026c030df4c8a8f5000b743523ccf18c533aee269b562d3017d14af014f9d
-
C:\Users\Admin\Downloads\ViraLock\GowG.exeFilesize
214KB
MD50838435b40e5730e1c8ced31055a4842
SHA11b25f24b23f4cf0f0e68a4dbb8ec4d80170c0c52
SHA256ac3277693fcc29e6aeefff5f9f702d9e60a4f59ac2fa91c654371b27006db5d8
SHA512a75c5ce9393cda0b6d3793e468e6fecb9fb1c99665480463e941c50fd7a0e53219eace9d80dd2f3eef03fbb050f1bbb5de6d068ed3d6d67dbabcc9ab838a932c
-
C:\Users\Admin\Downloads\ViraLock\GsMm.exeFilesize
194KB
MD54e4678ab6ba759db96a599f98d37db28
SHA17aed78bb4d0f8ec02dd3a0561f7ffdacdba7ff8c
SHA2562e5831e6be3b4ddbfe2a36afeb5d9d5959519e2cd049240be28049175d4dfe53
SHA5128d22029c6b0b75982aee1a2cee7e5c045cfd5567601b8b150eb904a1b1484e4d3538c72cac61f5cc833abbce46cf5730f068564e86454bf1b6eadcdd5aa14cdb
-
C:\Users\Admin\Downloads\ViraLock\IEMK.exeFilesize
187KB
MD58e0d49e631cccf97db6a343001c3b04d
SHA16bd43c9ebe72cac38ea2e1d8796156ce7d2d1717
SHA25687681edb7d71a1940b9c7296029756fc97711c63820333fb22afa7db1635ff52
SHA5126d590233a87caeb03a083ee0ea73f70647f280f3f98b9c9cfcb93c2d9732d3370b692a68acb0477d6b99422030ea81780b58c61c6e81d76e6176045ea0dd5284
-
C:\Users\Admin\Downloads\ViraLock\IkIO.exeFilesize
828KB
MD5afa7e987921ef2b421d50fad27b2651d
SHA1b43012f1034914b5e635643d6657e1eec1496b90
SHA2569d361ab5f420350b8bb452f6190ab907d3d48957f12e45cf7e544bcc055b7f2d
SHA512c2a53883f5498295cb78d2eb0084265ad140cf5483a7ba48450031f0ab8da39ee651f52f514dbc809d30818294989fe1fba68a082ea25a4c7db1b68eda72e4fc
-
C:\Users\Admin\Downloads\ViraLock\IocE.exeFilesize
834KB
MD5a4565b3d938682b064cffc654d29fed8
SHA1443d4c57cd7976a68696d0c100d4d11542bc54b4
SHA256ca3f417426f604bc35b60bf61815eedf4236f9477a63cb74f6d277750be16654
SHA512f1a153c92647b8dce94f716ecf30e81bd700b5bb4dd34dc439804bd7394d4c81ee0c9b8c7c6539d022b04b9a0b7e8543d8896a4499312fb4faa527bc078b8731
-
C:\Users\Admin\Downloads\ViraLock\KEIA.exeFilesize
191KB
MD5b4323066d66daedeceb68ce6b6cfbfae
SHA1fe7c7826aadf3a71b07138b5456bb9f58491e2a0
SHA25694fad6a853f6640fb2ad2fa318d0efd5cadcfbc504cd30a43598e6df2ab8b012
SHA512ae633d6a1ae63ef087cd125265c4e7c54259d19c77b0b5c624c0baf17ca3e2a158310e297a12f45b46e6a43734c1066ea65bf7243bfad6ebbd5ce748c8205740
-
C:\Users\Admin\Downloads\ViraLock\KsIk.exeFilesize
195KB
MD525df994ed58a8449da2dbff3455cc2aa
SHA12d5d1a83402bcf7837698fc4533cfce35d9c0985
SHA2565dae6442db28085b305659a3da68b672519320458e1312b97cfb9fced8995352
SHA51247e8437e258534181ed694539ea6ee2c1501dc50927145998a348f1bfbdbbe7ef501c5a4bf282f04b8e99abbad5d7dd01909c55d4b28ec18141861c3e1cfd56f
-
C:\Users\Admin\Downloads\ViraLock\Ksou.exeFilesize
189KB
MD5a8b91eb60c969bd16cddb8297874187e
SHA1c60c90f88648dfd48649cc278105f2093c2aaa1c
SHA25692c3b6445287d61a0361a999c5da600fb76ebeddd5d641296416d707465624fd
SHA51269b10fb82f833893d175ab48bfee1b2bf1234bdad49117d5e4a9fe8cbb6f60a4f80c001a63d5687feeda113be40929786d5cac87f42530db93b87a841ca3e035
-
C:\Users\Admin\Downloads\ViraLock\MgQK.exeFilesize
184KB
MD5cf0bbca0635f658dfe94f078c56c1ec5
SHA10b23d14e1212c76022688ffc393054a206d5dc1c
SHA256a7578e6080a2ddf78304ed5022648b26d031ba7aa58e7b3218d7afcd0353e599
SHA5128d24b99c9c03c095781d17557cf1611aff46615c437083461d2e12238ec938fe11d37a2cfe052d2a0bab3ac2f41976b2bdc9c4649ddf837eee86bfe836ae38a7
-
C:\Users\Admin\Downloads\ViraLock\MwEQ.exeFilesize
203KB
MD50f93ee615f356458663c91b1c91f0e62
SHA1d390d4b4d03d03ebc6665c0e214bc32fc22e2617
SHA2561e78e0b6674bbdcfd573306d17d98199af669340e6f7eb9afb36e00d6d2626fc
SHA5126d2c998849cbd9871bf5b2cd0066ebcc87e934524e042db769cc4c9f554c4536def9c96977f3cf9f75abeefe57d7a7509537e083564586f2d2bfe509d9d5576e
