Analysis
-
max time kernel
150s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2024 23:22
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe
-
Size
158KB
-
MD5
0c131b51e74f221161f6a59c1ea55ab9
-
SHA1
de1e1148b26fd0afe1a9d80918c4adcd2469d87a
-
SHA256
9088d6a1546ddfe83f0ddd30995a7fac08ee96ead9cb948761e272ee80ec260c
-
SHA512
3a25d5b7e61c2f0e1675b5a6e85e15a563de1ff1aadbd81628563a477e4ad760082b722a6ad541ed77b2244a8098fb27b2f43cfa01e2d1e1aa115b9a6dd60b61
-
SSDEEP
3072:JWe7YQiw+OEYQZknckQ39jNKjSZsem/W2nS/nehrOi:JWe7fiwdgZYQtsjk/t2r
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (88) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
nCooQcwM.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation nCooQcwM.exe -
Executes dropped EXE 2 IoCs
Processes:
nCooQcwM.exetgsIYgcI.exepid process 3276 nCooQcwM.exe 4248 tgsIYgcI.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exenCooQcwM.exetgsIYgcI.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nCooQcwM.exe = "C:\\Users\\Admin\\aGckwEEs\\nCooQcwM.exe" 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tgsIYgcI.exe = "C:\\ProgramData\\mOoYwMQM\\tgsIYgcI.exe" 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nCooQcwM.exe = "C:\\Users\\Admin\\aGckwEEs\\nCooQcwM.exe" nCooQcwM.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tgsIYgcI.exe = "C:\\ProgramData\\mOoYwMQM\\tgsIYgcI.exe" tgsIYgcI.exe -
Drops file in System32 directory 2 IoCs
Processes:
nCooQcwM.exedescription ioc process File created C:\Windows\SysWOW64\shell32.dll.exe nCooQcwM.exe File opened for modification C:\Windows\SysWOW64\shell32.dll.exe nCooQcwM.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exepid process 2612 reg.exe 2416 reg.exe 5008 reg.exe 4664 reg.exe 1220 reg.exe 3156 reg.exe 1324 reg.exe 4660 reg.exe 1884 reg.exe 1380 reg.exe 1852 reg.exe 4088 reg.exe 660 reg.exe 2996 reg.exe 2952 reg.exe 4880 reg.exe 372 reg.exe 2460 reg.exe 5084 reg.exe 3600 reg.exe 3936 reg.exe 1812 reg.exe 1588 reg.exe 3616 reg.exe 2956 reg.exe 2576 reg.exe 1196 reg.exe 1468 reg.exe 3004 reg.exe 3004 reg.exe 1288 reg.exe 1020 reg.exe 4952 reg.exe 3748 reg.exe 2596 reg.exe 1464 reg.exe 112 reg.exe 4924 reg.exe 4924 reg.exe 1608 reg.exe 1816 reg.exe 1752 reg.exe 1140 reg.exe 4588 reg.exe 2468 reg.exe 2520 reg.exe 4720 reg.exe 2660 reg.exe 4656 reg.exe 3584 reg.exe 1020 reg.exe 4820 reg.exe 1100 reg.exe 508 reg.exe 5084 reg.exe 2304 reg.exe 2652 reg.exe 3068 reg.exe 2240 reg.exe 3688 reg.exe 2500 reg.exe 2588 reg.exe 1812 reg.exe 960 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exepid process 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 4724 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 4724 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 4724 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 4724 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2532 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2532 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2532 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2532 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2140 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2140 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2140 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2140 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2192 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2192 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2192 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 2192 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3068 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3068 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3068 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3068 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 4396 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 4396 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 4396 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 4396 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 4876 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 4876 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 4876 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 4876 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3696 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3696 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3696 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3696 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 1588 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 1588 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 1588 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 1588 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 620 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 620 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 620 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 620 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 1860 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 1860 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 1860 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 1860 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3248 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3248 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3248 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 3248 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 448 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 448 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 448 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe 448 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
nCooQcwM.exepid process 3276 nCooQcwM.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
nCooQcwM.exepid process 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe 3276 nCooQcwM.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.execmd.execmd.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.execmd.execmd.exe2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.execmd.exedescription pid process target process PID 3312 wrote to memory of 3276 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe nCooQcwM.exe PID 3312 wrote to memory of 3276 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe nCooQcwM.exe PID 3312 wrote to memory of 3276 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe nCooQcwM.exe PID 3312 wrote to memory of 4248 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe tgsIYgcI.exe PID 3312 wrote to memory of 4248 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe tgsIYgcI.exe PID 3312 wrote to memory of 4248 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe tgsIYgcI.exe PID 3312 wrote to memory of 4140 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 3312 wrote to memory of 4140 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 3312 wrote to memory of 4140 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 4140 wrote to memory of 2840 4140 cmd.exe 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe PID 4140 wrote to memory of 2840 4140 cmd.exe 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe PID 4140 wrote to memory of 2840 4140 cmd.exe 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe PID 3312 wrote to memory of 2052 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3312 wrote to memory of 2052 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3312 wrote to memory of 2052 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3312 wrote to memory of 960 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3312 wrote to memory of 960 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3312 wrote to memory of 960 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3312 wrote to memory of 4924 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3312 wrote to memory of 4924 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3312 wrote to memory of 4924 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3312 wrote to memory of 2956 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 3312 wrote to memory of 2956 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 3312 wrote to memory of 2956 3312 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 2956 wrote to memory of 4424 2956 cmd.exe cscript.exe PID 2956 wrote to memory of 4424 2956 cmd.exe cscript.exe PID 2956 wrote to memory of 4424 2956 cmd.exe cscript.exe PID 2840 wrote to memory of 940 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 2840 wrote to memory of 940 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 2840 wrote to memory of 940 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 940 wrote to memory of 3040 940 cmd.exe 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe PID 940 wrote to memory of 3040 940 cmd.exe 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe PID 940 wrote to memory of 3040 940 cmd.exe 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe PID 2840 wrote to memory of 2164 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 2840 wrote to memory of 2164 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 2840 wrote to memory of 2164 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 2840 wrote to memory of 3068 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 2840 wrote to memory of 3068 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 2840 wrote to memory of 3068 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 2840 wrote to memory of 868 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 2840 wrote to memory of 868 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 2840 wrote to memory of 868 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 2840 wrote to memory of 1180 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 2840 wrote to memory of 1180 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 2840 wrote to memory of 1180 2840 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 1180 wrote to memory of 2692 1180 cmd.exe cscript.exe PID 1180 wrote to memory of 2692 1180 cmd.exe cscript.exe PID 1180 wrote to memory of 2692 1180 cmd.exe cscript.exe PID 3040 wrote to memory of 3780 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 3040 wrote to memory of 3780 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 3040 wrote to memory of 3780 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe PID 3780 wrote to memory of 4724 3780 cmd.exe 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe PID 3780 wrote to memory of 4724 3780 cmd.exe 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe PID 3780 wrote to memory of 4724 3780 cmd.exe 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe PID 3040 wrote to memory of 4664 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3040 wrote to memory of 4664 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3040 wrote to memory of 4664 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3040 wrote to memory of 1508 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3040 wrote to memory of 1508 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3040 wrote to memory of 1508 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3040 wrote to memory of 880 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3040 wrote to memory of 880 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3040 wrote to memory of 880 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe reg.exe PID 3040 wrote to memory of 1000 3040 2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3312 -
C:\Users\Admin\aGckwEEs\nCooQcwM.exe"C:\Users\Admin\aGckwEEs\nCooQcwM.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:3276 -
C:\ProgramData\mOoYwMQM\tgsIYgcI.exe"C:\ProgramData\mOoYwMQM\tgsIYgcI.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4248 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:4140 -
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2840 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:940 -
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"6⤵
- Suspicious use of WriteProcessMemory
PID:3780 -
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:4724 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"8⤵PID:2416
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:2532 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"10⤵PID:2988
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:2140 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"12⤵PID:208
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:2192 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"14⤵PID:4564
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:3068 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"16⤵PID:2420
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:4396 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"18⤵PID:3748
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:4876 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"20⤵PID:372
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:3696 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"22⤵PID:4844
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1588 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"24⤵PID:3040
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:620 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"26⤵PID:3604
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:1860 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"28⤵PID:1364
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:3248 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"30⤵PID:724
