Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
25-04-2024 14:31
General
-
Target
2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe
-
Size
117KB
-
MD5
dcd9b6aa9fd9f5c3565c6d5eeeedf001
-
SHA1
e235b5e1532ab8dea0712389736124b64c3c639f
-
SHA256
bf71b1cf3516a2ad02efdda83c6f902e7139db69c1035a7e653ed09f5d27cbbc
-
SHA512
149d939a2b9c9c31a562168aa2a74302eb2251908eabda9ed99f8ab099742b181f32f494d664e5104ffdb3e8404d9a1831525ddc93a9826ac30c452c6026c820
-
SSDEEP
3072:gmzm/wcqGwew9jmuv7/P1xCYAt3VQgQrnP/:wocml/aht3uNrnP/
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Renames multiple (79) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\MqkkcwIs\YiYcgIEw.exe"C:\Users\Admin\MqkkcwIs\YiYcgIEw.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
C:\ProgramData\jMIAAsYE\RAQQkkwg.exe"C:\ProgramData\jMIAAsYE\RAQQkkwg.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"8⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"10⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"12⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"14⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"16⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"18⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"20⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"22⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"24⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"26⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"28⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"30⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"32⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock33⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"34⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock35⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"36⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock37⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"38⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock39⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"40⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock41⤵
- Adds Run key to start application
-
C:\Users\Admin\CQYwgAQs\BIMYQAIw.exe"C:\Users\Admin\CQYwgAQs\BIMYQAIw.exe"42⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 22443⤵
- Program crash
-
C:\ProgramData\jAQYwIUk\FsYMIYAg.exe"C:\ProgramData\jAQYwIUk\FsYMIYAg.exe"42⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 22443⤵
- Program crash
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"42⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"44⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"46⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock47⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"48⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock49⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"50⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock51⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"52⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock53⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"54⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock55⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"56⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock57⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"58⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock59⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"60⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock61⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"62⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock63⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"64⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock65⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"66⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock67⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"68⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock69⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"70⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock71⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"72⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock73⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"74⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock75⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"76⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock77⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"78⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock79⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"80⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock81⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"82⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock83⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"84⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock85⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"86⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock87⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"88⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock89⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"90⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock91⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"92⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock93⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"94⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock95⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"96⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock97⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"98⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock99⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"100⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"102⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"104⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"106⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"108⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"110⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"112⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"114⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"116⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1117⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"118⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1119⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"120⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock121⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"122⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1123⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock123⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"124⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock125⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"126⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock127⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"128⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock129⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"130⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1131⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock131⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"132⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock133⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"134⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock135⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"136⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1137⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock137⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"138⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock139⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"140⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock141⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"142⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock143⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"144⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock145⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"146⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock147⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"148⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1149⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock149⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"150⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock151⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"152⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock153⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"154⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock155⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"156⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock157⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"158⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1159⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock159⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"160⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock161⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"162⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock163⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"164⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1165⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock165⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"166⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock167⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"168⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock169⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"170⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock171⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"172⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock173⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"174⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock175⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"176⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock177⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"178⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock179⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"180⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock181⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"182⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock183⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"184⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock185⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"186⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1187⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock187⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"188⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock189⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"190⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1191⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock191⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"192⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1193⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock193⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"194⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1195⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock195⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"196⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1197⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock197⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"198⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock199⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"200⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1201⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock201⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"202⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1203⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock203⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"204⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1205⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock205⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"206⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock207⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"208⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock209⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock"210⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock211⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1212⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1213⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2212⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1213⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f212⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1210⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1211⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2210⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1211⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f210⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1211⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ywQQEkwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""210⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1211⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs211⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1208⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2208⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1209⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f208⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1209⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\McwsoQcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""208⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1209⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs209⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1206⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2206⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f206⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WwoAocAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""206⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs207⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1204⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1205⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2204⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f204⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1205⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gQUQAwIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""204⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs205⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1202⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1203⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2202⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f202⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1203⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dgAQoosY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""202⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs203⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1200⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1201⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2200⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f200⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HAYAIAAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""200⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1201⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs201⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1198⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2198⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1199⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f198⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1199⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nOkUkAsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""198⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1199⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs199⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1196⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1197⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2196⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f196⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HsUYMoEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""196⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs197⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1194⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2194⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f194⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1195⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ogkYUMcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""194⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs195⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1192⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2192⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f192⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qWYksAcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""192⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1193⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs193⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1190⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1191⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2190⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1191⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f190⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1191⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\weUoIAUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""190⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs191⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1188⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2188⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1189⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f188⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1189⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WmIQcoIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""188⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs189⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1186⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2186⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f186⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1187⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hSsgwcsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""186⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs187⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1184⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2184⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f184⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1185⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BQkEQQQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""184⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs185⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1182⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2182⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f182⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\riAMEMQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""182⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs183⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1180⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2180⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f180⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1181⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KYUsYAsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""180⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs181⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1178⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2178⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f178⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ukYoQUsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""178⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs179⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1176⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2176⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f176⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YYcAMwAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""176⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1177⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs177⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1174⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1175⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2174⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1175⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f174⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\guQgQsEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