-
C:\Users\Admin\Downloads\ViraLock\OMwo.exeFilesize
205KB
MD57b0c66b82a38c46520a988b778231ef9
SHA1c2e00ca74bd0bc3f769f6ccbc7f6aea36ca75a20
SHA256cc241a9f57b95a6a8e9619db8f5c3aeaaac70ddf4d7af831a064339fb4327621
SHA512b7831d07afb71dfc0de08af9b2a9479248b578a3abbe375437ee8fa99f4e381a315b527cc20df7d835f8a427a5a1774afab81c43aa1abdb2c85f8b280b709e19
-
C:\Users\Admin\Downloads\ViraLock\OQEY.exeFilesize
657KB
MD52dd3cd819ef3a729f5cf00b5307738fe
SHA1c73fd91537a9f62eb49fb09e1e113f0b6c3afc19
SHA256ec250bb3ffd5c66306c78d3c1ea046b103a1886bab26c0c02d907d37bfc46c91
SHA5128251bff74c71259c98d3063bc89803fa4a679a4b8cae667e10b4a9330c9509690de3c925e604e556cfe82a9304333af731006eece1efd7ac5c31ea2668714ec1
-
C:\Users\Admin\Downloads\ViraLock\SAIY.exeFilesize
196KB
MD549d5349d936e3bc5a64683301f4f6db2
SHA1cbde60ade5a71b451696d38ceaaf13eef2d355bb
SHA2564f6a7b3bf75e8c6a7f2ed56555a695fd38149910d06accc37fb97aa700ac35a1
SHA5124caf04d36d63e49bcc90e3c9770c19de7326d857d1d8d36b285b1c324ecad7c175bfc6764149430211030c1c4f9291ac791d56e1a2e682efbf605193209fc31c
-
C:\Users\Admin\Downloads\ViraLock\SAci.exeFilesize
201KB
MD5fb2a90aeb65166c53912f84b641e833c
SHA166c7d86022cfc5fe607ad8dd07ec0ff20ea31b7d
SHA2565dd41927699ffde135f27110f77e73df7d5081fd38e02c5ff04241fc9a54c104
SHA5120d9cf33956799a6d5bde60464b21747b49d08434be98cb0dfa97bb9b2d846ac682f5c1e75bdee8a88dff2e7368c288542dcb6a61eb1ce182a59abbf2dca03ace
-
C:\Users\Admin\Downloads\ViraLock\Skga.exeFilesize
233KB
MD5bc4e98f5845ce5bc70cc2c8246a92d42
SHA118d4ed88fd0270f9bc38324e22e981fdb09c4f8b
SHA256b5c6aa5ea95a69d6af606b1979122c831bb12c1f9adc0317dbe9db639e1bf6a8
SHA5124868267a9f95fe899c5d1f714d2ec312632181b495ebcdc8d635f273e548bcf4b7f933ffa76e234c739c7ae1132909ed851197b74636d8591dcdab1445da70ee
-
C:\Users\Admin\Downloads\ViraLock\Ucoe.exeFilesize
205KB
MD576fb847680f96c6a21d5b04c3fd888b8
SHA14cef0d93ba4f447ece13e0e436560115a0f91796
SHA2568c00646a8d4a7dfa94ef06df66dc4b2e32c18ee4f40cdf2d6d5e2d4ec83e32ef
SHA5129325115de532c26ccdc0ee37eff5e28de627a3c8b9e90236cd3f384400bfeb71f9d16711ce0f76ed0526e76ee483a20d898dea29072a697b7bf7ef3f988c9201
-
C:\Users\Admin\Downloads\ViraLock\Uskk.exeFilesize
792KB
MD5c40d3e74ef035bad7297ffb35d7fcc28
SHA1d10a7a11da5877104cf5240126e3b235c73bc27f
SHA256755867397eded39beeb697fb951e6e7396a65b8045e424d704fd8c2974394b1c
SHA5129cf955abfdebd20383b38f2c78ad6bb2a052d9f0f76bd65218c1ba3da0b1b8d5afdb5c32f9f8cfa0bad46c89361aa1e1817312126eb45a73571748d90307bbb5
-
C:\Users\Admin\Downloads\ViraLock\WEIm.exeFilesize
323KB
MD58ff911915a3eec1f80e7fd139d737db4
SHA1d1712c5a5d99693c05d6e1458b89df87fec3454c
SHA2567700e5d02766263729dc69e8003163c31dd906ff68cd13e1389b3acbefe498d9
SHA5120b4b7e4efced97499151e94ebb3589437d99b310da15890ee104134733e91ccf92fa2b9a8ad74dee779104cdf1c24027618f7ce51b60d96addcd2b3b3c602308
-
C:\Users\Admin\Downloads\ViraLock\WQYI.exeFilesize
205KB
MD599f4e64cc2b2f58a6752c41b7e7b8eb3
SHA119e454ff57c22f5fd5f832692be346675f9991a7
SHA2567a1e3eb2c5a15d1a574785e9f621c3c42ba00122e9149bae6c914736191a08af
SHA512653db4d5e9c5d6aa5f4fb71e196f02f7af495948e7b46597f3efae2ce7119584abd2e618f65cb6d1999e7e99d8c19ffa0d458e9340c6ffc99ec2a66a1d1632ce
-
C:\Users\Admin\Downloads\ViraLock\WUkS.exeFilesize
206KB
MD5386095b4bda4ac54d27cca2fb1bff4e0
SHA14f43bde3dee6f6f90a543673ce44e91408822330
SHA25643f4ecf222f24512b7d1189672cb5e6c26a9c252db8a22be4d7817f3596deb8d
SHA512b9167305b0ea3ae66364bb83c4184da77f42ffd1d4146f9dd70df70734b6d6b401c9c5c8ffe79aa5698805e8cfae57710c3d8b7dc895eaef7bc8f58001bc7274