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:448 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"32⤵PID:4068
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV133⤵PID:4996
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock33⤵PID:1948
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"34⤵PID:2344
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock35⤵PID:1140
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"36⤵PID:5060
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock37⤵PID:3092
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"38⤵PID:4932
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock39⤵PID:2416
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"40⤵PID:1812
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock41⤵PID:3116
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"42⤵PID:4796
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock43⤵PID:2704
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"44⤵PID:2812
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock45⤵PID:1860
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"46⤵PID:4984
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock47⤵PID:2516
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"48⤵PID:956
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock49⤵PID:2168
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"50⤵PID:4352
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock51⤵PID:636
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"52⤵PID:4812
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock53⤵PID:2344
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"54⤵PID:3252
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock55⤵PID:4588
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"56⤵PID:3224
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock57⤵PID:1620
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"58⤵PID:708
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock59⤵PID:212
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"60⤵PID:1720
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock61⤵PID:916
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"62⤵PID:2044
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock63⤵PID:4660
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"64⤵PID:372
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock65⤵PID:4924
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"66⤵PID:1608
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock67⤵PID:2460
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"68⤵PID:3580
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock69⤵PID:2384
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"70⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock71⤵PID:4036
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"72⤵PID:3156
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock73⤵PID:5004
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"74⤵PID:4788
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock75⤵PID:680
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"76⤵PID:1380
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock77⤵PID:4100
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"78⤵PID:636
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock79⤵PID:3384
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"80⤵PID:1164
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock81⤵PID:3864
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"82⤵PID:4844
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock83⤵PID:2404
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"84⤵PID:2732
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock85⤵PID:1328
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"86⤵PID:2312
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock87⤵PID:3868
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"88⤵PID:3352
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock89⤵PID:724
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"90⤵PID:4880
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock91⤵PID:4660
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"92⤵PID:428
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock93⤵PID:4044
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"94⤵PID:3580
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock95⤵PID:4244
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"96⤵PID:2884
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock97⤵PID:4572
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"98⤵PID:4352
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock99⤵PID:4028
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"100⤵PID:4656
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock101⤵PID:1392
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"102⤵PID:428
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock103⤵PID:3076
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"104⤵PID:4840
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock105⤵PID:2312
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"106⤵PID:4908
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock107⤵PID:2404
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"108⤵PID:2360
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock109⤵PID:1032
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"110⤵PID:3748
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock111⤵PID:4416
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"112⤵PID:3580
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock113⤵PID:4576
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"114⤵PID:3160
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock115⤵PID:1388
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"116⤵PID:4928
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1117⤵PID:1040
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock117⤵PID:2436
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"118⤵PID:3864
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock119⤵PID:4256
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"120⤵PID:2532
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock121⤵PID:3348
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"122⤵PID:4884
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock123⤵PID:4316
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"124⤵PID:3768
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock125⤵PID:2028
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"126⤵PID:744
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock127⤵PID:3620
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"128⤵PID:3748
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock129⤵PID:2468
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"130⤵PID:4656
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock131⤵PID:4416
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"132⤵PID:1860
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock133⤵PID:3520
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"134⤵PID:960
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1135⤵PID:4208
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock135⤵PID:3352
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"136⤵PID:3756
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock137⤵PID:2160
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"138⤵PID:3688
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock139⤵PID:744
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"140⤵PID:4760
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock141⤵PID:1000
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"142⤵PID:4108
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock143⤵PID:1588
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"144⤵PID:4300
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock145⤵PID:1032
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"146⤵PID:4244
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock147⤵PID:3552
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"148⤵PID:3872
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock149⤵PID:4920
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"150⤵PID:4996
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1151⤵PID:4572
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock151⤵PID:2588
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"152⤵PID:4908
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock153⤵PID:4928
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"154⤵PID:2988
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵PID:3768
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock155⤵PID:2460
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"156⤵PID:660
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock157⤵PID:1092
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"158⤵PID:4788
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock159⤵PID:2716
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"160⤵PID:4720
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵PID:3260
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock161⤵PID:2536
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"162⤵PID:4424
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock163⤵PID:4256
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"164⤵PID:4272
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1165⤵PID:3520
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock165⤵PID:4880
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"166⤵PID:744
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock167⤵PID:4436
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"168⤵PID:5044
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock169⤵PID:4500
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"170⤵PID:2160
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1171⤵PID:4968
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock171⤵PID:3224
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"172⤵PID:2120
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1173⤵PID:2988
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock173⤵PID:4392
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"174⤵PID:4224
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock175⤵PID:1688
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"176⤵PID:4056
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock177⤵PID:3908
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"178⤵PID:2476
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1179⤵PID:3616
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock179⤵PID:5044
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"180⤵PID:1764
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1181⤵PID:4044
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock181⤵PID:3164
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"182⤵PID:2956
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:856
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock183⤵PID:3584
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"184⤵PID:4656
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock185⤵PID:4592
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"186⤵PID:1588
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1187⤵PID:1380
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock187⤵PID:4028
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"188⤵PID:4528
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock189⤵PID:4124
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"190⤵PID:2732
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1191⤵PID:4420
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock191⤵PID:3196
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"192⤵PID:216
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock193⤵PID:4048
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock"194⤵PID:5016
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1195⤵PID:4296
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock195⤵PID:1140
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1196⤵
- Modifies registry key
PID:4588 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1197⤵PID:768
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2196⤵PID:960
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f196⤵
- Modifies registry key
PID:2460 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1194⤵PID:4516
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2194⤵PID:1220
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1195⤵PID:4656
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f194⤵
- UAC bypass
PID:4644 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uWYoksoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""194⤵PID:3116
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1195⤵PID:3720
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs195⤵PID:4416
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1192⤵PID:3584
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2192⤵PID:4548
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f192⤵PID:3216
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uAMwkAwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""192⤵PID:4148
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs193⤵PID:4472
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1190⤵
- Modifies visibility of file extensions in Explorer
PID:1000 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2190⤵PID:3768