""174⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs175⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1172⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2172⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1173⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f172⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fkcgMYsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""172⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs173⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1170⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1171⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2170⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f170⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RwAAsEwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""170⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs171⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1168⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1169⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2168⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f168⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\juYEIUEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""168⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1169⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs169⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1166⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2166⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f166⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OaAwAccQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""166⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs167⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1164⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2164⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f164⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CSMcQUks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""164⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs165⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1162⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1163⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2162⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1163⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f162⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1163⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iukwUoIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""162⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs163⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1160⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2160⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f160⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WcIwocII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""160⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs161⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1158⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1159⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2158⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f158⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dqEokkYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""158⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs159⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1156⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2156⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f156⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DwoYkgoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""156⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs157⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1154⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2154⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f154⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YMMIAYwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""154⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs155⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1152⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2152⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f152⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\osAYkMcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""152⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs153⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1150⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1151⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2150⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f150⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1151⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CiwkssYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""150⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs151⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1148⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1149⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2148⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f148⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rKkAkMEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""148⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1149⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs149⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1146⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2146⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1147⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f146⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1147⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LocQocUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""146⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs147⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1144⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1145⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2144⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1145⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f144⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pEUgQkAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""144⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs145⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1142⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2142⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f142⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RkoQcEsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""142⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs143⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1140⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2140⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f140⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yqIsQogs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""140⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs141⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1138⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2138⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f138⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aacwAgII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""138⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs139⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1136⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2136⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f136⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UIIEAIQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""136⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs137⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1134⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2134⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f134⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NEMwIIIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""134⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs135⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1132⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2132⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f132⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lmsgMQMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""132⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs133⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1130⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2130⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f130⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lisookkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""130⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs131⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1128⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2128⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f128⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TiEQggAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""128⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs129⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1126⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2126⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f126⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yksQQEYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""126⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs127⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1124⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2124⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1125⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f124⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\isMIoQcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""124⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs125⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1122⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2122⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f122⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1123⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SoowsEAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""122⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs123⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1120⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2120⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1121⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f120⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hMkMEUUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""120⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs121⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1118⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2118⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1119⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f118⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pukAEgkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""118⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs119⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1116⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2116⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f116⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZQwYooEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""116⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs117⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1114⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2114⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f114⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FGUEEsQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""114⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs115⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1112⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2112⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f112⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qgcYMUgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""112⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs113⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1110⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1111⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2110⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f110⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OusoYkMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""110⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1111⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs111⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1108⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2108⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f108⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eUgQoooA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""108⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1109⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs109⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1106⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2106⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f106⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AqAwIAYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""106⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs107⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1104⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1105⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2104⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f104⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\peMoAowo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""104⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs105⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1102⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2102⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f102⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zUgMAsQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""102⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1103⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs103⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1100⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2100⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f100⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PocAkokU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""100⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs101⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 198⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV199⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 298⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f98⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HoYYcoUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""98⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs99⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 196⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV197⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 296⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f96⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aKMowgIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""96⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV197⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs97⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 194⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV195⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 294⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f94⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ucgckkUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""94⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs95⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 192⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 292⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV193⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f92⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aQgggMsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""92⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV193⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs93⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 190⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 290⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f90⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\woAwwgMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""90⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs91⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 188⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 288⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f88⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NEsYIsAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""88⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs89⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 186⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 286⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f86⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RksYcYwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""86⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs87⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 184⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 284⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f84⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LyQgEAkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""84⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV185⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs85⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 182⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 282⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f82⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fYggoMIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""82⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs83⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 180⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 280⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f80⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ICkMEsoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""80⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs81⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 178⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 278⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f78⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OywIUEIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""78⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs79⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 176⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 276⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f76⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UsggIowU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""76⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs77⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 174⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 274⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f74⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mgYUYYks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""74⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs75⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 172⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 272⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f72⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZwQIMQww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""72⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV173⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs73⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 170⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 270⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f70⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DOEAYgEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""70⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs71⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 168⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 268⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f68⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zCcEUkIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""68⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs69⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 166⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 266⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f66⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pOAAAocA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""66⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs67⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 164⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 264⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f64⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OocAUsIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""64⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs65⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 162⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 262⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f62⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wiEcgYwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""62⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs63⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 160⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 260⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f60⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\asQYsock.