-
C:\Users\Admin\Downloads\ViraLock\WcQE.exeFilesize
188KB
MD5e1e333e8ad83290103b04dfea4800630
SHA151fac678ebba3eff76fa12b94a62d39c8afb9bbe
SHA25652782698a289a55af7aafd0e435060c4b77fd459589cf43c5d457a86ddc83d3f
SHA512f914636afca5cfde2613913acd74835ddcec6ed23db35a265eb47d5a182abeb9dc8e375bde148a6fae4b17be162f7f938e0ebaafc6abe10a6876c3650e8e7db9
-
C:\Users\Admin\Downloads\ViraLock\WgMQ.exeFilesize
221KB
MD51715bdcd54e58c31ef5b0fb8d217c2af
SHA136865c57e493121c23ee5deb2ba9fceb5a7ee38a
SHA25652a18493bc1af167a67530150f54bd7c75f152b92dbeef32eb9ca4cacf014bed
SHA512a86f71b8daf7b1d453700c1dcf4c6d94c0e9562a68cbdd0d2ba07fb21199d7e86675bf0327e2a8d744a08b7638dc577f26b8df15a304a4c8d1bde68b041f9618
-
C:\Users\Admin\Downloads\ViraLock\WgUc.exeFilesize
656KB
MD562eaf929b7dab44bcbbb94992a268c65
SHA1b795cff1f1393f90bbafc3331f36338247b9a81a
SHA256848ca76577b3cefaf01e25de85e17524de84a6cf62a954f33726243207b89687
SHA5123628704069a96363b95871922dac4a3a5a860769bd7e1b06d93ad59438df2d12578b59b4e10eb11c46cb96ddecfc2925323b3d1be30db6111efd9118cf443c2f
-
C:\Users\Admin\Downloads\ViraLock\WwIu.exeFilesize
186KB
MD5ac3846f5ff3ade964495b11ac785c7f6
SHA1050088c8a53b4b663551116eae00c4351688a83e
SHA2561dbef64808fd61035c980bcee5a888aba6c8d4727d63ce53b9f44929d7e8177b
SHA512e9d04765108b2e74b360a8c445e06d71df568271f1141503b9f82370abbdaa0bc35770d1f63a8b0fcd163e5e64858de394224d356d657f314cd01d787512067b
-
C:\Users\Admin\Downloads\ViraLock\WwoY.exeFilesize
199KB
MD5b7343f2b2787766a6f4d4ed1f84a668c
SHA114a4e674b22f6780d580e4ce4c1a15603436b70a
SHA2566fb939d2d3fc36f789da5b2075e4f2d0c6ff49065d01d390f733f8260950b6c6
SHA512dcfc2b06169f81902953e15becfc9c804b967001e68853cfb48a8c9deccc8ab0b1f552ca401f21cf3f0903411ae5f208ce17296603067f2e007229d3f62baa2f
-
C:\Users\Admin\Downloads\ViraLock\YcwW.exeFilesize
202KB
MD55f30af743f6654431c90c16202450ba6
SHA16808dea748316788a663a50e548a51a66e229d26
SHA256a64b9ae0f0920bfbed5deea8a84c8130563f07b56e153fb78de1004403ae41c6
SHA5124065b219512b45995a081efaeca87ba994b6bc23f8ae2c56599d2700db9b67a781b2e1f630b8cc922faa4294008b4402c541f2e0f1277dc804fbd452e514c019
-
C:\Users\Admin\Downloads\ViraLock\YkIW.exeFilesize
208KB
MD5abb49f6b04caedc4d0b722d90b268cc7
SHA1cb4e926621499abf6cd7c1ea4b08bb76e03825b4
SHA256c71e9fc30e2ba5a79a13516b6205d5342f9596333ae76e1dc883772cca8b38af
SHA51299a89bd7b9ae7e4790300aeb905d1c517ad23c4c918fb61a96ad4569a55f07f4631e260b78a37460d6733058f328f85a53573c1ac838f983f088baa0baff1267
-
C:\Users\Admin\Downloads\ViraLock\aUYg.exeFilesize
207KB
MD54975abc06aa8c9a260fba5b7b0e72ff6
SHA1d5f9348d5e29a59a9f07f61a3dfcddd4e32683fa
SHA2568d4340eb2b0ce554bf1de8bacdc4ddf33a7d44f4165d50ae89dc21751af42271
SHA5127b9785d08eaa3df05233d55ecc74ebef10a197899a4a5503d5b6af185f528c0d2413af8ba630ad6e1d34ba9e7f9deac0a37b8fef484ed98d548e7f2f2822b021
-
C:\Users\Admin\Downloads\ViraLock\akgw.exeFilesize
188KB
MD5b1e7f2edcc21da00e617a264dc5eeaa9
SHA1b64a6febf8005b6340c51715fd5554c1ba8f3708
SHA256e7fb02665204856dd016d1757f4162191529633e34c2b8036e2975bdffcc3397
SHA51253df347aec92002d0513746b3273539f45838d073f59a64bbfa1cba79739dd42f15acdbf4d02e804f396bd76eb04089f4fc478f187c17e920438f9a760c7c4ce
-
C:\Users\Admin\Downloads\ViraLock\cEMc.exeFilesize
186KB
MD541bb9a03c970d155ea0c19627478d49d
SHA19064e3a022d8eb206ab49adf8261016af1107a43
SHA2561cc260a6cf6e5cbecd6c99703fcdd5ef4fb866749c088ebd74bcd8b16cffc4ab
SHA51235310e1e87db051507aa97ff7035bc5ddbbba20a8b38e87d1f3c677961a6c945561000bb0921a41ad317d55c8a3fa6f0296e035c0ee9a00be0f88133dad2db90