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f190⤵
- UAC bypass
PID:1884 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1191⤵PID:1812
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PEkoQEUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""190⤵PID:3760
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs191⤵PID:536
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1188⤵
- Modifies visibility of file extensions in Explorer
PID:620 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2188⤵PID:2536
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1189⤵PID:2160
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f188⤵
- UAC bypass
PID:1344 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rMQwYwwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""188⤵PID:4880
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs189⤵PID:2480
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1186⤵PID:4236
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2186⤵PID:208
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1187⤵PID:4056
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f186⤵PID:3384
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jowUEAsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""186⤵PID:2168
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs187⤵PID:3040
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1184⤵
- Modifies visibility of file extensions in Explorer
PID:4492 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2184⤵
- Modifies registry key
PID:1468 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f184⤵PID:876
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iUAYcQIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""184⤵PID:4296
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs185⤵PID:1540
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1182⤵
- Modifies visibility of file extensions in Explorer
PID:4376 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:4392
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2182⤵PID:2588
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f182⤵
- UAC bypass
PID:2040 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:3312
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eOMkIwsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""182⤵PID:216
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:3704
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs183⤵PID:3580
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1180⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:112 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2180⤵PID:2160
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1181⤵PID:3872
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f180⤵PID:4108
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WaMggkQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""180⤵PID:3780
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs181⤵PID:4420
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1178⤵
- Modifies visibility of file extensions in Explorer
PID:3732 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1179⤵PID:4796
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2178⤵PID:4812
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1179⤵PID:5004
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f178⤵
- UAC bypass
- Modifies registry key
PID:4952 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JWQYwUkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""178⤵PID:116
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs179⤵PID:768
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1176⤵
- Modifies visibility of file extensions in Explorer
PID:3636 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1177⤵PID:5084
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2176⤵PID:4516
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f176⤵
- UAC bypass
PID:3216 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dgUgckAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""176⤵PID:2516
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs177⤵PID:4980
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1174⤵PID:3968
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1175⤵PID:5060
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2174⤵
- Modifies registry key
PID:1196 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f174⤵
- UAC bypass
- Modifies registry key
PID:1852 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zsIgUwgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""174⤵PID:3720
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs175⤵PID:3976
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1172⤵
- Modifies visibility of file extensions in Explorer
PID:4332 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1173⤵PID:2028
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2172⤵PID:5068
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f172⤵PID:1040
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1173⤵PID:3076
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fUwEYQYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""172⤵PID:2956
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1173⤵PID:2612
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs173⤵PID:2404
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1170⤵
- Modifies registry key
PID:1588 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1171⤵PID:5004
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2170⤵
- Modifies registry key
PID:3616 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1171⤵PID:1608
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f170⤵PID:3004
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qyEYAEAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""170⤵PID:4128
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs171⤵PID:4044
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1168⤵PID:3244
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2168⤵PID:4516
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1169⤵PID:508
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f168⤵
- Modifies registry key
PID:5084 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\augYIUgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""168⤵PID:1916
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs169⤵PID:4316
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1166⤵
- Modifies visibility of file extensions in Explorer
PID:408 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2166⤵PID:936
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1167⤵PID:4996
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f166⤵PID:3312
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1167⤵PID:1000
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CWMkcEEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""166⤵PID:4820
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1167⤵PID:2380
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs167⤵PID:1552
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1164⤵
- Modifies visibility of file extensions in Explorer
PID:4928 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2164⤵PID:4044
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f164⤵
- UAC bypass
PID:1344 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mEoEQcwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""164⤵PID:3348
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs165⤵PID:4340
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1162⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4656 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2162⤵
- Modifies registry key
PID:3584 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f162⤵PID:5084
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BKUIsQoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""162⤵PID:4288
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1163⤵PID:3784
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs163⤵PID:3228
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1160⤵PID:3704
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2160⤵PID:2612
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f160⤵
- UAC bypass
- Modifies registry key
PID:1464 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vosIowQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""160⤵PID:3196
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs161⤵PID:1688
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1158⤵
- Modifies visibility of file extensions in Explorer
PID:2244 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2158⤵PID:708
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f158⤵
- Modifies registry key
PID:1220 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RgcEoQkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""158⤵PID:4632
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs159⤵PID:3384
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1156⤵PID:1688
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2156⤵PID:4376
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f156⤵
- Modifies registry key
PID:1812 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MgogQoMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""156⤵PID:2216
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵PID:4300
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs157⤵PID:4664
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1154⤵
- Modifies registry key
PID:1020 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2154⤵
- Modifies registry key
PID:1380 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f154⤵PID:804
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵PID:4724
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wIogUIcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""154⤵PID:1608
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs155⤵PID:868
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1152⤵
- Modifies visibility of file extensions in Explorer
PID:4420 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1153⤵PID:3756
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2152⤵
- Modifies registry key
PID:4664 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f152⤵
- UAC bypass
PID:1852 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GkEoMEUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""152⤵PID:3520
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs153⤵PID:5060
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1150⤵PID:2380
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2150⤵PID:5004
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1151⤵PID:1100
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f150⤵
- Modifies registry key
PID:508 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pYEIMsgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""150⤵PID:1812
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs151⤵PID:2956
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1148⤵
- Modifies visibility of file extensions in Explorer
PID:3700 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2148⤵PID:4796
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f148⤵PID:3768
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vuQcckIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""148⤵PID:1040
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs149⤵PID:1916
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1146⤵
- Modifies visibility of file extensions in Explorer
PID:2028 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1147⤵PID:4492
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2146⤵PID:988
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f146⤵
- UAC bypass
PID:856 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VqsAAUEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""146⤵PID:2312
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs147⤵PID:4500
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1144⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2652 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2144⤵
- Modifies registry key
PID:1288 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f144⤵
- UAC bypass
PID:2468 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rGssMAsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""144⤵PID:4968
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs145⤵PID:3352
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1142⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2576 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2142⤵
- Modifies registry key
PID:3936 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f142⤵
- UAC bypass
PID:3228 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UKsYQIYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""142⤵PID:4724
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs143⤵PID:4048
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1140⤵
- Modifies visibility of file extensions in Explorer
PID:1100 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2140⤵PID:1764
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f140⤵
- UAC bypass
- Modifies registry key
PID:2956 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yoIQEkQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""140⤵PID:2476
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs141⤵PID:4424
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1138⤵PID:1952
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2138⤵PID:3784