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""60⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs61⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 158⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 258⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f58⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uGcowkks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""58⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs59⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 156⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 256⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f56⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RyksEkIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""56⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs57⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 154⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 254⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f54⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bwMAcocg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""54⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs55⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 152⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 252⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f52⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tQEsIEUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""52⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs53⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 150⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 250⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f50⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pioUEAEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""50⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs51⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 148⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 248⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f48⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aAkMgIEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""48⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs49⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 146⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 246⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f46⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UogwYgME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""46⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs47⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 144⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 244⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f44⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KKYEMcAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""44⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs45⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 142⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 242⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f42⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lCoAUsgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""42⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs43⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 140⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 240⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f40⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NGwEkAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""40⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs41⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 138⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 238⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f38⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PCskYQIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""38⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs39⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 136⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 236⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f36⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\biQMYkIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""36⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs37⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 134⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 234⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f34⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wmYMUUkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""34⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs35⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 132⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 232⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f32⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QqokUEIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""32⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs33⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 130⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 230⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f30⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yeIUwMII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""30⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs31⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 128⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 228⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f28⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FwkYEEUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""28⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs29⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 126⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 226⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f26⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HmYogwAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""26⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs27⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 124⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 224⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f24⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hkcsMksw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""24⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs25⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\luUYIcgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""22⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GGIMkQYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""20⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KOIMUIoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""18⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 116⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 216⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f16⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MwwkQkgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""16⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 114⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 214⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f14⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LeAAQEEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""14⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs15⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 112⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 212⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f12⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BYMUAgwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""12⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 110⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 210⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f10⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JqYIgYUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""10⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 18⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 28⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f8⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kKEggQEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""8⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iOkMwEMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""6⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oYMUUgUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmEAksAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlock.exe""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3852 -ip 38521⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2924 -ip 29241⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exeFilesize
235KB
MD54120a53c85092e7a36ab6154fae67f58
SHA1c26770883e93a30a8d1c3f59996fd2b5dd2eb694
SHA25652d9b5abed845aec4dfb2d4730ab3ee9ed39c7828189b413f7e1b31e215a3aba
SHA512323c2a779e819443be36ad221fd9ff15708d6fc00d028414c0eed017873debd6fe9746f51d7cf550e16903a17aeb35211a7b1d2967356df1fc62e2784fd101c4
-
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exeFilesize
566KB
MD5d192cce5f5dc387916daa1c45a4d014c
SHA1a144a45952ba7c03750fdeb8b9f08ae7a8cf0840
SHA2565ed132defd90d1cbab5a9172e32784a66381e5f9be5d8787fdca4620bdadbecc
SHA512fe59bedf75fb05981769bac105891192bc6fc58c855b9b8fc91003a7396af247f3d07381cf2269df3537b66b13ea4fe5f3bb7ed3afb691e645507265f3caf3c9
-
C:\ProgramData\jMIAAsYE\RAQQkkwg.exeFilesize
109KB
MD5636c09745e4f7204251667e167d0bf47
SHA1da4b3dda6e17ac6e97f389447b8e8b609f36c4b9
SHA256f442dbdefb202bce67bab1291cd837d36d707174c26bb01bce29d3cfd1000cd4
SHA5125ebf3c6a73ffa098f1efdbd1442597f0a737e5efdd4394fdc20f22767eba7afac11473128eced7aea03bee5db7c66b900becf79ac30fa69bd194f058b5408338
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.gif.exeFilesize
485KB
MD52ad22881d285a98b67ab842183d1068c
SHA1b0c89e1f72001fd8b4b058d557d16c589fe17584
SHA256d2ad0c4c52a62afa0caf953e40f0e3f25536a4bbefbabdae3ec9e08a667c11be