-
C:\Users\Admin\Downloads\ViraLock\ckEU.exeFilesize
799KB
MD58bad36b0d46e9d01311573fea2e6d0b3
SHA170367643dbab11892e29e549a9d0f09230175edf
SHA25635e89bf4db656404689bcb701c34c0f9d2804e7ca379a88f592b947a8c129929
SHA5127e3318ffba1b45fe368c4d3ae6e99509bf8c7ec37533a289218409ca46c110a4f14a530afb4f7890a6e65d8beee748bc59f4fb9c30ea443baaf3cfbc14ed80cc
-
C:\Users\Admin\Downloads\ViraLock\cwIA.exeFilesize
205KB
MD50f4e967c9e6602a8f7a7be4d28dba22e
SHA1897a0d3e6f758a3c4db86a8fbfbbae94ca81409f
SHA2568532f6732fe58e35cd7679435f0f0173434125cf2bf8162d1674794c6b748ef7
SHA512790bdd0f1bbc5b40b65bde62756a58741eb89d8678df8f0487e3b95ae8a791338911bdcf295823869beacb674233bcf1d23a6dbd293751285d57d57388da2a93
-
C:\Users\Admin\Downloads\ViraLock\eEow.exeFilesize
225KB
MD504e77c10f95aa18be2dd69a7a3a71e51
SHA10fa84de45ba438095bd822ee02bfe550e766e16f
SHA2567a5288fcfc1925401c2d547c7c437f83d918c214620ad0da89f4629dc6b1874d
SHA51289a8d564a64b24e17cdfb58bb68164bb1a4f95080565a090aff0fa9595caa42e9ce483a65cfb666fde629eb44c11f9d9ee47976d9b73f437e976347ac562f921
-
C:\Users\Admin\Downloads\ViraLock\eMsC.exeFilesize
189KB
MD5fcb52620d5dbde303a8e2399a0af6ee2
SHA16942e35cde044f001d2bd016653bca13427206a5
SHA2563cc59064fae2b0f03ce62630b05a2127c0054b2745ef69cc2a27537591e3cff8
SHA512df0d21cf309a58cc001c7b26f1bb626171c35316bb10121edd1c68757581053a129dc359a991f6ea2d25f343b2e8386169d3c084ab7aa9fd27034b50f58b3f8d
-
C:\Users\Admin\Downloads\ViraLock\eggQ.exeFilesize
192KB
MD559fe249f10830a4b2e4b3980880cf469
SHA1d5b43c7a7701c4b6baec094025642fdd7daf66dc
SHA256e9cf313c725f61a58ec7274da1776a9d2b64080948ff14fb851908a2ca698f68
SHA512df872575a5c45a35d0f83e82b6ddb6aa83afdb9f5f6da78bc05a08757a3c93cc7d24aa4145aab0eee934aa86cc2d4786a689958a27c28a025c420460737036c2
-
C:\Users\Admin\Downloads\ViraLock\gIIa.exeFilesize
212KB
MD5f989bb0aaae387d55e9820ae6b1e1724
SHA1e765709fced27068e5855681cf3661063564b679
SHA2567ff74ddd23a5abd5b9a44c645f2aeb4ad440fa734cc0ba9abf5e9e63054b720f
SHA512b489efeb263687f892aa62f6c9f3ace662532fc50bdcff145ee320940ce525b3a8c17a737e3120c8d29cfe859664add89750f19f37943e4d8e70d82831e6b7f1
-
C:\Users\Admin\Downloads\ViraLock\gQsK.exeFilesize
201KB
MD5bbff3ae17b90b7c4aa928b510c5045a3
SHA195e861c8a75040ed9bd5adf8e2a7e17d16759e24
SHA256d537e14aaf50f07d123329532902400b96fe454b9fbe1757052be906bc401de3
SHA512c7b5bc315ed1cc0fc669501ca2dc7902079d9e2756c6c5b0e351013fbc8a8321f9074f74deb8b58ab31473355d0a6e7c11629d698945726172b3a0d87dc4d486
-
C:\Users\Admin\Downloads\ViraLock\gcgI.exeFilesize
197KB
MD558d671d45b59f329254a3d03c38e6ea4
SHA1eedece59a7ad4b0d9560f85024638b91c86c1a9e
SHA2563e95254f6ba40f7781047db38e6e422c239c4320fb4d923f5c34d78ec0a90ce3
SHA51215e0bbc8c8d5c6c1e56b2f8a8ca2cb7a04bd9d6789d4b82c668c8d036d68ec4412d5b36dc2932476f5897e171434228ed7119ae377de72ce6e4afcdf2903caf6
-
C:\Users\Admin\Downloads\ViraLock\gggq.exeFilesize
195KB
MD595a3d309d330a560fd5d2baf0de2edc8
SHA19436c7319f2a8767e8ccb689e83e75e19cb64dc0
SHA256c1b2951936f95a4128dfc8739ec6484ffe2567abbb0ea32d5f02f07b845e2204
SHA5121392cc6017a8d5fea053ea1c551b9472e668fc7ef4cd253bcfb8f4cad62ec9dd34b23bee3ec8c935d51c728e7d4878e5ff5249bb013ba518e015ed00afb80e75
-
C:\Users\Admin\Downloads\ViraLock\iAEs.exeFilesize
193KB
MD515a25ec03b6fcb257d54775aab654cbb
SHA101ac9716bb570b90a7c031e191fc1d74e94c03a5
SHA256a7c6376fe6fe145951b9cf94f5d8c919d6fd58076d2734d034f24fa0cc68f76a
SHA512569332d4a6b6f1098ca1bede2553eb56fd2f6e7a0420c2f13314ff4ec04f06d68cb9724423fcceba762e256920676e7dd02ad0a29cb431ffa7ada19eff43a9e9