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f138⤵
- UAC bypass
- Modifies registry key
PID:2596 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OcswUggw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""138⤵PID:3076
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs139⤵PID:5004
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1136⤵PID:4572
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2136⤵
- Modifies registry key
PID:2660 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f136⤵
- UAC bypass
PID:2576 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rgwAIEcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""136⤵PID:1032
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs137⤵PID:4908
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1134⤵PID:536
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2134⤵PID:4760
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f134⤵PID:4664
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rgAAkcsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""134⤵PID:4996
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs135⤵PID:4104
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1132⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2304 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2132⤵PID:2768
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f132⤵
- UAC bypass
PID:3760 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nQAkMEMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""132⤵PID:3620
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs133⤵PID:4884
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1130⤵
- Modifies visibility of file extensions in Explorer
PID:2120 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2130⤵PID:1688
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f130⤵
- UAC bypass
PID:3256 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FykcAUAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""130⤵PID:1264
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs131⤵PID:3156
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1128⤵
- Modifies visibility of file extensions in Explorer
PID:3024 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2128⤵PID:1884
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f128⤵
- UAC bypass
- Modifies registry key
PID:3600 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aAYkEgAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""128⤵PID:4208
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs129⤵PID:3260
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1126⤵
- Modifies visibility of file extensions in Explorer
PID:3732 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2126⤵PID:4052
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f126⤵
- Modifies registry key
PID:4720 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ocwYkYkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""126⤵PID:2660
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1127⤵PID:1552
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs127⤵PID:4244
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1124⤵PID:4492
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2124⤵PID:4548
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1125⤵PID:1388
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f124⤵PID:1952
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mqYEoYUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""124⤵PID:5004
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs125⤵PID:1344
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1122⤵PID:3156
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2122⤵
- Modifies registry key
PID:2520 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f122⤵
- UAC bypass
PID:1808 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bMMwIQoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""122⤵PID:3384
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs123⤵PID:4932
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1120⤵
- Modifies visibility of file extensions in Explorer
PID:3228 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2120⤵PID:3272
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f120⤵
- UAC bypass
PID:3452 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\basAocgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""120⤵PID:4300
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs121⤵PID:3756
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1118⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1140 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2118⤵
- Modifies registry key
PID:5008 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f118⤵PID:1020
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BAQIAosI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""118⤵PID:4948
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs119⤵PID:1080
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1116⤵
- Modifies visibility of file extensions in Explorer
PID:1668 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2116⤵PID:4884
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f116⤵
- UAC bypass
- Modifies registry key
PID:2416 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dEAUAwog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""116⤵PID:988
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs117⤵PID:1552
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1114⤵
- Modifies visibility of file extensions in Explorer
PID:5040 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1115⤵PID:2500
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2114⤵
- Modifies registry key
PID:372 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f114⤵
- UAC bypass
PID:1492 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qmUgcEYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""114⤵PID:1264
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs115⤵PID:5080
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1112⤵PID:804
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2112⤵PID:1180
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f112⤵PID:3688
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GGQcYUok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""112⤵PID:3272
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs113⤵PID:224
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1110⤵
- Modifies visibility of file extensions in Explorer
PID:1040 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2110⤵PID:3548
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f110⤵
- UAC bypass
PID:3348 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KOEookcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""110⤵PID:4108
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs111⤵PID:4300
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1108⤵
- Modifies visibility of file extensions in Explorer
PID:660 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2108⤵PID:1468
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f108⤵
- UAC bypass
PID:4208 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QgEkssgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""108⤵PID:2500
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs109⤵PID:224
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1106⤵PID:4272
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2106⤵PID:2140
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f106⤵
- UAC bypass
- Modifies registry key
PID:1100 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JKwcYYYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""106⤵PID:3312
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs107⤵PID:1860
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1104⤵
- Modifies visibility of file extensions in Explorer
PID:3352 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2104⤵PID:4364
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f104⤵
- UAC bypass
- Modifies registry key
PID:1812 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jeEIgscg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""104⤵PID:3748
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs105⤵PID:3784
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1102⤵
- Modifies visibility of file extensions in Explorer
PID:988 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2102⤵PID:508
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f102⤵
- UAC bypass
PID:1860 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hoAsUQwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""102⤵PID:660
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs103⤵PID:2816
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1100⤵
- Modifies visibility of file extensions in Explorer
PID:4272 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2100⤵
- Modifies registry key
PID:4924 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f100⤵
- UAC bypass
PID:1040 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cMUgsIQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""100⤵PID:4868
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs101⤵PID:384
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 198⤵
- Modifies visibility of file extensions in Explorer
PID:2988 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 298⤵PID:4376
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f98⤵
- UAC bypass
- Modifies registry key
PID:2588 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SwcYEQkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""98⤵PID:4580
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs99⤵PID:3224
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 196⤵
- Modifies visibility of file extensions in Explorer
PID:4080 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 296⤵PID:1180
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f96⤵
- UAC bypass
- Modifies registry key
PID:2500 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CGwcwEIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""96⤵PID:400
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs97⤵PID:224
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 194⤵
- Modifies visibility of file extensions in Explorer
PID:2800 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 294⤵PID:4332
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f94⤵
- UAC bypass
PID:508 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UYcIIoww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""94⤵PID:4564
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs95⤵PID:3024
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 192⤵PID:5060
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 292⤵
- Modifies registry key
PID:2952 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f92⤵PID:4392
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\niEYsMsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""92⤵PID:1120
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs93⤵PID:3704
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 190⤵
- Modifies visibility of file extensions in Explorer
PID:3768 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 290⤵PID:372
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f90⤵PID:1016
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dqkcQocM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""90⤵PID:1344
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs91⤵PID:3212
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 188⤵
- Modifies registry key
PID:3004 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 288⤵PID:3272
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f88⤵PID:2660
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zeQkYMYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""88⤵PID:3760
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs89⤵PID:1032
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 186⤵
- Modifies visibility of file extensions in Explorer
PID:2800 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 286⤵PID:508
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f86⤵
- UAC bypass
PID:4964 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EiEIocQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""86⤵PID:2704
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs87⤵PID:4420
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 184⤵PID:3092
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 284⤵PID:4044
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f84⤵
- Modifies registry key
PID:4820 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kUkMgYAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""84⤵PID:1860
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs85⤵PID:868
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 182⤵
- Modifies visibility of file extensions in Explorer
PID:3156 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 282⤵PID:3976
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f82⤵
- UAC bypass
PID:116 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\keoocIIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""82⤵PID:1088
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs83⤵PID:536
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 180⤵PID:2040
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 280⤵PID:2360
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f80⤵PID:3352
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MKsUYQIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""80⤵PID:4948