SHA512addc4823582615f9e39bf6b08a291336438b22475efca4592e997b3bca77b9e21ff095d1609e73c721ff28f2600091725b786a9b600d69d400d247c234d514b2
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Error.png.exeFilesize
118KB
MD58d00e369f9895e9f568bc04fa3bda650
SHA1453854e72b780939537620ab6cb58772a44a9078
SHA25632407e29ae9b7d14668b3368ae54bb596adcd6146792831074e4170bbd96a3d0
SHA5127af31949062a36a240859f5add1b9cb6fd3ebe194108a70968f01e96f8476b5c9b459da5f6f89fc90b2b9a49e187379d89a41a986e118191153ca98cff96ed71
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-125.png.exeFilesize
112KB
MD5f8f5862e89ae9ccb2f03ec63b2df16fc
SHA19b6b7d6939e6c65726b89a304db30c52736b1cc2
SHA256e5c2caf6711a183b30562d69dc66f533232131d454615862a1208338b56948a7
SHA51298c9bc1f1f87e51fca91530fa644875e2ad6cac9721fb246cc05a812a04eafe408c826bc8a0e2825eec5b6a32a93fc213a6271978659fa3b1e1a71f5d18a6102
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-200.png.exeFilesize
112KB
MD5c6d3f5cdc842020057fba45380e1ed6f
SHA1ad469a3f08123a582f4160ca2c414cbd255a95f0
SHA256e773d95a20510dbc5d19965548309240552a24c896d2801a50a8b9af23d82051
SHA512c9e5f7098b28c550aad17ad8a2a27eb8483a6dc9d257547c981ea4086c590d021214ee079ab930eebf6d12305f5ca2bd392b9e0e0675eb07b3825d3358082561
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png.exeFilesize
112KB
MD5d2a79745910e1e54e98d7ea0ed86bdd5
SHA134d8341f18257a51291d163dc52aff6a6bd10585
SHA2560b70c833d6fbb5fe1d0b46f081a5ce2b1ecd83e2100eeea7c1f5ea181081f730
SHA5126f0fb89bbeca3c1dde7e273fd8699ed00a87cf8c4841aaaf469cd835b057bd8d32ca591d0c31b085bf1508203a558f1c40280986a970034607ea8093e19337f2
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_dcd9b6aa9fd9f5c3565c6d5eeeedf001_virlockFilesize
6KB
MD58f18da9b77fc5cce760d1a87fa25a27a
SHA1b473bce215c48d30276149b08576a8991e3750d5
SHA256e2baa4c727ae4ae988ac1b38384cf043e2ac3a67767b37a6049e99fe2d1dfea2
SHA512134e1b1e7da0f3e1fa217ea51ba47049b28408595ed64167f05a86e2e1b0cccd9c7d616255611ab50ec3848c8ce1982fdcc4dfcf4fd13d9ae436a906874caa96
-
C:\Users\Admin\AppData\Local\Temp\AAMU.exeFilesize
113KB
MD5db762f3bee37a2d288bf1a65d19db907
SHA18d75cbe605cbcde130d71d2fdaf17ae541140fc2
SHA256a4ad0a220c4746890de9930a3f3274fed5b4f728180438fe92ddbd7dd289920d
SHA51254de012869ff56d88af34604faa890bec2645327e4c8c05b9a226f4fd082d5a0aeb88cda6c671fb19d7011974b8cbad474d3861276adf88f433b7d87b32152da
-
C:\Users\Admin\AppData\Local\Temp\AEsE.exeFilesize
135KB
MD598147096f8aec847d19fab76eca80915
SHA1cff5fe5dcb64802b6f2056672210c3cd5ae6fb20
SHA2566ce2eb68f72dfbb40595f2ba5a395922e0bebb546feb0aedad711c25ff54b2a4
SHA5123790a70160789b269ae12d8dd0c8262e631bca683e151b0ae1e3d8c9ee5a64ff426f8a9b3b8ae67ef8eb532be6342a4b5f0df3df3e48840dbb4e3081cfedf0ce
-
C:\Users\Admin\AppData\Local\Temp\AEse.exeFilesize
112KB
MD51fd6e073dfcb8e0b0867c44e066d674a
SHA1a4701d3efc6437cbffe32fc098dd0954072b5ce4
SHA25605cd8ec271c37aeb387cce2382f3d3c51ee5c5d1122d073aeacc0df32dc59793
SHA51254399e896851e6e7517ca50781e748aaf99197b8f1effeeb41aa985bb1608478f4b8cc5e20da18e2e8c3412c3149b119969281917056126629705995cb0d4ab9
-
C:\Users\Admin\AppData\Local\Temp\AMca.exeFilesize
120KB
MD5e0ad9f3dceb1fefb6f6541f4c4d2eb1a
SHA127f4ebf9f0b2d2f9a6df403e519cbe6c72aeeea6
SHA256f180092ecd87d1e97d36b6f218f4ce3eb6ed405f39ea39da0344f5bc6725da84
SHA512d42d6e4df7b3c685a8000b47f0fffd8b25d2c8f84d30070512a8bbd1a2024cf5fe8ab8b4991cdbe50965791ac2287c95410f393ec7b4bd46cb133845d80044d8
-
C:\Users\Admin\AppData\Local\Temp\AUoo.exeFilesize
110KB
MD5c169379d62cd19f409211cb4842f5982
SHA182d3cef87204fda346d1d7c9ca08e3bf05cdea02
SHA256e12853fa3321564e827094852fecfd3bef87135b995b89d9d3886943eacc6a64
SHA512bd4420141cc917b87790a2d70607e725c925b10549b6e6ee314eabf124721ec84f1020e61aa8da2744caad8c3b26a13beb2218fb1799bf5f40782a6215813fce
-
C:\Users\Admin\AppData\Local\Temp\AkgW.exeFilesize
119KB
MD5f9f95b3920f380e99b39e2f2809260a7
SHA1a88bb811db23da155c715edb36065f8e55a0a354
SHA25696e7498b78fec75a244a388a4899092738a759c39a8fba42d688c0eaa801b1ef
SHA512579d366a9ea9ae62055b210a085b0c6cd7b542249bd46b2059c07cceb475184f859568307762ae438354292defbf94cdbd10f37a0ae34619e6760d53bef7b24d
-
C:\Users\Admin\AppData\Local\Temp\AwAO.exeFilesize
238KB
MD5bfb6572601b25115ddadad70589c65d1
SHA1f067c8fc012f748d59eb1ae94e9d82ef58b4f626
SHA256f10bc7b481155f63ab9aecc9b163c3109480d0c3d0ecac9d3bc5f6da4f1141b0
SHA51273e249bcc91255de4012e3523766e5c4b0bbc5d7737bc154be15bc0e574b081e6ec3c44fca675437c767680afef5a66f664ac3d3ff4cf14f0012854d1846ca40
-
C:\Users\Admin\AppData\Local\Temp\CIMI.exeFilesize
111KB
MD55d79ff955f90df502d2be3f31049af83
SHA182a7ccbc697d6ee8280d4b1966d17e6cad49e780
SHA25646b25b905bd7e0155d657ec9017d80a0cc88ce8c2b59e8fbb38e5e8c258d88cb
SHA5128b919c02bbf3f2ccae5d6ee03c6f381d32e9caae365950548b2dfde61c0ad8d057eaeece606feba1e900a275cf99930e553d0d52157fe85514695b4a2b8cd65d
-
C:\Users\Admin\AppData\Local\Temp\CIcw.exeFilesize
141KB
MD52dc3ac52df52a998d4d48cb52d75aca9
SHA11fde0a9ed1e4aeccd99811a1a3ccf28cd226a637
SHA2564675cdc4f2364c17e5a49882c7f3a0456683eb25e3668baf6f0bd465ba2e6d53
SHA5122dd24433c9e3abfb489d318670f5e40f2ccef469c3a0b043058e89e3f189a6b0f6e85d54f2d746c30c0819f58adb8713a75804d056e713c616b793a913d00069
-
C:\Users\Admin\AppData\Local\Temp\CMIi.exeFilesize
148KB
MD57551b7c0fc6e1708991fd4df1de49bc9
SHA1f3468abff5b639051c435d6bd88f220d0f551bd5
SHA256b818aaa1c9cc58a3bfd56b2ae0975f52798b5a259cb679e30fae856bc0e75ab0
SHA51282450aa05b06d4ca0e3d160c4f0add27c830c9e43f304f56d58c6c797d6645c8c87c5ea3d9eee35c17c878d1f0bad2a4f1d239f87f9845cdecc50f896575e5bf
-
C:\Users\Admin\AppData\Local\Temp\CMMM.exeFilesize
638KB
MD5fe002f300c7889570437107b08bacee2
SHA1f28ac9cc0414a5ac9723de9c8466ab755ed48f81
SHA256648402e284d2eea397b7f58908802eb785c63ea46aad08890668204b953c1c74
SHA5125f0ac769d736c04e92125d9d9e638fcd571a235b358cd2237a4b337e91826744505890f9024e5d79380d16e34f3d8a8eeefbef55813c60d0000c88535c704862
-
C:\Users\Admin\AppData\Local\Temp\CQUS.exeFilesize
114KB
MD57046808804ab50d38485d91ade2827e3
SHA1f7533a05acfa5536e280831c18c5a9493c10b605
SHA2569107839082393f9704eb04663f83ac3d252b447e1696a553701992fa4beb667c
SHA51286dce3a94756d76bf6b29078f6fd2484034bcf4ab9bc65e4bd5e9728867531d197ae5638ddab983f64191d1cba22d19b203c59705eb61d87666d25cc54dbfb90
-
C:\Users\Admin\AppData\Local\Temp\CcsS.exeFilesize
126KB
MD50141ff4c6ff3c276dd0beadd2360a8b4
SHA146f682935e6acd56b3b8773a3a317a9a9423e2f5
SHA25637bedf309c84e8389f32038a5926d4ba5d2bfa68eb75abe68aeb1807fded294a
SHA5128c421e2c3afe09a3b60a06fcd97fbaf94faf887675813f9dc7f98f4a9e966010a2941c20da17a9b116a95039f91ad2d60beaed01e4b673ef494d9b4b33545265
-
C:\Users\Admin\AppData\Local\Temp\CkoU.exeFilesize
113KB
MD59168ebf33f57da75b558f5bd7996fc18
SHA1cf888470920585c2d23dde6342258205f3230fe9
SHA2568e31cc8d13b6bb96fb8752a4e7b1b4aea5cc98c654a908281bfc88a1af2bab00
SHA5123ce59a3de4591dcf0fa7ac46e776a5d2beeee468854827055b617bf426802aedaa369dddbbe4f9cbe89c348d45c83ef6e98e0ba5e7af50bf7b2c36de1b44cfa7
-
C:\Users\Admin\AppData\Local\Temp\EUcc.exeFilesize
699KB
MD5fd31138f5aa0674774584098079fd6fd
SHA103cc468fc3591e255e87b5872ac3dd240704b2cc
SHA2568bf8403b8c33376c460fffbdfb8c8a1c99ef5a93467e93fa7973c50c005025d2
SHA512b983d2bd96691fd2e32d95b2b4b7516dd113d7faa0885fdaecaed992382ccc3851d70e31b282f56ada54e6954fe65395eb0c707da7c10141240677b163ed854a
-
C:\Users\Admin\AppData\Local\Temp\EUsq.exeFilesize
113KB
MD595e61c8d42472ec6cc95a7f1ee5e9129
SHA139859d83291d5fc0522c59589baf67cdead60f06
SHA2560f841b059fe11d2fe976e708cf859aad3ade7ce0bb9c686296752e9f7b516e81
SHA512d3e31c3acc90d9286e7aca231d7cf8b388a332ccdb679e365bf1903b7b1ccc1b409697aa234a2b823d7adb3c89301fe76fcb493b9a3754874790d84ef2c86fac
-
C:\Users\Admin\AppData\Local\Temp\EcAm.exeFilesize
746KB
MD58dd3768b2e9706db2e4bacc8d0059667
SHA12f2388198b490eb3691bf362159b690819ba32e4
SHA2565d70b0197b0315c7fba7f9ad1fb30f8b00d60b38c4ba01f946d456406fb3200a
SHA512363ad838685a5cb801136295c04b27b419bc17ee91315cb456bf34fd0a3affe0a89f8283442f3deacb6b097c411f6a48ca0c79dd4eebf5ec110c81042417052c
-
C:\Users\Admin\AppData\Local\Temp\Eksy.exeFilesize
554KB
MD57281ba4337035b7852174f66b4f2fff1
SHA18dd12764cb6e8b74c953123a928909231c6605ee
SHA2567bb6a65fdbd032862c5a9fefe88846addf6968c6f4ce350befba347084da4be5
SHA5123929f7f316a6a7be6da5416c795feee452e50ae93bc7eaf24a9dc684b0bbbc89f1f3f4a487fb11bee2dd801940bae4e53a43815bfcddf58657409ff637bb94e8
-
C:\Users\Admin\AppData\Local\Temp\EskM.exeFilesize
139KB
MD5e42558f122e2a43c3d48dac51c4f00fb
SHA1075333d7d200e2d9d140b44fe39d33cdc0436fe0
SHA2562016e260614c36db271a0441c4b03221e318ec73977dca1281c66704d804f031
SHA512a6c78ad8cf7f5997b0ed64182b26c8e5706fb19563eb1c0e642061e346a221f07a3e7d00db8aba2cc5f10d8d6e44c4296a0dc70b9415d1d3636ec0fda526af69
-
C:\Users\Admin\AppData\Local\Temp\GAgE.exeFilesize
109KB
MD59f60a452434eb6d8cac716172019e941
SHA1c763cb99d9a5cba7077186099b38b2757c0b9de2
SHA2564ef99dbf7f1d2401d79084c5c77c95b8db9c5d914f160adcfb59db3a01171ad3
SHA512ef10f3fbe776fe449117b5a85330fc7a4f6147465805b8d4639e82e8e7f79aeb816901b78b0a3ef458391fd797d46da58757858da8d5c48335849217125993ec
-
C:\Users\Admin\AppData\Local\Temp\GQgI.exeFilesize
112KB
MD59b82cd4d56a6bf03477246c3931532c0
SHA115a2fc1a28a168d5131c295cdfe28cd6d1b61b69
SHA2560cb999194c4c0ba9ef7ca8cd89989d02c4e3c1432c8ce998f549613a1a2190a4
SHA51237156953ac54b9fbb120585dfbfe6681c0fc6b9fa2fd1354f57dc7fd1a18fc58e1bc59d643b4801b55952d994a1fa38902991912f90eadacec69284d36a555a6
-
C:\Users\Admin\AppData\Local\Temp\GgEO.exeFilesize
112KB
MD534b1b46fe59514d6e66c2eedb5c5ab71
SHA170b530991088539c5c1fde0899298b7451d7453c
SHA256a764116544c5e5c080af7af87902863ce385aa6504eacbaed1344c6bc066e7f8
SHA512c099162b5cbff206fe9e34d01bd8007fed2c8049df9c1b6ca2df1687192a02b3447bc5b82b7db807379e4125f555ea8b3c2372334f426d2384abf697dca4c364
-
C:\Users\Admin\AppData\Local\Temp\GoMQ.exeFilesize
620KB
MD5bfe5743bddbe7fb92ede158ba11e172d
SHA1bd9159b6771232eeb4a11d4c4b67fa2c2266e044
SHA2560a3d6ca00c33df23731265c05452653362424e25579db7333608e8c72bf4c3ed
SHA51294fbf0fc7b8be87fddf3aafe0a3084ee22cd04865864853b1727e9d1dc47e77e979f02f9cd5e1425b55cf559d8977519a800fc724584729fc9840e357274588a
-
C:\Users\Admin\AppData\Local\Temp\IAMk.icoFilesize
4KB
MD5ee421bd295eb1a0d8c54f8586ccb18fa
SHA1bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA25657e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897
-
C:\Users\Admin\AppData\Local\Temp\IAoy.exeFilesize
140KB
MD513409dbdf81bdc3cc3e2da5a9001a704
SHA1dbde5de1ce09d2d5d14fa8988d76f7b6b0b852e3
SHA256f571cc332b7c9bfcdde2ee62e98284275945dbdc707945fe2b3f43376b537ae0
SHA51217ba1c6432e7ba29622a70a5a3a706d3e7b1485aeb24d42a499850c5710b8d0e69b1b5aa14b0544103c56cade95884414a2278e0781353596beb272463755c5b
-
C:\Users\Admin\AppData\Local\Temp\IEcY.exeFilesize
119KB
MD51a2f74f263b9c924f63220f9d162dd6f
SHA13edc5146812f0640e651c3e298676e4c517d7a67