-
C:\Users\Admin\Downloads\ViraLock\iIkc.exeFilesize
191KB
MD52699328c532ecee52901c3b304a4b888
SHA17bb47f799829a765feb69a8efd69386af5757608
SHA25693e86e055ef0c796e5e5edb622e97501835d267f183d3e4ba4e9e3be2f90d6fe
SHA512b8863f77c9bdab6b39ddcc41c5efa29aa2fd244d32c6a3b742d1e7f84995d5589a399c17adc1a0a5326975d4f88b2ddd5cd1552a9ced2e3dbc5fed70458a3657
-
C:\Users\Admin\Downloads\ViraLock\iMEg.exeFilesize
199KB
MD588c878389d14c4eb7a63cf98a7f20e63
SHA142ee0c538b9ac0d35a324741762addf2693be0aa
SHA256ed7ec73a8ea624ebef2cd8df664691eeaf3cbdf63615d93f8687868d84d50e9d
SHA51232f0f300e8b08f325c9f0c6ddf80ff88cc372d919ed7ed64535a71fa8a4a3ec7d0bb9ad6eeac38fb3bf42815be49c3fed90894e9287c15d018ea29ec575a9d9d
-
C:\Users\Admin\Downloads\ViraLock\icko.exeFilesize
186KB
MD55c9f0e29c12b42e52473b66360a80ba3
SHA131ca9cfe46e2bd6d8523574e395924e62cdda924
SHA256121eebdbcbcb1ebc10e25474fc485d72165d66af67e2d9eab1e9108d211bcad2
SHA5129ecf707a63da26c2c64f2c11d080fee7763cef4adfc049e989c18a6471e494c2fc67da8976f90e9af9fd80f55393755a061935c6b466eda92c561e3ec4b18ff0
-
C:\Users\Admin\Downloads\ViraLock\ikYg.exeFilesize
432KB
MD5e89b5240ba3592d0c65985ae454ecb71
SHA1db74ed0bd63830c54df052ccb29d369eac60a734
SHA256ce4dae93854909fccde9816816984d3a8c5df27a655a4c3af754388fe3d46513
SHA512979badf8e7d5d301c86387adc8e787889a14db64fe0967e397ef77c4188433e6828db8638d6f8e54ad3c196f45c007a11adcf6e3aff3cf5f8b51930d1b40ac08
-
C:\Users\Admin\Downloads\ViraLock\kYMm.exeFilesize
5.2MB
MD581e80393874627cab7efd5541ae06d02
SHA16e7cd460fcab6cced131ce6fa3e56402f46e4052
SHA256a8b1608174b2934de79a3c80ed3efba920d61efe25867167b029c3477d2a5f5e
SHA512f47b3a5b845764bbe0d99bd8719b724ac499ad2b0292a1045a679193ef49b8deb99c371a94ffa890913d4924939a166aa2cb572a392f389d0aac0dfe8049d305
-
C:\Users\Admin\Downloads\ViraLock\kgII.exeFilesize
207KB
MD5e66d6374e0e695adbdd6511295ed64c0
SHA1e9e3205cb6e0b4a893e70d8012388e2d9f99d932
SHA2569b85005c2be75f8e118907b30354a383071264de0174c56d060a0b6a34100a93
SHA5121398608c6627f206e94a24890cf7ffb3469d156ddb64ee5cccfd07a74d674fc47ce620a770f797d3027fd82e2816ccd75d62a38bff252510f1196610c9d7310b
-
C:\Users\Admin\Downloads\ViraLock\mMok.exeFilesize
188KB
MD574624534bff2cc203552395cff96092e
SHA1a02b1cb0bd0c368d4c37f4e6bfc6db831366438c
SHA25662b6d4f3f230006eb697f2681e4daaaa6939ff72aafac6ef68e95b304987261d
SHA512fc550588c3769a9a65215dce724e961129e246ffc400931ad5f67f16abd16806ea33c5b82e3d9564c5c467c674011e59fc4c296759c7b8d2c47cee078f9af137
-
C:\Users\Admin\Downloads\ViraLock\mkgk.exeFilesize
209KB
MD573d82633cf4f1512d0d99c949d680c17
SHA11a3aa93ee4aebdf1a83526f1d70448f6eaef2d44
SHA256e8021274c74a9b7bb4bf0d6a74b8efa4faff3fc9dd736bdd57910a3e1661fd74
SHA51216b8ea8cfd2cbb94066d0b0eca527ab9b409220789c255dce5893e411c9e0b180e81bc08e7dea560f417327f9623fb81d129bd0a173c186af0240f117d2910f4
-
C:\Users\Admin\Downloads\ViraLock\moAk.exeFilesize
773KB
MD58f49c749ee3b1b7fd501ce76f3c9b437
SHA1a2823195b9662a79fd6a063abc6984625ec70606
SHA2569a5447f3979d145136ff536db8dda3dc883eee99a6961c8b80a5baf80e6b6e38
SHA512f6481f689460e08760a0d812d133a58d436536720587ce7bbf34197a0622d8ec5d9e375c06c2018bfbdc18bd3fc80323d8244265c2d69dea0342b22abcb88133
-
C:\Users\Admin\Downloads\ViraLock\moEI.exeFilesize
188KB
MD5e694c1da705839e1bdaae1a9ad4c78b4
SHA1bc343b9c22272d3234d30cc12f47fca28a6b19d3
SHA25643c0e0e360568c5e2e5f37909ee916abc9500c48e7d9f127ed4014c71bcc3519
SHA512a6aaf661295a05ff7fb05971db137c44d790a3e8ccc62d64e9df3d606b6dfd42eb57c15e73564541d5bda1ce750a83e353775f7a6e54164d21d5de602517ad0e