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs81⤵PID:2716
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 178⤵PID:4288
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 278⤵PID:856
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f78⤵
- UAC bypass
PID:2644 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jWMYMUUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""78⤵PID:3040
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs79⤵PID:4968
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 176⤵PID:3092
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 276⤵PID:1328
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f76⤵
- UAC bypass
PID:212 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DCcwIkos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""76⤵PID:2660
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs77⤵PID:876
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 174⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2468 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 274⤵PID:1392
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f74⤵PID:2244
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FKcckscw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""74⤵PID:4728
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs75⤵PID:2968
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 172⤵PID:3968
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 272⤵PID:4776
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f72⤵
- UAC bypass
PID:1264 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ByYgEAYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""72⤵PID:3196
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs73⤵PID:724
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 170⤵
- Modifies visibility of file extensions in Explorer
PID:1576 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 270⤵PID:2032
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f70⤵PID:2884
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EUogYAEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""70⤵PID:4372
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs71⤵PID:4628
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 168⤵
- Modifies visibility of file extensions in Explorer
PID:4664 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 268⤵PID:4820
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f68⤵
- UAC bypass
PID:876 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\smgAgUkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""68⤵PID:3068
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs69⤵PID:4624
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 166⤵PID:3768
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 266⤵PID:1492
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f66⤵
- UAC bypass
PID:448 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MgQcUQog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""66⤵PID:2536
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs67⤵PID:4612
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 164⤵
- Modifies visibility of file extensions in Explorer
PID:4564 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 264⤵PID:732
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f64⤵
- UAC bypass
PID:384 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pwEwkkoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""64⤵PID:4636
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs65⤵PID:1832
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 162⤵
- Modifies visibility of file extensions in Explorer
PID:3152 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 262⤵PID:2024
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f62⤵
- UAC bypass
PID:4628 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FOYsksQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""62⤵PID:1508
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs63⤵PID:2812
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 160⤵PID:2596
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 260⤵PID:4548
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f60⤵
- UAC bypass
PID:4224 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JckYswgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""60⤵PID:2360
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs61⤵PID:4252
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 158⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2996 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 258⤵PID:116
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f58⤵
- UAC bypass
PID:3604 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wioYoYwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""58⤵PID:4064
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs59⤵PID:876
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 156⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1020 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 256⤵PID:2244
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f56⤵PID:1540
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IyAccsUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""56⤵PID:2988
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs57⤵PID:2468
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 154⤵
- Modifies visibility of file extensions in Explorer
PID:2532 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 254⤵PID:2472
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f54⤵
- UAC bypass
PID:4660 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uQUsgwgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""54⤵PID:4332
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs55⤵PID:1264
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 152⤵
- Modifies visibility of file extensions in Explorer
PID:4396 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 252⤵PID:4148
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f52⤵
- UAC bypass
- Modifies registry key
PID:3688 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TEEocAok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""52⤵PID:1668
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs53⤵PID:4364
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 150⤵
- Modifies visibility of file extensions in Explorer
PID:4368 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 250⤵PID:4624
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f50⤵PID:2080
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vAsMAsQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""50⤵PID:2124
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs51⤵PID:744
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 148⤵PID:724
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 248⤵PID:2292
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f48⤵
- UAC bypass
- Modifies registry key
PID:1752 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pOUsAEYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""48⤵PID:2416
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs49⤵PID:2384
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 146⤵
- Modifies visibility of file extensions in Explorer
PID:1468 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 246⤵PID:3260
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f46⤵
- UAC bypass
- Modifies registry key
PID:3748 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zYUcEIMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""46⤵PID:1392
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs47⤵PID:804
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 144⤵
- Modifies visibility of file extensions in Explorer
PID:4864 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 244⤵PID:2032
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV145⤵PID:2344
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f44⤵
- UAC bypass
PID:2024 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GkIEQMgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""44⤵PID:1140
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs45⤵PID:2308
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 142⤵
- Modifies visibility of file extensions in Explorer
PID:1856 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 242⤵PID:2176
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f42⤵
- UAC bypass
PID:4548 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YeUoEkwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""42⤵PID:4068
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV143⤵PID:1668
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs43⤵PID:4396
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 140⤵PID:1620
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 240⤵PID:3548
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f40⤵
- UAC bypass
PID:4180 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AwwgYwEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""40⤵PID:4712
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs41⤵PID:3784
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 138⤵
- Modifies visibility of file extensions in Explorer
PID:4940 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 238⤵PID:3976
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f38⤵
- UAC bypass
PID:2816 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TKUwQIAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""38⤵PID:3520
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs39⤵PID:2292
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 136⤵
- Modifies registry key
PID:1816 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 236⤵PID:4660
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f36⤵PID:2472
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NKMksMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""36⤵PID:4884
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs37⤵PID:2260
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 134⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2240 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 234⤵PID:4868
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f34⤵
- UAC bypass
PID:1668 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RkIYokAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""34⤵PID:3068
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs35⤵PID:4664
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 132⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:960 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 232⤵PID:4100
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f32⤵
- UAC bypass
PID:1480 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xCAUMwoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""32⤵PID:4960
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs33⤵PID:4832
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 130⤵PID:1628
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 230⤵PID:3468
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f30⤵PID:1196
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yYsQIYws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""30⤵PID:4600
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs31⤵PID:460
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 128⤵PID:2884
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 228⤵
- Modifies registry key
PID:2612 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f28⤵
- UAC bypass
- Modifies registry key
PID:1884 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MkQYogAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""28⤵PID:4340
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs29⤵PID:3976
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 126⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3004 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 226⤵
- Modifies registry key
PID:4660 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f26⤵
- UAC bypass
PID:4968 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IIsAkEwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""26⤵PID:2172
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs27⤵PID:1000
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 124⤵
- Modifies visibility of file extensions in Explorer
PID:868 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 224⤵PID:3580
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f24⤵
- UAC bypass
PID:2652 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fsAUEoko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""24⤵PID:2644
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs25⤵PID:1508
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
- Modifies visibility of file extensions in Explorer
PID:4996 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵PID:216
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵
- UAC bypass
PID:1344 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vYQccAsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""22⤵PID:1948
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵PID:4548
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵
- Modifies visibility of file extensions in Explorer
PID:4316 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵PID:1628
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵PID:4788
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NWwIssIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""20⤵PID:1016
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵PID:4908
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
- Modifies visibility of file extensions in Explorer