SHA25648f5e04a792998fd211a858b3e6e42f5edf7892d5dc5b0062b4f7d26de728a8e
SHA512a2f908ad09e89edad4fae561ec6adcdfbf05f743a1b1f03afe8f2fda49e3658d2a6b57d855473478f5eae6d8fb5c7d703190d3b6941c15a6fcc971392b21590b
-
C:\Users\Admin\AppData\Local\Temp\IYQM.exeFilesize
114KB
MD56e56792b5c00061333946b56281953b4
SHA147393dc9561b656bf974430415c00c143defd499
SHA2562ee9a19500f02d7310495b3e9df1fe4f7cc9f6272c99d8cc3bbf050065c55040
SHA51220e674b9a9d37fe440c6a33b5adb0e48ec8563613b0956d1fd04ff5b92498a5c1fe3cbd6874365a8354362826ebeddd53f6f958ff69e5820c3ff768466bf69e7
-
C:\Users\Admin\AppData\Local\Temp\IcYi.exeFilesize
111KB
MD5504a81c296493a4569dcaf42ea04f7a4
SHA1a1beae7aeac8bf9eca90b6ba7b8a027d1d7bb6e0
SHA256692a3f86e2e14b62ba346a14f9f08b1e4b7ff13d25cdde7804b9a6e106e5fc43
SHA512b38ee870ecf683d321d148b0f9a6a7eaa8488e8dd956b52313f19a3deb81c73b4d08545c030820c7fc2466c004cfa96fd86903e8e2291778d52938cf16a3a72b
-
C:\Users\Admin\AppData\Local\Temp\Icgk.exeFilesize
118KB
MD519fae2f888d09906753c77812a276395
SHA1426faa84b7447f8cab011486678130cf1ea1b4d8
SHA256c2a323a56378d15ce399ffcf074c20de531601805e25e3171aa6835225021b9c
SHA512052088eb9c29320267605ce6fa4d770b49f1daa14fd97632f601a8a330656b856505d87d38eda943ee73dbdecabe93e3a42bda8994b2ec0ebb60d6482a83ff58
-
C:\Users\Admin\AppData\Local\Temp\KQoc.exeFilesize
109KB
MD5832c2416c1017e9df7c800d89c13d5b2
SHA1e8fcf95111e01fdecd24ddb78430ba4a63378e6d
SHA256e65c1612ebf092db5b031c42712bc48395d7de965c0f95926adfa9753728f934
SHA512175c6688054c8f7dfe819494212e4580bc499ce85fc39980d9551e59756dca3fe3091d2366423f4601d28064d8a3a8332b5cba792f96ac5521ac28dbd59ef545
-
C:\Users\Admin\AppData\Local\Temp\MAse.exeFilesize
111KB
MD5c6a026d45d8de1814c891518427d121f
SHA13d2c4f5aeecd7b0bd8f99c824d05355bbfb68878
SHA256a7812a5a9932cd3a16a7dd674dbc97a1746504cadf02d851db900f775aff018c
SHA5127629862aba86894878843a700e8d67ef7f2bcba27bc2e87ed00690f2a1078b3e366dbc96d6a6be80f300583ce3cdfdbdd1cd1efa17a5b486fca8ca27c6969505
-
C:\Users\Admin\AppData\Local\Temp\MkUu.exeFilesize
744KB
MD5d55d0d6e5d1fe195fa48d79ead560279
SHA1e4141648a2c80a3ebe01416f4209ff1b89e83840
SHA2568b6259b6cc238c5d9d4ac57295e5e1edee87faed774d8d97a57f11eab6b1356b
SHA51264fe1319fa3c6088bca47db1ebb066c89723671fe222bf107c65d4dde3f9c838383839a45d45b17164e0529b10f307d08bbbcd135aea39dbfbf432e19b540498
-
C:\Users\Admin\AppData\Local\Temp\MoAc.exeFilesize
349KB
MD57f671a70ff1c3a7f4e00df2bc0884c63
SHA1ee8614ac00a299a3ecd993dfb86372f1712d30af
SHA256c20b8e5b7539762f50f1018bfee7c481f6dcbe41b175eea0d607e1ab4064e5a6
SHA512e0066877deb56ce33513049a4fee9ba9b69a042511cc11fcda67c86d16a4531922b4290d6222d06b20affbc3269f3e6540ed438ddcd6d7f5575114b71f3c792a
-
C:\Users\Admin\AppData\Local\Temp\MwgE.exeFilesize
114KB
MD57629359bbd453c96d16858331d4a9124
SHA146ab700c87b9c456aa8ad7dc8085d2e1076725d0
SHA256282cee725f304ef0bcf67ba68939fad2b1256717b783886537401e04567bfed4
SHA5122c4f562fdb9a0497fc1b42d15ccb872af197f6e37bce360e49c5d8236381fd6056aa5cd9853d8e0b9fafe295938b30e2a4e79beed620220ba041a1f449811bef
-
C:\Users\Admin\AppData\Local\Temp\OAoQ.exeFilesize
110KB
MD565ba76e259da8ed1075029fce9494fab
SHA1e806fb5235021a9b2328430758a088c9b32f245c
SHA256236a8e0bdab33e04b91680e4ea68be4ad09a212202f0db1aec3f424bddba6618
SHA512e0955c7c13af509caa10d38b7de60fe6f29495efd3c9ef47bbfd5cdf54802db007cf1dec1c78ade653fef22a3c97fcda91b7316fa852408e60a4589a014387a7
-
C:\Users\Admin\AppData\Local\Temp\OIcE.exeFilesize
239KB
MD56f53ba41c59f18d6ad56acae78c61c1d
SHA14de46b61f5cc2230dd8c8fc05f98489048f42f17
SHA256251880ebf50f4931f6c634c9d03a71cb888ffca1f0cf5950b1badc9dc9da1635
SHA512bb8259c8415439255b4d2b09101a122a9e9375ad2ba1e067d8c27b327673750c057631df2deace5dbf3e01e34336a8cdecd23b7c357d1d6716eb052bc0c3a45a
-
C:\Users\Admin\AppData\Local\Temp\OQog.exeFilesize
894KB
MD571ede010a23c39039dce2dca5ba0bff7
SHA1f4e7d17002166547e3a629b77e1579c2c47f3cdd
SHA256a6cb87e3fae39b8dcc8ac0ea9ced66dbb218066f04c1e1dadf7d0029861249d8
SHA512736adbb7bce8d69ca01030213b46fcc1fec1f468a8e7187658934e74bfd198462c4b77293df518150f4bbd4a4944da398fbb0e0fe2480d659afeb814bf5e8758
-
C:\Users\Admin\AppData\Local\Temp\OUsA.exeFilesize
111KB
MD5647ae8def79d6ca8682dc81655acdc3b
SHA12eca88cfbc97d87e074a10482b68559633f0a459
SHA2561e6ef1789164129d4d0423fdc009ace28dd388cab4c7f0335bb5d98c5059bef2
SHA512cb7b496f99a7c933968188d8b39e66b89daf1d1ea5eae7e32f54c55d675538bd409f9ac63f71aa43df508ee81c8f011bd169c49beb90d6fadda99ee299fa7051
-
C:\Users\Admin\AppData\Local\Temp\OkYM.exeFilesize
719KB
MD577974a4b728c8af571285555d112087c
SHA1e4752034a9cb58aa002a9d95efb00e89fad21c85
SHA25658c44dc067b1cfb6199f1340c30b2bf6a50aee61514c6f3e7fff1ce290bcfb8b
SHA512d2f09390fe069f559b79b220d7b4f1e4e91970fac6574da0f00ea727032cb3ba1d0bb29632e4d4ee1e3d3f3df804080b07fabc1d9eac138ad8036bda6690cf57
-
C:\Users\Admin\AppData\Local\Temp\QMoY.exeFilesize
564KB
MD5e41eb377163b6d82988ccf711a939981
SHA1b681cc58dbacbdfed58b66d09b4644abe4c8bd3c
SHA2566ddb9ccfeaa5b511ed264cff2f2e7e99e2adfef5ccaaaffc4face4800b1e0bd1
SHA51252032eb31a80900a5f416370a7c2a55e42199c7e9223a773a28d89b30ca69fae8f8afc75567bc72a24cc03d8483babbdef0a4b1cf9a311f880e9d29311a72b6a
-
C:\Users\Admin\AppData\Local\Temp\QMsc.exeFilesize
112KB
MD58f0270b499d86c9fbef6264ac7a90f0a
SHA1c5842fe8f49f44e3643bb52c926554cfa4e6f887
SHA2568d231b49a3cfe953c235c819032e0a51bbe8313d556ff29af5da70baa195da34
SHA512d8ce50a80f6dda3739c2d66de432d012172aa8d765c5b9d26ae7c5ce11d181adeddc599fbd4a676094194eb977b73b0e2a418a82eee8910df151c392874fec4e
-
C:\Users\Admin\AppData\Local\Temp\QcgC.exeFilesize
699KB
MD5766b2fcde6cd996ef5ec5094b1d82459
SHA1030c6c1c364641115482d53d53267546f659040a
SHA256b705fd09d9657e4587334723b0bdfcda3838f086441d1841069c11bc20da650e
SHA5120002822d8108552ff49a80a532cd025b1941029597cfc798f0f08762577a9ca8b068bd5c3e487c303362a0d01be0154a5d2371a29dc7a01d0e703bb7e376feff
-
C:\Users\Admin\AppData\Local\Temp\QcgY.exeFilesize
111KB
MD564d90aa57bc1ae78413629666054d07a
SHA1dc5ca92882b95c330d748f2b53b9520ff25fc735
SHA2560ae5d33963070ef19edf7693c1ef4a28671e0bee4b625010634756951c8862cb
SHA51227927c84babf47f784e6d3df3e01fa6c17ad97efa37a448c516ad64c575f761be6f06e071ea880f2d4b003d21b063be381b590ed71c666def7369a9917b3eb96
-
C:\Users\Admin\AppData\Local\Temp\QkcY.exeFilesize
117KB
MD5e11bc311ef03b1cff0b93876a2c0b134
SHA102993beeb4fa1183b2a06f12e6bc1613a4835fc6
SHA25677412a78101a5d58b2a22bb0494e46a6dc3cc6de24cdf3350c9368fb40171b3f
SHA512ed6c7b426e795f405190743cc765c4adb9dd82c9435706f10a4a9f93d1fdcb70e5bfbbca523952917d9f2ab20f0779b7e6db2bd989723118123ae124c37ed4fd
-
C:\Users\Admin\AppData\Local\Temp\QokQ.exeFilesize
110KB
MD58091a405f70292aecf3b4eb0c951f8fc
SHA17cd9a3a1d28e0f7631cbd3b20ac00cb9f7f3e4f1
SHA25618b04ba42487be8d7e22a8b1029579726c91ff0a5094f77c778ba5e809f99bbe
SHA51273c54f7e6db89d2febc4c88e5c453e8233de1a5ea77259d5a4cc2d1062f9581b71a2f307018fc0aef70f1f496cc0683162c3ae8eb118e447a4de547fd4c4c655
-
C:\Users\Admin\AppData\Local\Temp\SIgO.exeFilesize
721KB
MD5c81b48346aa5a67ee8b354183571e815
SHA1e56af35d9de5728b1b125fb2777201a3981268f4
SHA256471adc487d275211d46583d7acca189a9df7bb46e9d5a4d587ff077b7f3d6925
SHA5129ae6aa28ac0fdb2e84cfb1678631fcc729c7de753e178bb9a3496dd8ea972253cd967a7c12837881014b7535155155136d9e18e41ccaba894b31eb0f778ad011
-
C:\Users\Admin\AppData\Local\Temp\SIkK.exeFilesize
115KB
MD5e63c3d6d6f6a6a8a6d4a985085b93e48
SHA1967a3b5fc3366980f8ee871dbdcb21fd07412e49
SHA25646bff8bf75f11e77df7774eb6d0aec0b16380ba6d40af12ee86b942e59319017
SHA51219e03065ed16e9ae9d04814a469f8cefedfbda1928c0c22ee138ffbbed9c15915ba4f8e7077b61de66191fb75786501bac9915de9a83926491d09f3086651a20
-
C:\Users\Admin\AppData\Local\Temp\SoIq.exeFilesize
556KB
MD55bbe9411e608481aca9b8bc144048e81
SHA197e2dcef8cc5ee23f75915360a9509f8b2f92afa
SHA256c9620893bf1ec2faf14a5d811ce5bb2bf00278011bdf61d2939b4b13167257ab
SHA5123518a7b33e29860aea59f02e13773ae5ea8588ecf97786221883f06c20da0704884d1a36d289a1036fb6b26bf874f36a31db813841586879c507c88a13777978
-
C:\Users\Admin\AppData\Local\Temp\UAco.exeFilesize
111KB
MD5c41fb35d15220bfb4607e27874c6fd47
SHA1ffd747e19807b2f2ea1876ff780e4c4d74e965c0
SHA25679b6e4ff27b17b16b77d2118260edcd01ce94ae6e9e0c5c7f5be7249a53ff98d
SHA512caaeee38a2119f268abd6c60aea0815d4e0f4c8f88b9c602f10f6006113c656ca7f9f36e7b54d2db54c5f7ca3e864321b0671194cfe4e35ef2e5cfb88963e959
-
C:\Users\Admin\AppData\Local\Temp\UEgM.exeFilesize
120KB
MD55c28b364647e5e0d0b8d5092124231a7
SHA1924caabf989c55228091fcfa04a572b0a8614010
SHA2564202c0750e195abf6956bc96a63ba85cd51b1da70183b94f2f57bc1922700dbd
SHA512ea56bd226f1490beca93891e28f06a8e7cc48acb70cb6f205759fbc72c63bd706021ab46c8a98b7a1acacb94ef835bad12ace2674667c8bbe712eb83806b490d
-
C:\Users\Admin\AppData\Local\Temp\UIYc.exeFilesize
114KB
MD50e86a16527da4f9d31ad4ce81a2965ab
SHA162637b01dbf5ef3ab915b43ade65b1cdff4cb134
SHA256c7ca4cfbbd1dde2c3000dbab76bbc5d9bf3d04f4fbb333f92c5d807038b49300
SHA51215bd4eb364419d8bfc0159ba4f3bd5129d626e5c13ef0f35cd322944d6d16cc6213fb802cc24c508b3d76d75a24b22f35a73504896fc57c6bae0b203e3f0ff04
-
C:\Users\Admin\AppData\Local\Temp\UMsY.icoFilesize
4KB
MD5f31b7f660ecbc5e170657187cedd7942
SHA142f5efe966968c2b1f92fadd7c85863956014fb4
SHA256684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA51262787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462
-
C:\Users\Admin\AppData\Local\Temp\UcwK.exeFilesize
821KB
MD5fc85982de857174d80f08c5d97c24a37
SHA1a3c134bf3b2a31903675422c578842376f492193
SHA256c1c8d85d394694d87382b96928c0bdd189c0539d86f7349248b37640b9c0ff02
SHA5121c18dbf8158db7b24f492fec423f48354ccc8974553857e60e8e7f2df416e266911087466f160cd2518f11900ef1fade7b4f0b23addffc28f4c0b4072d2f5e4c
-
C:\Users\Admin\AppData\Local\Temp\UgMg.exeFilesize
152KB
MD519a37a399588173ae1fa21e123acddd3
SHA1a69aa0d4ddc5e46eb3ba6a8a826dbe2353d9ff57
SHA256eab55acc2468ab50c156b45ae724bdb3dbdb31a3da6f4c303a40bbfadbb1e793
SHA512c4d1472b7e33f5bb66e8396180ce4b80fb6c79e792fa14bb2d6c039594a503484c427d81789767a345ace0b0ae0bdfb3a8c3d5e65791690c9b228498e249d8bb
-
C:\Users\Admin\AppData\Local\Temp\WQAy.exeFilesize
110KB
MD53cbcc2b6584c5a5a4d290bcb73232ca5
SHA111a5c9db606b6afa1b8079bdd9beddad3e84c35a
SHA256c0c40bf7ce80ea2cd791efb9921b55a1065a65a4ab7b53a4eb1c781902ddf15b
SHA5127f5a4498de8c81d043381586546fb6ce09e5473143091486e35660d4a979ef564a7bab159d8aa2525f7c2e18cf3421b03c52cbfb7b891c7c18721dd991ce06bb
-
C:\Users\Admin\AppData\Local\Temp\WgEy.exeFilesize
119KB
MD5f7b8c2b06e69d45b54c78d81dacf92d1
SHA1474c8ac6393ac59480d361a9cda557a1c157aef2
SHA25655344a1ea93666c2087d497fdce10da76fc1f686abc142d485c4ba7914a28260
SHA51204aadcf1953adcc34deb4cb9741d9934b7914e18ec3d5c26cceee4d1a9a9bdf71151e70a778cd824e19713f33405ac2417f5d9fbec0e281bf27b5b455f8ba4a5
-
C:\Users\Admin\AppData\Local\Temp\WssK.exeFilesize
722KB
MD552773443acb683dd312ddd2eb3a9afce
SHA185f7036ccd67f0c71bbbbef199362bae66a52217