-
C:\Users\Admin\Downloads\ViraLock\mwog.exeFilesize
315KB
MD5656d369faf9221c3ada9afafc7cc5f0d
SHA1557f7f98a75a79e27c4b376f691899e47b084f1d
SHA2564e76753ff1e9f267f60b560d98d04f05a01955607be924ade59136449ac9d6c0
SHA5125d99691f291531e2cb3a128872ea1abf6c9187411c9104db7376b59ee7c60756b8223fdb8b9de88ab402916369cee7a9fa042c41bb526edf5ae855a6354c17a6
-
C:\Users\Admin\Downloads\ViraLock\oIkm.exeFilesize
193KB
MD5736de402ddc6c3d7a889a0e6986bbf79
SHA104f3644f7260f30f41ab49eff476dafa87e210ca
SHA25692b09e2507f522e65bfd80a30043d1a8784eeec367a1a9219f3d01e741fba1c5
SHA512af5e556da0b5abb1291cc467c3590166ffca71a06bdff8b36858d0dbba3cf8b8a3c33853f399a82aa06a8e4b99a3ea72a0d0518110e6d71f7604ae4b9ea2e924
-
C:\Users\Admin\Downloads\ViraLock\qAYC.exeFilesize
198KB
MD5ee4a8fe05e651276d42162ce36eaef6f
SHA19305f211536c1d5c54f2a66ff93b80d0e676c5b5
SHA256a21b4035e2219015c96d5f4ca41dd709878f462a2e798b34babb362cce17954d
SHA512b1038b521ab6d988dc0b1b3136ccc64afe25a7f1080a976b8ad7f21a2ab3bff64c567c152439f16165950d5203257a567390f307b4c498f86ee8676cbe38a33a
-
C:\Users\Admin\Downloads\ViraLock\qEUM.exeFilesize
187KB
MD50a1b74c66f25994e1ff582d01b915706
SHA16060137a09a82c0bf3927965e14a9ab5097828ae
SHA2562bc97ce616d243b7ba084d8caf4c1f12f98729f73edc244f8f5849e96a05f52c
SHA512dcb4ba024943fd609b1a5473d6dc56e4bac244ea0873cb4a6a8357a1040312af58245a031315972b8a2f701085e33cf71bf835dedaaafbc61db2c2892444f0c2
-
C:\Users\Admin\Downloads\ViraLock\qIMQ.exeFilesize
188KB
MD5087d7f6d0ab840b40ebbe90594f959d8
SHA1002eba2304be35b301d9e91102001a8c4a61b300
SHA2566e8048081a8130cf41a5841ae3c13d4bbd998dc269683da001e6532f45a04626
SHA512d2650aa0b293a8e7cfbee0d9f617c48139a19cb0920b501db88452a9a680e287ff7369bf94c967d1c4300944e20c7d9805f4cab7becb03e4241f37678accd3cd
-
C:\Users\Admin\Downloads\ViraLock\qkwg.icoFilesize
4KB
MD59af98ac11e0ef05c4c1b9f50e0764888
SHA10b15f3f188a4d2e6daec528802f291805fad3f58
SHA256c3d81c0590da8903a57fb655949bf75919e678a2ef9e373105737cf2c6819e62
SHA51235217ccd4c48a4468612dd284b8b235ec6b2b42b3148fa506d982870e397569d27fcd443c82f33b1f7f04c5a45de5bf455351425dae5788774e0654d16c9c7e1
-
C:\Users\Admin\Downloads\ViraLock\qoUG.exeFilesize
562KB
MD5f5b6442655f7ca142d8fc882b7a08303
SHA1e0bb3e621ed9799e6684657c3b3dc2cbb532c8b3
SHA2564c207843f8a7bdcd5836f02c2b80cf70667f80a9898b08bb18b87066664c566f
SHA5125a56941bfc98626191273797e567eaeea5e006332e312779413ffc3c5ed4682bbf022f57b7aefa81ccc6ab9a48f1a72154c5fc8e790d25906c429e7625afd554
-
C:\Users\Admin\Downloads\ViraLock\sQAK.exeFilesize
189KB
MD5fb431f7ee13a30b4a80925c31296a5c2
SHA1fd53289b89532977f2296fd6431a735ff86426e2
SHA256821cb980c1397e780c0635e6cdeb3c4bebf5f03e0d9340500b2ac5e305a746c8
SHA5129f9a28fd34cfd3667e4e51737ed7981726a9b23ff87f45ed29ca69d2dd08e3bec314f309da6d0525b9f12a6ddf053a0ef3c16e0d2939c1fef54df605017508cf
-
C:\Users\Admin\Downloads\ViraLock\skwI.exeFilesize
196KB
MD5f5af05366c3e824baf65cd39bda5e7d4
SHA1f353ac954f94e509b19aef60d81ba55d22fdd37d
SHA256a7c04c6cd22c21f321f12c6c542ee1538c620483b6b54a5ee6631e3ea8e75908
SHA512636cf9935b30ea5935000aaba10e53a8671bf69bb4e1adffdc135f8727357ba2058632e12e3163341feb47ed9bf2e608d54e93c9f4b0998289d7ffc9ed72d289
-
C:\Users\Admin\Downloads\ViraLock\swUO.exeFilesize
647KB
MD5b5b21511d139a191c8c9a16b61eff3e7
SHA180f84aee3970e354d35ced9eebc86bcade43b022
SHA256efffa942c3a607f0417a947d2951c965a9e090ab8926fe3f1e43919e926c0581
SHA5129f0bd9e2dd11d82dd02926537b5894cb0fabdd7e5af1d2e38ce3ef7efbbd8e3a9c711e4297a95aaa8fa0f6a8c15784bf144b58a4cc08fb21363632554d096d69