PID:2964 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵PID:1608
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
- UAC bypass
PID:916 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fyswEoAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""18⤵PID:3200
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵PID:3452
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 116⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4880 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 216⤵PID:856
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f16⤵
- UAC bypass
- Modifies registry key
PID:5084 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KeMsEUkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""16⤵PID:3760
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵PID:4724
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 114⤵
- Modifies visibility of file extensions in Explorer
PID:936 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 214⤵PID:2404
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f14⤵
- UAC bypass
PID:868 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WQwYAokg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""14⤵PID:2176
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs15⤵PID:1964
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 112⤵
- Modifies visibility of file extensions in Explorer
PID:4964 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 212⤵PID:2052
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f12⤵
- UAC bypass
PID:1688 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MKIEUkoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""12⤵PID:1080
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵PID:4140
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 110⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:660 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 210⤵
- Modifies registry key
PID:1324 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f10⤵PID:1468
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wyIUsUcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""10⤵PID:4320
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵PID:1264
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 18⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4088 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 28⤵
- Modifies registry key
PID:3156 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f8⤵
- UAC bypass
- Modifies registry key
PID:1608 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RsYMcYQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""8⤵PID:4340
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵PID:4620
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
PID:4664 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵PID:1508
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
- UAC bypass
PID:880 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BcUUwsII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""6⤵PID:1000
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵PID:1552
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵PID:2164
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
- Modifies registry key
PID:3068 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵PID:868
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dYsIwIUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""4⤵
- Suspicious use of WriteProcessMemory
PID:1180 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵PID:2692
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵PID:2052
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵PID:960
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
- Modifies registry key
PID:4924 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TOEEcoog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-07_0c131b51e74f221161f6a59c1ea55ab9_virlock.exe""2⤵
- Suspicious use of WriteProcessMemory
PID:2956 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵PID:4424
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
141KB
MD5bef68e8be209b9834a1a3e98e9ed76fc
SHA15c77c28365bff4e5d53da7a7815f55501e3c6ec7
SHA2561e553be8fe2f9d1a7da642832d5f8c9d5b6b6374d86a592ca7add94024a45ad2
SHA512f080489667ef05cd61c3e58b5dbf7e6e16c00fd6991eca61c84a553d419f9b03c44e523026bd4d5e5d8e2024c8f280ab9e151ff83dd440d5e86668d2e4e72352
-
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
Filesize235KB
MD50b6c948ec28cf8c8e83d4eb48c4825ff
SHA1200cff3ccba999ad073fb084fa2dba2e33999def
SHA256aac5dabf56036498fdf4fd575d60564bfd60d7069f99ffbe90913700c00039b2
SHA5121567ca304a8af6a8ea3b1d6db8812645ed7c9ddd14f685aa08d515638bf4043eb4152eaff028782e36d981f122f2efb484c15df9dd4d862f465937cc49af7058
-
Filesize
555KB
MD5c7b24dadf8775fe7f7379fcc2eb84e09
SHA125abe679510520f91be5c00ce0c5e4889b8ea218
SHA2568e634c192b51fdc2b84fe0df2db558b1264782108993873eb801366ddef647e3
SHA5128edb5fdfc791d42989bb14fd0c84a02d3e71d4510fa88ad9f089817f51793ebb526b79efb24a1e75d36c6cb2065cd1d3efe29307bc5d114fdac3cd7c88687795
-
Filesize
109KB
MD51c60c9ad61e00123998080270c0e31aa
SHA1ae9b7befda4e935f85843d986a631219f4173efd
SHA256698d3a64c7f972f1095ebd34a50fba1bf4d74bd4a164e8180278cb7cd17ac76a
SHA512ab76e7175e459e8e738f9eeb7e1cf5821047c4ebfe3d1a881d470865618f5b5327e2fd80bee3b052ab9d22d4e888461bfcd35e848c32b721ee3a3bfc7847a240
-
Filesize
125KB
MD5aef7c3c1f75e636873333e74cbe3517a
SHA13d07100e1475ffa209fb1bc7ce5b9fc41e277759
SHA25676b3ade7abe71bf9f1a3f935cde7994b4c0e6a07b4e3905672e29596348bb8ce
SHA51247e2fa7ab296426eec69614e2a6c209b30f6f58dbf45cc04c04256c41b863d06523f1c0d1fb6e6eb648e4ee73c1f513a6a258763e72cb82102222a93e4c6124d
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-150.png.exe
Filesize112KB
MD55af4d3fea4b645f17a5a8c7f3710b156
SHA1fe0034f882246d792f8226552735ad6e7d6b448f
SHA256b0228c03221f899342d97583970392b6d3514d3f11056b7e23eb538063dc6ac6
SHA5129496bd3b675a739d2b852ed8e763bdc68612ce75ce6a5f7b78c52082d9842f4a2ef484ce29042522615c4545e50bd3e9af79b46d646a397d338335b217bfb410
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png.exe
Filesize110KB
MD5d1d272ae2688cd0f6aeb6d9d666d5246
SHA1ef3357c6900180fcf6bd1454efe14ab4e513e9e1
SHA256f5d64f4019fd9990cfcee0cc0a2a62fa3550520db98966847a255f74699d1421
SHA5129117fec970075e9460305f3e1047cdfbef77432b180ac305a978fececf1797ad393c19446ca3939b85f38fd2eaa1fb3d760d5c132168d01921b3817a23b28f61
-
Filesize
110KB
MD596706a36d892a297951675b3da99bd2d
SHA121dbb2777c29daf612e9e8d31b19ed09c9ce5b12
SHA256c141573452987a5a5c58acbf9430d5c898837a5dfab0aa91ae8c51f29e5d2f39
SHA512932bfb1aff9f4acab5b9746e2dfd9a93a55956cbbf61c744906fe3d3f2c46f7a5ed4cf15cb2208246f65dd461d4aed924e88e79475c3d5050838baec3af46563
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png.exe
Filesize113KB
MD5bf37b6aff787722ca7b3f79622d4f41f
SHA1f63fd09668fa45c94837316168dc0eac2942177e
SHA2568c1ed7d9fad718e1f84700862b99f2384ca2f676f35bfca58ec482e086506cf6
SHA51251ddc75e577dbe37bd9fead597cc838c5a1465e80e7ae78b99b7c5c844495226f1cb3f78fdf26f041c370b60e7828f40708f27016853e6dbc144bbbc86f81bce
-
Filesize
48KB
MD58069e690a23c6c533e7209fc672f9b23
SHA17c4c896dd84d8cf02eac5f74282a18323a0304e3
SHA256e7e85353e559a647deb852fe76bcfeb7e0bac16c43ea107f523ca158e36159e0
SHA5126f37198327e617aef5c0a41bf4e4098ef827aa520d98802ab93653bcbdce0646b370104ffc8feb25fece2593762d9bf6943dd6459f97e1356e602a680759044a
-
Filesize
351KB
MD5d1e55266b6c4764c7877931af0dd89e3
SHA1e4b353c6234c6045f8a3582949d5eb36d905a7ed
SHA256d5c4fdcba92e3403ce0cde2da0c8d4ee8675c183cd76bf183000e5239d123bd6
SHA512f4bcb04ddc430b65deb977ae4eddd10d08ec8a156e94167a1616c8c1f538e6d5f3c9c9085ffc8403cc2728653516039d3917d05f698b100fc29620a6a2a5b5ed
-
Filesize
111KB
MD5a4f379d8e658d03716cfb65d2c1097e6
SHA1ab50bbc5e85a9db808faf09c5cdab37a8a67939e
SHA256dad90a7a32317e1577955b9287b30448dc1ebd84f4ac1de2515ec037c6e0b58c
SHA512a392b3af79b65fd6d25c5999b39f4511bc0aac0df7fe0578fe32c19f7aaa3de01933b696dc1304b168b98a317e28eb70bd2a721f8edc52cfef4b1926fd4cbb99
-
Filesize
5.2MB
MD5c589a06b2a9ab113977bf76a953e8751
SHA1eaa8b051efb1d681f484377653078e88155aa417
SHA256dbf2919ddc4a4dff9ed207fe936cc46973bf9f609d9d229aa6d6db0848e56e51
SHA512accc0b2b04b0d67c519d0106ae095636512a8cd04f7ac70add7170ea0fcbb8b7d9060540da3e8078e255664d464bdaaee87bf51f978aab4c1df4c90c441bd519
-
Filesize
149KB
MD54e701a44d510e7e9a1d96dfe225423c6
SHA1d36d70d4b3ead57ce63abb0c52663afefdb77389
SHA256cda86499387afee15c64f58abb72bf8a0d68705b27cc754e90fc0880880fa8e4
SHA512c0b7cbc05d421be58eb5ade338b2ae40637ffd63741ba283f3520db78c177a8f65d378b7d2c18a9a3c47efb400c0753238b0277eaa5519dd8c030f9378ea27f3
-
Filesize
111KB
MD5b905ca04932089f36c176589d2b4b066
SHA1d35ca8d96fa1a08d97a6e78e829dd5ea680739a6
SHA256f4be6b561e99b20e62d0a497c90600b01db9ce84a9d3c5d5155a24ae0e2f009f
SHA512bd32394c74d30e630e84e92ba558f8ee2f24ee3cf8e1cac6d772685eccb6a32663f4236e0f2861884ff21338b85b8248fd8a0603792632fa6500012133596a7c
-
Filesize
564KB
MD5c423a524002fddcc09cec01a4b66055b
SHA1f827709bb592b2d4c7ba6c0fa2823d7cab8fe256
SHA25679e4c21d0a38576755f6d5db5f9cfd50abe95a4a4448b862552294510b09f399
SHA512814e81000f027473fa9e38c8df20a6d07059b12547db9f55f9e1224a2036953e5268f623cbe6ecaa18b1529f6eb022058b0de0bb470187cdc3f0a770905ef5fe
-
Filesize
4KB
MD56edd371bd7a23ec01c6a00d53f8723d1
SHA17b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA2560b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA51265ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8
-
Filesize
116KB
MD5709482c83e0d5d5a7a37ae0c4fd2070a
SHA10bc791c9fcc887c690e26437fbcfdd137fb7b1d8
SHA256d9bef30ef6c59677660fe824c99bd0981b7850a5222605d87abc1b4e29a51ff1
SHA5125e862064306c275ca3cf626f9c8ad2d8e5c7a1e80221fb9109dc80d10802b1f8ce3d8aea0202d23a8b804ff4db5aec4f97dde7669fa010fb85b5b6e0798a1ef0
-
Filesize
1.7MB
MD55ec26070e397239eff8ea4d90baf8a63
SHA1c3ccd98a8a896283798cb754465ee3e907daace5
SHA25664635f30a16c16b4df4408c07476020e9b1c5cce58cef1fe5b8bf89c8561262d
SHA512fec7841ec586c6e01382b66793d0b22874c8ac74800ade4a962e235e052b68a0c6cdc5dc1c0e929dc6f34ada6930b0ac1ff5a9b8c0a38dda7a6efd15b39982ae
-
Filesize
118KB
MD52537f12130efb34a221f53a7c2d37685
SHA1d1b9d6d05de848c8d31851e43a833fe9be5438a5
SHA256399ae761662ab6f719d0c82dac45b8ed5d96c07dad93761dac38dd1bd50b37bf
SHA5128f2da8ffea02aaa0696d2f6df879f98bb88fefbc8e691d9451df8eaf209a140ff315138be016bc3829e25545aa0ae5c31ca1bace52d31735fb5d709a844bd4ed
-
Filesize
139KB
MD55429b3af393fa7cb4e45be7b7ec9592c
SHA16dd1e6e87c9bb20906bd0f05b58e36e9616016d5
SHA256207019a29de150955aa44ae7a8f24c8f1040da39994bcc4b53c9e61affb48e51
SHA512a3fc26bab81e6fa3ce0350523c171b09c8947ece7d1b4024e200ef42c966cd74f752ab302b0d5ef3f24a59ae2459d16f2ced87f45a4700134214f35ca5610359
-
Filesize
158KB
MD5f3b9e4fe74b4cd5b82c2c11a25fc2e92
SHA15d6680c367f948b040d40b0433f6a511c7cfba5f
SHA256523596a60a0ed92f714681c926a15fe79eb8cd19629d2d3ac76a3c0966c9a6d6
SHA512abc04be2f50043f72c44bd820fc65191e0ecd4338e1325d8ddf6c66618f9e5390e2ed2d946550a5cffbc7a131250b03b81eeb1d8ce26135a20e4a0e57450a4be
-
Filesize
531KB
MD5527c01a3bd96e7031b341531899fd306
SHA15ea4f54b0fe4cc03ede191324828820f853c98ed
SHA25642852081b3251ea18ca5246731fc46a1df817abc68f6499fd8d437c28e2f727e
SHA5122127eede0f23a7730bee41b6c2b610127075090847a64e5297a0c8075921e357753ec6bf029734133b2ac948953acd6c5b865273426a964c256261afc0491287
-
Filesize
113KB
MD5b46192bd3306fba380bc5db41c89718f
SHA104bebbb45baf5063078fbc03b00af2f176ee6ffc
SHA256135d093b733384da43fdb8776b3a43552e148d60e22e35c9cd0f6fe7d99c4949
SHA5125fca0c442f819ef8ed1609ce344dd50b64039d45b1c5fb184baa8b6f8b17a1bcf5f957730516810860e4da766d187d7a0c98c83165dc5cdf15b39750a8d804f9
-
Filesize
528KB
MD550e2ad9fa073c2664bbbc722d5eec268
SHA1101690691ab1ca295d81974b78e90303a53920fd
SHA2565bfc09fdcc22d94c08dfeca0b0c5717608e6e5d4c1dfb3b4fef80f877b20d472
SHA512fb694a9436853bc3f6aa30de32c17a9a1a6f9ef178b52447922a0bbd1bdcfde294bd0cdf656523c8ed3589a3bdc6aa6db5df40603f2c0c1ab637d46e9679b1a5
-
Filesize
112KB
MD59b78570166ef2509f35d8e92f8c697b8
SHA1d777aa8b24bddf6d70c101a99661be8ef082dcb0
SHA256068f8641ced5e377dfa01ce2487ccbb680071b254f32cd46429f1f36bcd49d46
SHA5127e6841fcce14326795a642f0796c418cc0754492e0154df9f3f28488a9052162880cc6884151e526e8e636a45ec3aec22d6c06868bda37e2abfefd5976f68519
-
Filesize
565KB
MD5049fe1b61f6f769119e387a2cf62f06b
SHA10003235f424cd14158d49c2a6ef8b17d7da030b1
SHA25684f03478b226e056fddfffe1fe55f3e5dd9137719ea19a41bea405dc9024f3c5
SHA5120dfbcba5014695e282a75e274eb69a602868911712cba7a5ceb9756ba499c3bcf84dc50de2a685f20bd1cfb69f30a640af859a8b7ac4ccc3445491bbbb9acaa6
-
Filesize
4KB
MD57ebb1c3b3f5ee39434e36aeb4c07ee8b
SHA17b4e7562e3a12b37862e0d5ecf94581ec130658f
SHA256be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742
SHA5122f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6
-
Filesize
111KB
MD5872a21f4d96582b09fac1edd9cf9e633
SHA16aaf460efcd70b4e6510d617d532a550e0eadc1e
SHA256c8613815bf79d04c1f5e4cf22332ba5b9c3b28c510d72b5233f3c6714f3ceadb
SHA512d9414afefd7c7a58889295e0d497c81b626f1e9caa6aa091cdf45cb2326857dddc9092d5c05d140e887a072a11ce6dff8ec15b06160e5e00b7d1ad4dde78dc6c
-
Filesize
120KB
MD57fbd5505ae1c85bbf655f7d930660350
SHA187f430362a94a375822b95421c77b860c78b1fb0
SHA256b6f67d4bb3ab0ceec53eb5865c2bc68a2766d2847af41940e7f3c17bc0957268
SHA512697f547a7de33f105b938a387125ede31e1a882f5f4fe8f85c343fc36a4037bedf340efcba5b0b37896eb2924e3cc7e68efc2128a0d9d4d10f871d1f19f20efe
-
Filesize
148KB
MD5511288dd29f2d6124c7c81562d4f1e9d
SHA14d73386e4560d71fa7ccb67f0f26de61b6ef42a1
SHA25637a599b5768dd284fa2f7e403cffcef5189a2221637c58ca53be3b9d558507c9
SHA5120a38b10d06421324c22c9ddf79b9519053596867ff3695105042262ac92e6538b9eeb86ea401e7c9556c93f84e54f2fe6dc7d4c996c341e7570603e8b6b4640a