-
C:\Users\Admin\Downloads\ViraLock\wYcG.exeFilesize
194KB
MD508d35243ba2111334eee631e15b0c4e2
SHA18f411120de32578c5b4c2da0c817149c2b0e9f11
SHA25689aac8cfa0823db4d3bd5952bd62c2e2c5914c03f83952f579308830fb1d55d9
SHA51251070a12d0617f2d88ecc46bf5ada7e9af88eea57aebcef20650f1b6c95bba08e8d10831b6ae47ce1cd2034b319daf6765f44a580122ee607cfdc0d5100297f1
-
C:\Users\Admin\Downloads\ViraLock\wkQu.exeFilesize
259KB
MD58b8265a1dd80e72ec7848da9d28a0a4d
SHA165d89c0a835b9a776d343186995bb64c64128789
SHA256657d8c301f1662c7e849e286154a25fb210548beabae70bef36b1956c3e6d1cf
SHA512d7d612fb5d3dfd9282fa68b8221899be56a5c4bfce119b8f7b4ee2b3e72dbb1e292f62887f0974281ad0cda5292342bf232830ed098c7a5d849abaecad3feb95
-
C:\Users\Admin\Downloads\ViraLock\yYwu.exeFilesize
640KB
MD5ff099965934ae0857b6e4daecd6e2fd2
SHA149c655d04a9853158ea5a95f0047a88a9a48806d
SHA25629d3ef4148d9ba238ddadcdda8f3d8ede3512ccf43d0e1cb80edebcb2c9f3b11
SHA512abf86239bce4b68e8cd391ca38ea257ca9ac6075f4d0fe20975c6188399557798b410410adb7c601fe31402a04e847879a3fdf5b38210d0f8a9ceed4adcceedb
-
C:\Users\Admin\Downloads\ViraLock\ykkA.exeFilesize
775KB
MD50345514c0d31f83c68f2f5df20047862
SHA18d0e25511c4ef56cb88f0612a3540f1992774d6a
SHA256b331e5986ec27d5acd37811d409030cf0df0e32d64f1fd6b5c9640dc236c4df4
SHA5124c16a82594fb91c5b9de1ed6ffc7aa2865dfb16ab7acef63ac18b0f1abfb6832a95f687989903d1853e3b2e2fc78c250cb37e27e0e53346a90e0243abc7d638b
-
\??\pipe\LOCAL\crashpad_4048_TLLQHAEQYYMZYXMCMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/412-5028-0x00007FFF693B0000-0x00007FFF693C0000-memory.dmpFilesize
64KB
-
memory/412-5055-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5035-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5057-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5041-0x00007FFF66980000-0x00007FFF66990000-memory.dmpFilesize
64KB
-
memory/412-5069-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5045-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5058-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5042-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5026-0x00007FFF693B0000-0x00007FFF693C0000-memory.dmpFilesize
64KB
-
memory/412-5040-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5056-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5039-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5038-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5037-0x00007FFF66980000-0x00007FFF66990000-memory.dmpFilesize
64KB
-
memory/412-5036-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5059-0x00007FFFA87C0000-0x00007FFFA887D000-memory.dmpFilesize
756KB
-
memory/412-5043-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5044-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5034-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5033-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5032-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5031-0x00007FFFA9320000-0x00007FFFA9529000-memory.dmpFilesize
2.0MB
-
memory/412-5030-0x00007FFF693B0000-0x00007FFF693C0000-memory.dmpFilesize
64KB
-
memory/412-5029-0x00007FFF693B0000-0x00007FFF693C0000-memory.dmpFilesize
64KB
-
memory/412-5027-0x00007FFF693B0000-0x00007FFF693C0000-memory.dmpFilesize
64KB
-
memory/1388-5088-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/1388-5073-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/1924-5157-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/1924-5166-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/1980-4954-0x00000000021C0000-0x0000000002228000-memory.dmpFilesize
416KB
-
memory/1980-4946-0x00000000021C0000-0x0000000002228000-memory.dmpFilesize
416KB
-
memory/2748-5108-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/2748-5101-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/2900-5156-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/3028-5199-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/3148-4820-0x0000000074310000-0x0000000074AC1000-memory.dmpFilesize
7.7MB
-
memory/3148-4821-0x0000000006C80000-0x0000000006CE6000-memory.dmpFilesize
408KB
-
memory/3148-4832-0x0000000005B60000-0x0000000005B70000-memory.dmpFilesize
64KB
-
memory/3148-4822-0x0000000005B60000-0x0000000005B70000-memory.dmpFilesize
64KB
-
memory/3148-3769-0x0000000074310000-0x0000000074AC1000-memory.dmpFilesize
7.7MB
-
memory/3208-4910-0x0000000002AE0000-0x0000000002B48000-memory.dmpFilesize
416KB
-
memory/3208-4921-0x0000000002AE0000-0x0000000002B48000-memory.dmpFilesize
416KB
-
memory/3208-4918-0x0000000002AE0000-0x0000000002B48000-memory.dmpFilesize
416KB
-
memory/4604-5109-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/4604-5119-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/4612-1042-0x00000000056B0000-0x00000000056C0000-memory.dmpFilesize
64KB
-
memory/4612-1043-0x0000000005730000-0x000000000573A000-memory.dmpFilesize
40KB
-
memory/4612-1041-0x0000000074310000-0x0000000074AC1000-memory.dmpFilesize
7.7MB
-
memory/4612-3770-0x00000000056B0000-0x00000000056C0000-memory.dmpFilesize
64KB
-
memory/4612-1040-0x0000000005820000-0x00000000058B2000-memory.dmpFilesize
584KB
-
memory/4612-1037-0x0000000000C50000-0x0000000000C8C000-memory.dmpFilesize
240KB
-
memory/4612-1038-0x0000000005780000-0x000000000581C000-memory.dmpFilesize
624KB
-
memory/4612-3768-0x0000000074310000-0x0000000074AC1000-memory.dmpFilesize
7.7MB
-
memory/4612-1039-0x0000000005DD0000-0x0000000006376000-memory.dmpFilesize
5.6MB
-
memory/4612-1044-0x0000000005A60000-0x0000000005AB6000-memory.dmpFilesize
344KB
-
memory/4612-4833-0x00000000056B0000-0x00000000056C0000-memory.dmpFilesize
64KB
-
memory/4684-202-0x00000000022D0000-0x00000000022D1000-memory.dmpFilesize
4KB
-
memory/4684-221-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/4756-5213-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/4772-5089-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/4772-5099-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/5408-5193-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/5408-5185-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/5560-5083-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/5896-5147-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/5896-5134-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/5904-5084-0x0000000000400000-0x0000000000430000-memory.dmpFilesize
192KB
-
memory/5908-5128-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/5908-5120-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/5932-5203-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/5932-5162-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/5932-5176-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/5932-5195-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/6048-5129-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/6048-5138-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB
-
memory/6048-5184-0x0000000000400000-0x0000000000432000-memory.dmpFilesize
200KB