-
Filesize
109KB
MD5a2e9a0117b3afbb7ae7f13ed3fe6a008
SHA19ba3d9be9a028f5779a585e169daf8648047732f
SHA256660d47a98f100b0304d44b0cb4e9302aa90c997e6451ae4e55e5ab4f4d7b396f
SHA5129e96cf01db5c80698b46f4caa7ec4789f874af027213eebb4702f9022c2cd41277bb1bdeb2e3b3a926fb19fcc4260754915b939032694e55b9678243e3b7fc65
-
Filesize
112KB
MD5fae5b6d99be95ec40080db4c53231f7b
SHA15990e929e0f3eea6e0bb9604c3a747b701276844
SHA256231f3190c480af079ad29d85d70d18e0a45b3ff37f34f9cb106637d6eaa9b456
SHA5120e193f1676b8a4a50f9a0ffd28d1c2f86bcd1d08ae6f7ad9a0913020ed9c9444bc76a6a28a6201e5496e660b17b6c22f60c7d93bfabad78a50083e5a629ae447
-
Filesize
699KB
MD56730eefab191bad5e451db36dce36896
SHA1a707e40f78b60d0893517ccea75ccb3e2c288d2f
SHA2564f64835ab5e9d73dc89f27162348d2b3519bc3210c36bf90be621fe0ce8b0683
SHA5127c2781d0d1353169f22d2eb85bbdad25d779e5db80fd07ec19b934929fd341c7ad3a133a072fd51a8dba55637d29128eb0b680ac812814e4f12045ac2b8f7e0e
-
Filesize
110KB
MD505860a5aac54b4bbe3d8877be068d141
SHA11defc19a808e24f9e4e8efdd61cdbe7caceeb39c
SHA256bc8c7dc9454b4fc347cd022fe61af6474d7354f0e24595e844d9e525cf50cc70
SHA5125dd6b27974f37e58089f1f8f2e0b6bcc545b94b768d7a0a9f9d54d9eddb41a035b2a0dc83d9a6e04ccb5db8f818a8ce79f6f31893253f37fede0d662a5c9e1e1
-
Filesize
112KB
MD5d185a8b59c2ade40eb4822d80fc64205
SHA1666034b68cd2d3c76f9a923e91d7d369c1a97fea
SHA25686ed7b03f3f3d7b08ee2a924c5d7a604c5345c46529304a9587b166e3c090926
SHA512c2c6fa9acf2322762c29d586626adde14791a3ac548c591fb9f92631557a88e5659966b8728b9d29834c9f2fc84e992363d9c1395d6f308c4cbd11a35ced4717
-
Filesize
112KB
MD566c775d04b1c0559fa6a267a631cd36e
SHA17075ec8a93521326eba99b44218331ab87793919
SHA256336aa111793e877ccc9e4280647251ac570156f4a2a5ee5dc34b5711e5dc915c
SHA512dc4418efb2166501d2beebe8449e21b0b216a90f3fe156fb4df3d56f6f10d3aa9973bc595fcd6733394327f46f44b3f98ddb22bc95ee28d82110820239ed88cc
-
Filesize
447KB
MD5a3a09192de6db3d41bde58ffee74fec6
SHA1551a633fee4b3db7685c0f036df1b918e999b161
SHA25674abb2c8decd655258c463938390b4b9701aab6c45965eb27c46e9a885f1b761
SHA512685257fb927e14942a46cf253816b66329ca353d84f2dcf5c2c24d9e54855052890f8f084886060d5c0439cdc6a91c42a6f051cec4afad7fa42dd7b7e4d8a4dc
-
Filesize
484KB
MD524eddfd52ca9132f806aa85c22fd3988
SHA10dfdb043bebebaff4a0e4308494b64b33002f1fe
SHA25624a9afa77c8acdec248238928843c7099021f1479e0e697829c4ebfaf97be297
SHA512e54a87ec9e0c45876a0cfbcfb5829125c291e98a688813401ac5771dde81527e01f0c62b3d595c5530345b29537d3cea92e82b3cf17611c5edf38ef7d43b8364
-
Filesize
558KB
MD5ab99662cebfddeed16d16125c52dfed2
SHA1cfcdb3e8182bbe97af03fc81cee28cc6915d8ad9
SHA2566162d9d730af5ee3707ca730a4d79c79910ac0b2a128acac0791b9fc8d75c472
SHA5128cb0a407890c70527efc3e208ce7287b4823196c180be4bb19a6c72b0f0f32a31db6e7faa21927e9c7e49ec0335e41aec3b2a8273c812b86db2d3d4a3335d9a9
-
Filesize
235KB
MD5534649734b3151a86440f9ed1e16e91f
SHA161449794981a74881641cf3bec87f8e4d1e5b4b7
SHA256a6eb14f80fdbd23220ab5d2c752f70ba04dc7edb3f253fba18f987305339cebf
SHA512ca6b33ed27b9012c4de1109e9bc1fde2ffd389bec2c09418eeafa66e4509c55e2b148ca1457436facc28938d0797193a331a605e437854f919aa7be439509431
-
Filesize
138KB
MD5c14638818909493a1b5bb8c03d1b3581
SHA1f30a0666cc95027dcb36d5b6501dfd8a849ec105
SHA2568874a410a60c0c393058531421df34edd70d37896904fbaec64d3b22357f208b
SHA512bc9cb9aad2d0d61918be790088b8567d0b94e346f6a81cc3f0e0fd1857362f1614710367299edce63edbb619c35670fd07405e408669269397a4fbaf3f74096e
-
Filesize
237KB
MD5e9be3f95723153c59d4649f919716b66
SHA12d63087868ec3611c046c4f7179b4c62a6765691
SHA256cbaf705204b35f156ccce70ce963a4bf0ff96e7aaa0af1fab741e1a54c6fbd10
SHA5127faec05c5be7af0a2033af9208fdb94a05f0d8c99904c4d177a874a4c81f9e0ff24f33906b804ed79d99c69411eb97e05470b9d72c9515450adadb36bc4c9b20
-
Filesize
118KB
MD554fce53a5e15c551f0737a920f267097
SHA1b4bc39369dcdeb6e7fe4c2f75b23846962b99fad
SHA2568f5c3310a2c6bb0c8834b91ca734e6bfd96562cc6f0fcaa5f0554394e6fde2ff
SHA51214685c19495d76cfbeb4b4d00d18eb663a8bb09861de1e0d129e56ec139d57c43e183295f3aa6dbe979e9a8ea9802785cda6c3c2d0e8edf582d1e306635bc3e5
-
Filesize
115KB
MD5047819fb8daef72f03a0539821445eb7
SHA1784aa0b489884fe70459d32f5dcb57c3e0415b10
SHA25695a3232ff60c42747a905284f11b20078c4a62e39a3d373e7b2ccbae1f2f88f9
SHA512a9b3d84643ab40898c54fe2784afc0dc3f9cd16b7f64b680fea5687386bf0961b9fe6fff5c08b6fee609993ee06513fa7a0f96c450f06cea791fabfce19d3bcc
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
120KB
MD5646a78789f79a9e89b3d448b2b390999
SHA1aefb51846955209653bbbd5a82ec86a27195ea00
SHA256df2afae1ed88d6b74f0a519ddb050b0971be95926e325bba8ebf2c260a2e5797
SHA51294a0ac68e140795cea8ee9bcf482ca656cc6797c46b7da31741ac111dd570bfde04b7492d91f0243f7589adfc82a25fb682f8ee4ab212861ad9580c0905e8653
-
Filesize
112KB
MD5f9ec94326c281d9f6a1a3ebcb9cf90b9
SHA11dff80fe7b78d244ba3222a9f4e4c4bd62875c9d
SHA256986ec3728219ed34fc29a33fc40460e1d3c4014ddeac7818187373db1745112c
SHA512a99e15ef588bc3c01ce8151098392399c061d27e758f6615de3c367f812c2e9430772d2b6819b4c0596bee00e24123050921d9cc54519eae73baf790a9f06af8
-
Filesize
111KB
MD562727d689c572fb7e86d49abb2a3ba04
SHA179c88afbd9e39e28b2a5903da49b49857ee33ea2
SHA25675e50a1fbe98a2cbae2ce7e78c3dc3c4923b349d229e0b9c1f0e901825ed2cdc
SHA512fb0ba97a7b3a94800dd0e357b6068d08f4bb541137f4155b7031d5a9b4cdb558f3fc2ef0157dfe5b6ed1bb66d0e2b0eb5fd4e776ac3412184486ea92eca99443
-
Filesize
789KB
MD502ec7679f2fa4e614979cf87c0f0ed47
SHA15151f158a11eda21c88507245d93e6bb81c1260b
SHA25683051592c275a137a511b43089140faaff1bcb3dab1a5a4fb803282d7aa99ef8
SHA51221963deaa110faec9c2942fcc3735c6a3b0bb99a872c521e4638bd5913f3dcd43f7b82bd8b6dbc1b511f78e22eba23b54df109c892f91ab9dfaf8d162e337125
-
Filesize
111KB
MD5b30a83082860591d963ce12dc5b31ceb
SHA18f6a4aed9b9458ebcabcfab15e0599395dfedbf1
SHA256fd87f2c4916d6bde2a097c579faca7f7f62800663886831ae296e6e19cf46419
SHA5120fe9700b729ec17b97c81286e4558e4ac79adaed5b48829e63d1c6f9c3088941c842c44fe7e8198c845530795b8845318d5120531fc7cbc1a611946b501d487c
-
Filesize
137KB
MD5670f691b40e1c4e56a02ae652c1d9d1e
SHA1ce2257bd45b6aa1c66c2cc973078d02d1d562a66
SHA256c42e553429fd2c1597c103a6827b523ad48d2719b074d271d513aa5b32e775cd
SHA51260d3adaf2b8220f72dd6e8305b528749ece462bc5686771cecbc3629ec6c476fedfdf103c96a77b4c03d0839a5563d54f91b968681e936beeacaf9e2e04510a5
-
Filesize
112KB
MD5621848d9d54d3ab330df2a3da47dc67a
SHA156d86458e71dc1cdc8adfa397fe8f9822f29aa6f
SHA256999e4f517d3b013cdd1c2369e72d9f29c4ebb6b82ff038e943e7277b8b08b69a
SHA5120a32c47cdb3a84987e97f8ee11c539fc21ab503a9bbb8b8df56126ae2f6a40831087fcf155568cf051fafd5ffe8b1092acbd9913918e9f1a2a9c9c4e9c4dfa6a
-
Filesize
114KB
MD5e4378025f6a2f79061a0d2e89519243f
SHA13c0876f943509904665466c258a277c48306f2a6
SHA2568bcbea92d5249c1ec33ee9d0b8f0cc379b5fdf8b24a1d149f1dcbfe328153963
SHA5122d7e986374f0299d233536903fae9040b029375194f8a7019c171e1a6b478c1c3e5114da91591313f87448755251940cc3e84b76157d919c9b261126e8583969
-
Filesize
111KB
MD575f5a4f4ad102b9a6d70718a6a34923e
SHA1d439a5e2738144967ce869be723f04705bc6cdaa
SHA256255bf09f42d21fc9d2e746fcc14c9afe777fc6fa35ca88c87d4b1d38c65373cb
SHA5122cc4d047a91b5c5ab28c74f744b54c8cf940684a79cc72f74fcb0dcf17f29ce1014e8a8543a252a9442e2b9eff0cd6fde9c63317452af645e60780575515be8f
-
Filesize
110KB
MD5209c6b461af144b17d9174d0b56e15be
SHA1eb312141f06ab8c8bebf5633537e2183e2a7094d
SHA256315e4d995a28dad4a2286c0c3875e716b03539aeba652a7ba5fc0d365474314e
SHA512d21d08d5347ba49d5ce2d3a989920c245a449d068cfdc766670c1ddcd5fe9ef2259cd9336de08abeeb04036b3a0472e39fbc8aec9ab9164a793d00e0b119bff9
-
Filesize
700KB
MD5531e4c06019ac454d6baf3709af16279
SHA1d0245e500d1c2c44a709de18a8d84de430d788a5
SHA2567ce5438164b782c80716232399aa556f525836591986874aa5b5834e1d8c97b5
SHA5126ae924652a34bc0478c12d48e4a2faaddfc417f15f526eacbfc83237a88722677a47b9818c2826f9cacee5f77d06e2f544c703677b2b12e1e942a4f73c7f85b3
-
Filesize
120KB
MD5173cd41af4b15961db333fd6416d0114
SHA16c62230ace39ea37726f44b809c28f177e533520
SHA256bca526610dd30aef414f8c4825e63f4a44101c49a5ec9a5d088a56a6e74ba3d5
SHA51267f6f7ad6e7985dcee9423c7b3b98367f44c0933769e91da91c2e209b282b1442f0ba7dec6ee81e3ce1b6f5103bcb4217e27636df2dc4d18e5c5b94bad66dbc6
-
Filesize
4KB
MD5ee421bd295eb1a0d8c54f8586ccb18fa
SHA1bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA25657e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897
-
Filesize
119KB
MD5ce11eac04e3d365a878d4ea28655f4b6
SHA1ee028b5e8a8646dddff01c238b2789a1e7fde7cc
SHA256a30765de3fd337510d323f2ea571f48c840e507de1439d3239e0daa04bbd2f38
SHA51280b7a28e8e6fba088ba9e2630347ab350a1302dcd2d98f8aabde1bd4f1b6006bd8b72ab1481d605f7c7836a70e33b4ab47a0a0cf29a157e1d3e488a206a6e86a
-
Filesize
431KB
MD5538005c2aeb8d46b3467c6265aff707a
SHA1df4a3b645dac69da8d367f082d191a657b24cc1f
SHA256d773463212e5285593ae3c016688030c48532636da4e3340fae508c41f8fa48a
SHA512bbf9e2b7e122ba4978b0317aa75ad46df6b9badc9a926cdd4a2098ea03c0de9a180013264c691e50dacc47e245e8615d5f19d027cef234c430d4a297023404aa
-
Filesize
1.2MB
MD5dd383990384a9d3267f47bc3b0aa5e1f
SHA1f1f89c87a90d08f4b31c8877c45e40a3a3827315
SHA2562dd20fb551339541e9fe098591e4071a65fdec56a440c5e41c45f5927d7eaca7
SHA512b578b5fe8be1f9feadcd96389f36de6d0b455eb18025b47032008333875c18361649187823abadc225e4b98616b2f3f2550b51ddf295c63692f87aaa6020094b
-
Filesize
111KB
MD54a3bdbd0e94cac5e24301be527688c1c
SHA1c95ccfaf5ff1240863fbc48d3763fca0879067b8
SHA256a5a8a4b8c9f3795d90f3758f85b34600c93fd9e997d00a7e586bdcde785b6095
SHA51287005a675a23d5cadad72455536121908ec256989484d081728037713d684490d2496e535bd2f890fe6523c11865ded001861b3213b35f874c3462037ef84726
-
Filesize
113KB
MD58ad8614d9bb65bb9b0832985bfdd5ba3
SHA1054d1785a9abc7c302ffcef9d072a9436863d56a
SHA2569bcfa94ac017553de8781b3446daa8203abe7bdca823b06c94d15232f2b4dd79
SHA51208b51f95fea1a56b6187c7b5e84a7cd32a308f63d92cfb71a2181af3592cc9bf3cd72e92a1acbb10d4ed46c11e921398a00fe553f6ee9ecf1e30b58a75acc281
-
Filesize
722KB
MD53e6f0093c6789fb4c3d2c387cd4b80e1
SHA1a69f13871f5370716c7c86d05317e0f4447221fa
SHA256cbc6e6b4a7258241039dbb3e0b2ddd3c85dad33efba523d7f0b90ae8172362ae
SHA512f563ed8301a7edd574ac43d1f4cc5b35ca1babe52d03183c10a7fdaa624eb63b5d68c94a76a727302fc2ae51c9de17c9dfdb6f8af77ebb349896e72d5eef9855
-
Filesize
638KB
MD5f4aa18957ac4a88ca6dd3ebfcdc15aaa
SHA1f18a5bf17b94e1023e3e4207a9a3dd45c764782a
SHA25618f8e45f5fd1bd3744419aed64bc6bd2d2b5af3fb43c9cce53f26dc8b62d27d1
SHA5127170609013bf6865b4656ba2cf236d9452d7b5d42f24daac2632e73796f7f8b49937e90e183b7bda0c73b4d992d1a95e2b4b8fe07d9960c1bedd1826915985ec
-
Filesize
542KB
MD592c2e4c58cd747112ce322ef00deb116
SHA19527987f77c49ef6798938203eb68c6ee9887108
SHA25627ed6f6dab97dc53ddb499cfeae7199f3b9b0118cb451536ade62b7c29cfd432
SHA512ce740a7c81f5fd13fc8a107faf70ab0e57bed9bf2f764be366cbc152c48511fc5f3c27d75f3ba56dacd43d624c61934c249d81b375e9b810100c342fda715313
-
Filesize
699KB
MD513544f041142f1ac52660d9e9179c035
SHA1c09526ad1d5d8d67e2b33d9621e9e4ab8caa9034
SHA2561ff0f9d36a9e817e7021f8ec1f42534ecafe1bb15bfa6ede8cf97e59f72079f8
SHA51204e859fd1723febadf576e7396975afb4b0fa175315c438077fd5717bf9ef2aea72825bd1eff19f1b97425938a0261cfcfe34ee73539d2a3aee2d257053e8b5c
-
Filesize
111KB
MD51daf5e74e906cdefe735e05837dc611d
SHA15d91f0bf9f1257332a3865204c1623d1339d348f
SHA25678d81742fc6943fa35f9098f039fe580b28f460721ff016520aa0a78ab11e5aa
SHA5120d1e5483580cb739b05af8d5833eded8cfca967d46717805ef8caa09c0bf718d29ae8b522f02733c0640ed908091c072ffe57a58d0d575570508ea610780adcf
-
Filesize
1.2MB
MD53ef22a601d8d4f378c954cffcfc51449
SHA1a7565d635e4feead94c64846677dcf4dc19d54aa
SHA256722e44ee050b3bc748c9190b4ca0aa1330fdb6fdf36690cde29d58877f80ee66
SHA51206de42f815c2d27f19e2bd7814abc95f3d802368d23704068abfe57b001968025cee0a7cd1e55e15cfdff0083cf666acd116c01fe9ff042fdadd8369960451f8
-
Filesize
112KB
MD5eb49eabca8de63e70c53080fb3c70c26
SHA1b684e8c93fd4388557d0b65fe1d52ddd3c06b8d3
SHA2567d2a97d05e2417b6d998099b5d7b096a475de75476343d7bd399ca48a43416eb
SHA5128bc6b03773850213b6401598e2b830a3e04ec4953647c9a4d7e98a9239dd9d2160b1f7c06a9522b1718fb7f59c7188c59352ea6c068492de910d9ad73ceb7c84
-
Filesize
115KB
MD5d0ebfe6babfec84e8358d863b613d806
SHA1d111100ed89e9d67b07e5f12dcc3696d3028a029
SHA2566f522ae3c2af825d3315c7474ce840466693a708db2e0f1a928d02d59de2838c
SHA51299650a1f97e95d54a21e9b6c772b05ba5d15c8d3fae22b610b91327fd86775003015034c3111d1f20c4bf8de3b7a48012e8ca78f7179e5fe7529f3adc7b1b5fe
-
Filesize
559KB
MD555f535d41f60d902b8378a1e3124575f
SHA1b42a134afa857c45dc452dc21997dd760181205e
SHA2568a64e20c297b761ccb2b17ead8d78c1a60f03c4eac0fda3660f2b1657d3c22fc
SHA512fc7acdbabb9711899704010827a087348f1247438cbc56d98d2bab4f570301b42ba735457a444b43e68afb3f4dbece3a7a0e47ac77298509bccfcc913d283508
-
Filesize
117KB
MD57314363e3f32c8798dc47d4dc269aba7
SHA11b06abe55a92d6e7304d9d9ee79d5ac23f826a6c
SHA256cbf82b1557e7132c3caf032b1d3433a7035e1b280b7f56e959bf4d7650875b40
SHA5129780c4aab19a27985588ec33c32f3726d6d7d04f974787282df4ec3a91eac498b0237d443023a4f6a7f424ecdaa0567ff08870339b92efe4c839dbaeb1e52b2b
-
Filesize
110KB
MD5508011cb2e737096e722b2f611b9a062
SHA17633aee1d6308132ca9ad3cf216f032ec9e2f4f9
SHA25681137221304ba7a287174e0a92ce7835f39bb6929865c8dd9c62c8a92a8ff528
SHA51294026db58a0e2f57ba2439e9988c1cd7643e024dd0488d7312ba8d39b6b73ee8fef82b240b00f5c78eae4c3c28f7c875ad55fe5d3d95de9462e186ad6a18577e
-
Filesize
4KB
MD5ac4b56cc5c5e71c3bb226181418fd891
SHA1e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
612KB
MD5fd6c0c484b6f10a049de6caf93f8174b
SHA17b7b486a0ec4f4045b4301e6447d43a2bc3bac96
SHA2566f84fb3fb9cef2bbbf9526abb2d0c2b96e0a50fa502f28dcb3b2d082e7342daf
SHA5123c176a69deab63a426b790b188687c1166eed63182c11149620582936ba74079f1d5db80df2bd10268f0bba21c4ba0d485f84858ff6dc0c210b2d414aeb4e81c
-
Filesize
720KB
MD599123033774e9aec14c07d1d7fec4f10
SHA178021fdcf4c868c2aaaa725a6373245e998e71fd
SHA256de7fcdad00ad257a95d3bf39f96fc476ff47c028616e0efaceee2e3c152d5b01
SHA5121bde4c0a6b25f846932c12d8f7693539996a5f35646ce0454f8a73964737c5ec811a89711d25565327615be2e5f3623858f69565b8d3218c8510ab3d6f4b0aea
-
Filesize
5.8MB
MD54ce21497709b91e49786b6b58b022338
SHA184098020ff5af2914398834d9cb6de57fdb1e22a
SHA256f1cc2b919a7f63eee9bfb9309cd31d276aa553d50c3ffc25a989ea6710974586
SHA5120cae59e259b784e9f57fe83937bdf90d632ae088c25a294c19703bc3edc6f0a33f81369fc8b4b18529cf574b53d6436ed1c2e351dd92b0921caf10c49baebb69
-
Filesize
112KB
MD53b8f833f58e6b07adf600dd42d6242c8
SHA1329f2fd9371e13f8ac6db11ea40b79b19d9a5598
SHA256b373155d799d5286af7f5047c62a0235fe3c2fa696f21974cbe98f7ed2f6575b
SHA512ab0b2d85cc10cd7712f266327a4351e65c01e8d4a844389d4bea1577aec4ee6be5f0e0f0aa5ae9c3ec5b5a92cc85212bedae9b002f353e17f4fea0f07673b8ad
-
Filesize
113KB
MD50c18c186716ad60665e6d458fe9ff089
SHA1f1abcdb909c92d8d021e5843a52be186fc77eea3
SHA256ae8eb8500d0cb8f30d053cff2da02c10de8c57b522c5e68ab93d1a04ea7a0786
SHA512586f2bf5c10f3458915f4b12f2b26c7061711a0c7a3c4fd0dbf2e77f066237fa6a66c31a69d6324fb6bcd49d46b02896c554e1098e1f2676c8820c54f94fbabf
-
Filesize
113KB
MD5209a5a73a1850e10630362c728ba3ee9
SHA1264342baebeb942737d27d723317dd1eaf2c5e36
SHA256b150dab396720a9b9b62ef171cc69f4a932ca7f91a610326384211e27613d0be
SHA512da7b6ddc771e5bcc91f4b514da31b383ec0176c9d52e99962676aadf14c526289189cb820775d299a3440d700b39491a8785a9d6f3db2942e88cb77e8aebb42a
-
Filesize
347KB
MD5a4b3539b9397b3b9750300775e49e29f
SHA11f73b0b2dc7c97743261bbecd9a6a30615c86f48
SHA2566f6cac2c00a8375df596c64d84bf152286e8f27afbe31be210f45baf55a28abc
SHA512ba8130db84b41dd932f172425b82d2fc9a4ed15ab6adf93e7db290434344f6cc0113681bc0b71ed0371bf76a6f9a2e826c20e8d883f9f58594ec41b40f58b26a
-
Filesize
115KB
MD515227211569d80486263ad61a0b5aacc
SHA1e24cffb301a8df062dfa5ae5e836bcd3aa562339
SHA256cbc160d55f253200df0f16ec33f85bed82c862a306e70283326989f479800d88
SHA512e9b29180ccbf410284abfa8ca1e0cc2554c648ee1e4dcbf055ec0d6f94e4330389997e83eaf97a871454abfbdaff5ab50c4ff9ca6d71ab435fa24a4bce8a33da
-
Filesize
744KB
MD597a273c92f441ebbb96bc07a23ecd6da
SHA18095b68c7225bab968ed8bd91fda78e8097941b9
SHA25693f45972affeb6dd2218d7c884d95929a29a5ca5e8e8f5f2ee28ea523c32c614
SHA5126c0a21e72e4366d4f0c3a538283a52f64b2eda94c02034e3ceb2f3c9147c6702ccc4c1b3599eafb919d61f24bb1db9675e1a05967d1ba6e0716608fbb01d1f16
-
Filesize
111KB
MD5eafd205ad2f4f761e67c33a700cc910d
SHA181b0fba7dbd1b704f72fc362c0968dd267dd0123
SHA256aa9131c22ae20d3812dc24b4ae1e359fb362bbe176ba27a4f78d9aecfb701d9c
SHA512bb2e5ce537834c770f5f6721ee3dba81f51fc23b8e46ffda61f55ce198c6a85a52d1a386b636bb492a1799e82c825281130a1484d95f36ba5563a45eacf58d9c
-
Filesize
112KB
MD5327f800f8180968b248f9c170e33ff15
SHA1970a57d8ffc58707750e1a80d09323c1fbae603a
SHA256b3904fbeb01e3092bceb36f8550d09ea506249573facfbff7c863a1f611ffa57
SHA5126d14f81285ae3d3e33b79e313f3a24d8016ff48265ea4d45ed32492b65dc7a9a4ef9aeb13cbd4ab0638600a908973e4e30dc31693a1d36e095350de00edc3541
-
Filesize
113KB
MD5f80ecb35e32b441d2a3c4dab43302eed
SHA159f12efd39bdcbd76e7bf0d5a89b185e61eb0051
SHA256fb695c25ea376ff1a1587fcac83f274b0778b011038c28f1697dfbff51443d0e
SHA512cf53863a141a7fe42a0c0bc02e62b872d11425d711ea88a7d799e2e8bd2106555af7cccaae56bc213d1d4172a1429fd391bacbde84d0b6715e4c1ecf32f347ce
-
Filesize
113KB
MD5e41dae568fb1e903273eb1e01ea8257f
SHA10734522c7d8e22d039f3706d856e979b3ff8bf0f
SHA256d5ac55770c98bc1fed00a8433f0475e9c05f68edbe39a3bdbd34ff8eea042110
SHA512f0d9552c56b79d738a08ea252cffe83dcaa0684841f6334da476bd3712b207b86f854b9375b449f518017635afd832fe3e2f1e05d16a731c806c4354f3445b43
-
Filesize
116KB
MD57838936498b0c283f41d79d898e5891d
SHA1c3885b194559a19fa0916954b2d8fccc019d5e9f
SHA256636d749132a08f1fe1122da8c030c0ed85cbaa2ce4d010bf152cace7e98885f6
SHA512da89d935f6fcabdacfdc82f064e40bf0c127c848091fefbb30e8fa4dbeba65be3de7da954d02ed1b799b2dbe4bd038fd83b98c701020a598f5b39f5d72df9de7
-
Filesize
113KB
MD5cf7019e37aa07b97dfd221f802b04287
SHA1a09369971cf46c6d30fcc8e60ea47635830602a9
SHA256e2052b4bbb950835cc2c9e3c830bc603b3254d8ae5d81ef3638b0d8da00c8a0a
SHA512b723c447b382e0c411487e0389037fbdee3580969ac1947cb4c6d1baf8656eff69cdaccb97c496a2f4557baa1cfeba54b0627bd0f74a018552ab0aa84ba81289
-
Filesize
236KB
MD50bbc4335c81608611f5d751b4259779c
SHA1532db0a61b6737fadfaeda449dc9abaf90312176
SHA256c62dd1d2bbf7087fbd25bb57bd0e41ee74c1f54cef181debac3498adf25ebd20
SHA512b743a116c16ca249950740bdb28a437c90b1c158316a8c514a37225ef00191f826c18ef98aa889fd1b289c15a0a862d87abaf7490cb3e4300490935e05c7ba0b
-
Filesize
111KB
MD5df79fe574815662b1f16d508eddb8bb8
SHA19b7bc2c15edb0dabe7aa146143788e8173f11de4
SHA25614de7ba6d63b1409fb7e2802b7f507d6f6c2c73848987370a6f3a24ef6e89cab
SHA51290479b72fb7cf615933ac23473b471531ae3f773b753509b61ad808fdd516df2390b252abedb37f05af9c03f8e8bc90cc5eab4253d28960686c86baa2aaab033
-
Filesize
110KB
MD505e053cde59135680d154cb2512f1151
SHA1b0ee6dccdd0ee246bcdb655fd1704f307a19e5a2
SHA256d04f3836bab90d25f2360c4eea033762508283c2186b2cd6cf25adeabc13c4b5
SHA51269d2ac97ef78892c4d41d6f7a5180dafb83ee24527e38e9019cc2ffb7f3bffe506aa18dbbafbedd161879487bd8ad0ff1801e399ce435c954e00141109383b54
-
Filesize
118KB
MD5e7aaaa98b9673743e8e15fe4aa75dc18
SHA12ae9e58c1a377ce19e2632a9ce98deee2e23fd1a
SHA25651bd99e5876afef1c44255156d50fb1cc039a5d9ef0afbdad874a66831f74bf5
SHA51272bd94d1bb9963d54e70e0885a80e9e02eb5f8d467d887612c8ca5a4d7b261c84f9d8bce962a90e642cc127bb608bb198ce9a6f03b981b99d258f2abbb72aba2
-
Filesize
154KB
MD59ef4af824d39e66ac80a7315c8f61788
SHA13aded817dfce97eb3c6049f82f5c1da25b63709d
SHA2562f83fc0e93c21424c3517de125ccf1b5ddb3a155f89aa90a74d8174036b5a2a2
SHA51248eff5d777cd96a980574d32a039976a3fd2c4411b66c446c1bc075a42a153a5e417fa9becfe1e4891ad4a62a7a3b16bece62764fb3e40e6a1a36d33459a7f52
-
Filesize
110KB
MD544843618cabf9e1a1f43f91d0dae976c
SHA1a741e16e433fa1327fa68ae7b5a497e9f7ba8e48
SHA256dd9595bcfbd7611f03f80a01dc66cb2464b0bceb7cd3b8c896596e999af4d85d
SHA5121227fe9ca3e07054a395e5f556fae1e92ae0bebc4785cefda66343110d613960f8c745a22eac28a24d4035e762aa87da09fd98f3e48234c6920c2f20516b6618
-
Filesize
119KB
MD53dfd0c450775891527dd071eae23ed50
SHA1362ff739f6cf8bb1cac42be9bf6d1f310c9fca6b
SHA25674a33180e2cf600147f713d1198a97c67168712ecad40577759985ff96261779
SHA5122b0fac82ec9f3cf16c07a346da923da7587473febe15f17ec246b2b9736b3fe8f4a760f6b08761341a404f355fb6099cd676fb052b970d55461ee10ebd1f51a2
-
Filesize
113KB
MD5bcb34b39f24c3d71ec5400b68164de72
SHA1d5939287b9b9b425f98b09e73644f6301fa4e1dd
SHA2569e60805ad35d88d3fd212a046d96d2e5068727a410231bd0c602a6cafaa6e463
SHA5123f90cfa52d14817386fa47b50e91f6dd001e5552b2afe3af1373e19a028a5b74bfa8725228f7c860427242c011775861ae2b3215dcc8f69bf2e0fba7d7107c7c
-
Filesize
556KB
MD5af7525a3ce5f565cfda5da80a199c88e
SHA1e7eb1547b8652dd4b3f49f6715706d998a95abbd
SHA256c69f9646f3cea5d8707cd97dabbf10dd047722752a9934d7813a392f8bfa9fd8
SHA5120021f1ed4f7eb30818da3aed8d5ef1ca505690f0a1d169dde50e06f91bb4e86c070500898fcfd1b1b10ed632b5f4306a9a329d30ab0cdd676f7d08439efc1e03
-
Filesize
565KB
MD5e055ed92d0389fd80aa04bbdae51443f
SHA15966aed77629b95ea1116a04e06612d57b00660f
SHA256b9ba76d65d949403a56626f12f6e10e75f6a525f98b0f63fe00de1ab8b07a236
SHA5125e18894b793334b284ef0d8d5a7f9ec2e5f7e3042b7e69a8938e4cb60da0515746b98e80c132610de0f0d58d15a4158523590894a38d0db540120b7bf53b56d9
-
Filesize
1.2MB
MD550689113bc322b600c77fe9663ea99e0
SHA1aebe2e8b13d4fd49cbcf28a81b722cf3ebd37fc0
SHA256cb98df435c8a0048998978b770d6fe2c5f59f884296095808f319ded6d6154bf
SHA5121abe7635dd3b82a69549a26ef79e2d3b74f64fbe5da8dca7e2da0cb7e5fa6d819eb837d229854c32eae2aedc51b9366dd09f7ac0662fa0fbc366f06e7eb0783a
-
Filesize
112KB
MD5b431f6f11c6b75bf6da469d24abca16e
SHA1bca3150b5ddd6c92d1ad34eafed40243eada0736
SHA25604187c33f2dd6640814931478245a7772d97e8d4789a37181a86096817e3e4df
SHA51249be4186a80c04adef9eb226cc7a840e245ceb70b44eeef831e02c8a27e7bde0940892d046008e2a3e9f0da31d68c64e54f6e82978e700bec293e354a62b96e7
-
Filesize
119KB
MD5b27a9f48de4a07fc189be87efe94475a
SHA1cc01c61d2ee17c26636548df814b0f1089e5ca68
SHA2566d39cca57f61239b28293dfb9b6157d2700cafd879296c08119fa345700fa852
SHA512393c62a7ae8ba86a9f8722ce193f04320738838900d57ab1b6b04f53456a3817f80a7462adb3d476c948663c0e49f47ca258c89f1cc3668a37a6e221bf2d09a3
-
Filesize
745KB
MD5f9c56b0d23bf4cc2924e206bf678c4b7
SHA195a8d691ebb821641c2e20e646b3f133dca5b10f
SHA256477ce63084992b3dca69a3c8be4f742fa15d4e77de2fec52a26b4d2255c4c367
SHA51228f8ff8f85ac654d193fd8da1733621a3b82958400b7a357a7d203d0b382e6a1bd93bb06ed0675c522f33597b0c823378cb87d1e6e70855245c46888fbb006db
-
Filesize
115KB
MD51b3d7e7cfa28fe1c308cc969ef9e612a
SHA161bd6436c8c8e596f1fa8e1dec609a264d82d65c
SHA256190f7ab2822d012083c38e9365d045e0e17373a558bedfe313eb05b3759423d3
SHA51227bc89fb13c457989bae4842b607fabff7cb23130f191bf246a8ff70174a3f10d3f56ec980ea8a2e332160fae3e2e19953146d0fca414a1c208906b12c2cb2bf
-
Filesize
114KB
MD586f6fbac85a25593f0789c87b2086640
SHA1870c06230ac3a080b49f106671bbe83aaca0b8ae
SHA2560cd5e5d4581e34f76e04b65315a3653f358a3f79fc7e0c8c420e8a6110def001
SHA512e3caf3b638b9bac8128445b358f571a20874efea41baf2b199dee8325682e8781bbf59163ec707d0c009292c12dec5541203dfa97c36bf21a66d4f1bab729691
-
Filesize
112KB
MD57a844469450595b752d99c49402489ff
SHA11ccb3c756926011003386445a9b0cfe52de6d16b
SHA2566b6f23ac25b029a749d9c268d2e81d6e46a67dae9c6834b70ead4f12ae84e70d
SHA512d8b09eac3af9daa465e9fa3ca82228a5179a70a3106b2167e537ca008eba13ce2668480bee8ed3d981cf50c0a1857061fcfebf2c0875c6af1e8a1726b7da40b6
-
Filesize
134KB
MD585e786f07fecf27515f496f2c568fa42
SHA1474da97cb18a2e62f6ff71eb36e8713e734c3619
SHA256008a94d3c346a798b384c6e43e9e3c00efdde873d6ec716b68b0cb4004937bc6
SHA51226d92ba38c15c0483e94a9668f5055fa69887ca158052e006ae9faf6cecb46d152687c2e83ad9525c770be19a2e2784ee9063bc64fb5f1e829bca66bbb561388
-
Filesize
1.2MB
MD51cec223dca2aea2d0e176a47345087fb
SHA1578180563e9d0f1c586e82d6c2a0e17f4db3e411
SHA2560b56719a7d57474683e36e98eb30b137a58bc7fdf015572a08012a3b6051d119
SHA512c4871304b881e0bc7f032f4e2bc4a65eaba4603bc8e94d8556a57b0ae5f3aaddf3b6346ee040afd798456671b6c0cba6f55a7d156bb42f414efe36944f615ebf
-
Filesize
116KB
MD52fc38e0dca673875e1ad7544b34d26f0
SHA10ef589d4638eb98c5a518892d5537bd2f3b9600b
SHA256bb60d7d054e88bdeef84afd6c8366f24d2ce694e7993aa53cb15b21ad445fc93
SHA51264bf1eca88afc60a806fd5d1cf8138e7a122940278cb8b926920c782e4cbf639098748421777a2cb38beb53757e310efd6705513319f80ad94f7bb0712fee3c9
-
Filesize
111KB
MD56cea9aa1eed6eb50224bb0d4d6444f58
SHA167c8c0d836dd75763278396606472caf190ca202
SHA256ed972cb60e5c8f4df220d5de52190bc3aa883a180a7e41f85491977d8e7fa435
SHA51233a6085fbc9c2674245551df44deca74d7683dd2c18d9393a2b6d6d1e469c26b0e48f2a28d7a903011c2964caffa4e7c9a036cf8270ebe4f15c6ca0f562597d3
-
Filesize
111KB
MD57e9f4499bf6e787fed3cea08ec2ddb9a
SHA13cfd761db9e0087c47aace5f50a729ae339a5f14
SHA256ff533fe25d1c7608984d6b5eae9ff8486e60f6d46b16e2384223ee89a873dbb8
SHA512435b31247fec2d9a7374e9452fa0c67459a9563bcf4229630613656e0d69036d9c0b78795c708179be644b15d124132b3a929115f9fca040a671aade345702cf
-
Filesize
119KB
MD59875519e903f1b947cf842a3cda86252
SHA1b5c22e786e3194fb2f53312f902020bf1acf31bf
SHA256d7950907459dcead0f2f9d96446e4492641f4cb6d45cb2abeb2d52dfe7c72289
SHA512c2fde50feec543e9544b278f34996aa1b483871d0a59f8b71f421600499e029dd819b2133c5a0a6e5b6e0e634976e73f2928657bb8833614ae0a8e0f12b159c3
-
Filesize
654KB
MD5efe921b84b085ae1638bbfce05cf5914
SHA18f31677abbe9bca2120149ee54c22b0e535d88d4
SHA256ef03a0bc29d25ad5b564bd3479d9868a56fe845f7b77a45e7c6c5afb2614ce67
SHA512aa2c79b1f4f048ad1e464f16dde5e4efd2d13f54b5b02c3b09c5749a568bfb52a899e77d8b7219998354a2704ebc4267de113da74e512474bb1fb7a1f8b8f01e
-
Filesize
111KB
MD52470b05977ddecfccd859bbded729c61
SHA1ed97f9edbaff842c37a269aefed2fede0de9b630
SHA256272b7610dfb7e4c29d01e727c077680b97386b231c7740680a5f9485cf538806
SHA51201ddb67e470e58946c0129e388170bab916d27610eb870c9aa57be3a1a9df8d6bd8cc3329a137378b237a3ff2c8901dcf8b5044f6964f6bf0e7dba2951c35cce
-
Filesize
879KB
MD5f0c15031440ec0aa24500b8156db0906
SHA1cfca7f2dae4b89e4188f59cdf35f3a7cf2746d89
SHA256cd6c259baf238401e159cf95c74d8b84c90b3ba648c581e85277345dc1a3effa
SHA512c4a468598bb7a38aeab7235d34440b38484c31a70d4ca154e1fcc8302804b57f8f400ba77d31373d4c869559eed26c426aea74c5f526979495bb2031b7125eb5
-
Filesize
4KB
MD57b65672ac808bca7c81e0700562aae9c
SHA1e279f707d5f93cd0449443cf7f70d54a54763208
SHA256e5798e3d8c1af62d997a27bc2fb7333639a4f20e9753cf7a5b0639cd93f96448
SHA5127592be8433d2044e21d2e67cc5905f1ca3d2c05884f99e4fdf4db1aebaabb735ca1d50f6397d02ef2c0ba6e4528ec5fdc4592ef35e0e6d451e0453d5491345b7
-
Filesize
509KB
MD53feb251993721e85cf06337e1d5224f5
SHA1f4864e93507091b4a5f1483bdf882e753a313575
SHA25662c549d396004fc12f5c1a411c5439c7e37545310485c22df982bff4e042a3c2
SHA512cbc6c4c36d24d23f2e1186c6117a499495e43ad8ba92c0590164b3fa16ae07430f24eaa17ee6ff627e5f343309439ec09c11cd45a7f0851cbbfe731f87f7b88b
-
Filesize
606KB
MD58e6ca1afb3aeff069b07883db731912a
SHA1d0676506f2544572db56a29dab89d5e13e5e15df
SHA2569b2ab8aa3cdb502afde0dd929844021b246b1561d1dda2de64cb225240782cdf
SHA5120f4963d797976790a9f5b5f7420c6905b29b9f7c55b11f9494a11073769be0995b5d4413a7ea25d3bfb642f70c6d4dfab0bd1e69141c94a7c91c48a824ea81bf
-
Filesize
109KB
MD5b78022379fee86193ea793ce4e45caab
SHA1765c695aa1adfed4227ab7d8fd502d28fca62212
SHA2569fb9be23e5364190c76e701eb193c259d506c11bb8273806ccff10b957ee48c7
SHA512f14c7fa49645a2e7af3f6c54e8681959fca489ae2baf2dc07786b4eaf0257a88a797def5af2079ad8528b5cfbe2aec8372bcfec38f20a11dde4db381932a3b8c
-
Filesize
5.8MB
MD5f2eb6b91862ee1815f35141ebfbab850
SHA15e94b1b1593d776684f516818e3924f31823a614
SHA2567ef7d5d94adb74a4c481786abd1c89f5c7e88ed4d2fe8a17d73a7b3c2ba8422d
SHA512ea95757cdf6c82cbaeb73e26b28487c705b885e896b1965fc6c79b0bcb07c22432d7be73c1112bcae89d848c796efbfc5e0f55c28d56fd84e580016478ef3257