SHA2568dbc466cec056601727fa68282f7ffb1e78d521f920a48bf2534d00f1904e679
SHA512aa908881fc0f6c1c7be996fd78da5664c371337cec952141fd2c51d57cae8b8e17338e1123712a856dbea7922f8ec2a8052c897dc94a2bfd0ce29fa89cc3cca9
-
C:\Users\Admin\AppData\Local\Temp\YgIO.exeFilesize
118KB
MD559ed6844c1afd02bca7463ffb62d2436
SHA1ba647cf248ab0a9dfe0d9e5a942ae6633c19dbf5
SHA2563234def7c67e58a6b23b525e7bc05090742085258137dc245daf786d26ef19ca
SHA51205b4790737980dd74be81c058ebac1e73af274801ba043bd0b651bf5c2ff35351d5bb79523c5061e87d91adf70df96730b89f3a776409586dea053c1089a3c58
-
C:\Users\Admin\AppData\Local\Temp\YkQY.exeFilesize
1.1MB
MD561180cff85e0f0595d2dd8fade09207e
SHA18de9ec0b7fd8816c94f7f187f415f090fe8bfa66
SHA256e41759f0a8a7dde6408ccac0561378f83588bed77a3f7fe232785a5921a77f39
SHA512e12eb4b97f25a934d243d0d34e68e8004f0ece6471555ff2e5c6f546cd78adf3a94c284135ba24fddd1dd39114fc6548055432287625aba41615ae786b4749b4
-
C:\Users\Admin\AppData\Local\Temp\aAwK.exeFilesize
899KB
MD5b890e747bccd510e494dbc86141a28d4
SHA19d218d0056ddf09d25282a025c1c7fa5b3e6b423
SHA256a217c106cd816d07eded6a4a00111a1219da950e6af8c0bda0efae295d99b1f3
SHA512576cc9d722f1b8ca734cade96dbafbf43d0c78922a8b8090f888e8cbab037eee702e55ade8f2c0839e8443e7188391dd4078f3d6ce8cda191af62cca30d5ed56
-
C:\Users\Admin\AppData\Local\Temp\aEES.exeFilesize
140KB
MD53fbfc3163e0e0d7912c708ef61aca101
SHA1841390f49aa0114b06f721c0ef1f22ec3149fa5d
SHA25679ae628b3dd215fbd28294f6d8d5d5964af711ebb992e8e412b1935d290f5990
SHA5126b4d9f558072697d437764daf55dba57bf4446ba6a560515accf702af396e47064527749e81c4c9d8b992d6aa564b3ca929644ecca8f19ba5ce7c63493ad838b
-
C:\Users\Admin\AppData\Local\Temp\aIwE.exeFilesize
153KB
MD5d7a14a018b8dbf72efb7e29155bd54c1
SHA1f9b36c27ab0a1cd7470b13d568f188f96b81f182
SHA256ebe1a9cb0b3d1683f3a92f12a7f3f9bf0a9958017da82bd49bd193a4b2c5aff8
SHA512a16c6fe7452f9a9758628514260879a3900fe964155c8acec41fd7c5dd8b98f4dbbdbc79126af1b54e76e37b49f10dcd93855a779ff2c5037057ca3dfec2102f
-
C:\Users\Admin\AppData\Local\Temp\aUAk.exeFilesize
111KB
MD5afce9c81be92399cf54b123f48a1aaa2
SHA1ec80cf3d6fc0a9b0bbf15cf5bc33aad431744878
SHA256a7942270c7972a60488e2e20f370596dabf6c05fa4fd07467942b7cb644b47ea
SHA512e0d5a0c34964308ab6f55c1cbafb33684059f5e7b3466f0137cbffccc8234642e77ae60bdfddb8e03056438610b556fd920de9e8a0bc014e156a04b487e447fc
-
C:\Users\Admin\AppData\Local\Temp\aUoq.exeFilesize
110KB
MD5ae1123aaea025c9bdca4acb7da1af50c
SHA171aeeaa6f28f80c4f775de596de7373bf29d5978
SHA25615ed1d2ff0ad736a8ec45c41226fe2f8c0827a9a50dd2483b3d21bc97ef1535b
SHA5129571bd0fe17008c54f3b5f1a898196a0c075975112a71cb3d16866fcc88ad09ec64921e28d2b024df50123a9660bf7f5b584384f32a377c5b9b505a997995afb
-
C:\Users\Admin\AppData\Local\Temp\askK.exeFilesize
116KB
MD5b948f23c9ade6c94e29351ee1fde5b9f
SHA1c55439b6743c21f5bf26ccf80a2be646069c1e55
SHA2565cc8763de06d292d97ea4d1fdd6886966bd3091072e66b7f4eac3289d3027acc
SHA5120a21835ddb291f66d583413f3b01810ed1e2ef843752b9c69578ab9b8da3b7a79d53a4577a8f757836ebb31f0fce6a2d69f993761877f4527424d610ba9ff668
-
C:\Users\Admin\AppData\Local\Temp\cMsU.exeFilesize
111KB
MD525c711d91053a983737e3ef52d4e5b1c
SHA1278ec68087daf4ed6a6a33e357248695ffa29023
SHA256a84330e5e20558ddc82d7b6c1b3fce01cb771a0a2e30e2b20f459414f26982cf
SHA512619630ec509d2706af56681c8235776ecaf980af22a32e581d9e7d442da50d220f86f04fe6ade77f53693b436d9722ffb5ea7de1f33de4c0e78d70e34154e7c2
-
C:\Users\Admin\AppData\Local\Temp\cQQk.exeFilesize
115KB
MD5ff7936c28968ba168b3b752ed4c81bd3
SHA13489f46e8679a13dcb64afd80042d5b0e00bc8ef
SHA2563064a12723354f327c92dbb321f8cf5d0fec0ad6ecbedfdc30886fc4fb87cded
SHA512976828b214d3884144a9d9ede5dd0d622f198fec0d71c8e35a3a10fbeeb268084d91de967ab4b8aba494fe550fd9f4cb2c5a05da1aebeac310f6a6f8abbdbac8
-
C:\Users\Admin\AppData\Local\Temp\ckAY.icoFilesize
4KB
MD5ac4b56cc5c5e71c3bb226181418fd891
SHA1e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998
-
C:\Users\Admin\AppData\Local\Temp\eokc.exeFilesize
111KB
MD5218d2f82716021dd6f4dc6131be943aa
SHA19f283a25d3ae21f74df4fd6fb81736614f5f5161
SHA2569c944e3a61d8a663b03a269aab060984f07857795535ca5035fbd722281a19a7
SHA51292e373aaeb390d4bb1b1cb826cd227d778c4e866f5d3631535e59988607cf95442ede88699a56dd31079abe261378fd810f122d4d367ed9fca9e7eefb7b094a4
-
C:\Users\Admin\AppData\Local\Temp\file.vbsFilesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
C:\Users\Admin\AppData\Local\Temp\gkYY.exeFilesize
112KB
MD57c0c370c0f5754a19b7ff1ab270ea86e
SHA1a67be5ab905aff35f6162a3c6ff7dd7c83b55d63
SHA256ee2e976eb2779a33fa8f37da35a79394bfd5d07aa211ef383a08af68f83440f8
SHA512d691a7ce89ec215a2889e83fbda037d35c81a46a5bfbbc67129e9cd4961e13b2386ecaa4fa1db2b1b433f038f4ffa7de430089af9dab5ea3bdc625fbb979fab1
-
C:\Users\Admin\AppData\Local\Temp\goEg.exeFilesize
115KB
MD5a0effc09396b04b2d01eccb1d476fb84
SHA17e6045f23db224caefb3f37927d9ab9a361c6e0c
SHA25674bc74cbb67b18f5fef98ee601045725ae914220faf8133b16a730c21f35bcf7
SHA5121667133fa0a56daf02ad88823e3f5ab7d443d15c1bbd227bbaff8d9c79c8bc4ba7739c63fd8a4d1cedfadebb6b4b92db86fe00ab14aee066a68a5e8ea03c9240
-
C:\Users\Admin\AppData\Local\Temp\iIQI.exeFilesize
118KB
MD57e6790633a9af33e13e70d855ec6d3cf
SHA15814b07acf308a233ef3902812733e68f2e099df
SHA2561345bd009f28db764a5b11530da6f770f981ff3773bf8517af46bf8711f3558e
SHA5129bd1a6238d1d4311123d1ed76be74c87b1cebd9ff072a61e98ca7c1ea94209e9b1bce520664e59ed414768f2b4ec32ebaa556ba7df9a91a3491ac36b934cb52e
-
C:\Users\Admin\AppData\Local\Temp\iMEy.exeFilesize
1.7MB
MD584240740623ca4362e736f99a5a596ce
SHA1f309b6e7ec1e2b540d739796a69a834e97686f8e
SHA2564151e9c9145339cc92fdd8aa47a58c03203fd39ed656b1c9b87406896aa1df96
SHA512395f5bb2a1c0f5ea137d0d4ff2ec83cfdf3377432545d868395f8771c09b8328d62de045fe3215f83bea349e6f54f0993830c69762ee7c8db1754afa3a02eae9
-
C:\Users\Admin\AppData\Local\Temp\ikkc.exeFilesize
110KB
MD5dfd19cbfbc2f4f75b2bc2e011b661fd6
SHA13229903117a6f0cde2ab2189f4b91f6ebf8143cd
SHA2562ea8e419dd6a7931912f32bfa7414c5d9b37f6fc43bf20a27b4ec90b93fe578a
SHA512c213c72941edcb79b28f19ae414fec312dd678521df0647e621f7cafc9e1159fc959a4c2f4048d716fff86ad45969500bfcc7883e6bfa22da32b1d859cba9c1e
-
C:\Users\Admin\AppData\Local\Temp\mIMi.exeFilesize
111KB
MD5ecf9c65c41c000c8e59b88d585d6af7e
SHA1a267130385c849c92cbea12c3314dfc918be027c
SHA25605b540208bbd36cf620be3c7bca6adb465258a60e017f4ba49dba5f25fbc6489
SHA5128fa45e48227b137e32ce170a59d66353cba4389b1317a28ebbd6573644235fdfef555ecd7e904ae63a735f0a31d9459a825287383bfbdb92ac6471b620a6bd7f
-
C:\Users\Admin\AppData\Local\Temp\mYsu.exeFilesize
1.0MB
MD5479b182524316d36186e3818d61b911e
SHA1338270629a1589d9ca947ca97892f0a79bf0dae4
SHA256f48e4355f3b7d4a9d3058898ec5a989b75f9f93376954612fe7c67595fbde460
SHA5128072259b91a85ec6ed7d55beb934c602ac865b0d4cddf37d395b1c8811283b492a6e80da44779bd20acdfe367051a8a9a517275c5bc5ddba82a756323dcb4255
-
C:\Users\Admin\AppData\Local\Temp\mmEAksAw.batFilesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
C:\Users\Admin\AppData\Local\Temp\mwQS.exeFilesize
116KB
MD5cedb52940208f495ce7a966ef35df5ab
SHA1741f9cd93c49caaf0950b640cd2d3f7b13c9c85a
SHA256366821593a7e3f94d226fc1b49365d75e86ab597d4189249f13a17a7355a5ba8
SHA51222bec5e2674ef4275000e88a6044fbb75a01f9db90d73998a66e97838e3f684c7fb67ada9c71002c10e895718a03fc7cc2c882de950919ba84c04f2e65b1e092
-
C:\Users\Admin\AppData\Local\Temp\mwgC.exeFilesize
111KB
MD5ff00b2f7ef85df4f1b63a681425eb1d4
SHA1b55d81b41627102e9ddfddcdf4e0758fcfec35ad
SHA2563396eee3e7937a7d772b32a3a2fa0bf3be33d96a04b520ab8274225c8a1eba56
SHA512912098a8b086fff33f621856fa277dc59b910ab591dd884b1c6fc18e387d3bd06c43261b94be1a16dd4ab8dc34aa2696e98f957a780d385b74905ca7a9115af0
-
C:\Users\Admin\AppData\Local\Temp\oIUa.exeFilesize
564KB
MD5f34ac4f126741f94e6e884b3fa1ef6f3
SHA139091975ddf0029c0c837e1a44893556aec25a14
SHA256bf2520481cbeb1b7fd79071d3b828f9caa93891841c48e9db1b83492889af0d2
SHA512bf4c6847e59511fe3dc34904718b716f0efc70a56510948c6527d1b877375056c0f347da4ddcbafc337ed3021b834687d390e647634ceb7e877871ef11a0f23a
-
C:\Users\Admin\AppData\Local\Temp\ogsq.exeFilesize
113KB
MD5152bdfa9b69d691e7c6bd27782a7f83d
SHA192182e52521e16484f014ec1b79fee14a679fac4
SHA2568708fc2bae46be387b793c2c41f9f30d65efa8b2f08f6a33388c38486bbf3451
SHA512605947603c24640b1453daf2fcda22322efbfc79f3847242ab3ab3b9ab145ed388711e559f0f62f6441fce6ba31ea9528afb641920fe6af05745a4e09b7797ee
-
C:\Users\Admin\AppData\Local\Temp\qgMm.exeFilesize
112KB
MD544bae94d617d73636aeccf36b337683d
SHA1f3d6c1dcd278528567dba467d4fb4c4dae21548b
SHA256d8901063e79b7f7873c812434b9280cdeecebc9cbff9a9794c00220df5243733
SHA51233023c04b1c00c486a5bb8f5fa0a9bc1b4efbdf9c0fa2f45dffeaec606d9f3e1bad8b9d0a2e59a32c84bb691c89013bd05faa0e2a283dba7daf3b46619cdccac
-
C:\Users\Admin\AppData\Local\Temp\sAsQ.exeFilesize
118KB
MD5c8b054c6cb6e6effe61b25ed3ab2530f
SHA1a26673125ba5df3e0a26a1e96e7cca03ef4bccef
SHA2568592a8a4d62b7860fd4626f37755e69ef462e285ed51adcd45f8e7bbd630023f
SHA512ae2a674f22925a1c802f0e8894e73f54e80c4ec5a93f79f93ae19d1f6b5c123bbc360caa484ab99bab9f8877a2b0497f907a5b51c9eb21c73a95ecd76e8e5225
-
C:\Users\Admin\AppData\Local\Temp\sEIo.exeFilesize
970KB
MD5c9f30ce9efa69ad194cefa70e20712ce
SHA123747e04c27846241326bd0ec6805af669bf2cfc
SHA256773d5d575513543d3d769ca856600426d38173add0d273627796c563c00dccf0
SHA512acf64216be3fe70d7d7b216864de2862a614d61985370c46f477363d98174f5b2e3dc4e16a2588bd4125125a2b79aeb0b7a2954d1d355c45b64f047b4b4119ea
-
C:\Users\Admin\AppData\Local\Temp\sQMq.exeFilesize
113KB
MD520844e72c3fe1b20f7057ded48fd83eb
SHA1f7b4716490507e48611efbb5bd7c942ccf9c9a2c
SHA256abfc89357d491bc2aea38b755a0d1dc6129862aac3ca256cc3e86c65cd05a016
SHA51234037eeecb660fe650f6a2f0dce7b55a10c7b4732993615349c52ea05a28517fe401479dba9929c270c9082946b4d7dd9d765acce2e340cdbe509cc701d7dfac
-
C:\Users\Admin\AppData\Local\Temp\ssca.exeFilesize
148KB
MD5e7e1429815f39842b33d9a8025ed7db1
SHA1568deb5928ba88280d76aa1bcffcf271c4f4620a
SHA256647917dfd7507b0e3e2816e1a2e6182fdb8c4d1fa85aaa4c285a1bcb25ffe52d
SHA51257793c78e68515f9cff7d269a04b29e32a5bb16d3dbbdc90defdb3ddd9f80c6557801f27ac93e3108b106fba89261671c5a12f9a429988b454ad418ed19c7161
-
C:\Users\Admin\AppData\Local\Temp\uUoI.exeFilesize
111KB
MD5488d707837c3a3e843a70833bf3f6b14
SHA125e5e0e3951c7ac88d68b0c8ff43052951e25693
SHA25658a764bc9a9c0cc21ca4a6681b02c68738441ed609c8822317c269fe52bd8b07
SHA512abb038ce78fa853f1b80a02a49cf3f9816856665c2a2515f67b22ce84481f9dff703126eafd8e51e528a29ed7ba295f67bff1660dba4d2e8199ac821be989b8c
-
C:\Users\Admin\AppData\Local\Temp\ukYw.exeFilesize
112KB
MD502fa7ca32678266daf2b59f3292389ee
SHA17cfc77a61b84b018b7b68365a0c478235bdfe9e7
SHA256268a57bdb2d97b2564a80c0545962d48b2340299505f5696afbf5a197fedc07d
SHA5125a10ef12270e0412863fb204b27d4414728f987abb9c1040cd63f25f1d0835ded9f6a549869761f17a7758058a586c328f0ffb2d3bcb0cb0cc8ed515ef5da585
-
C:\Users\Admin\AppData\Local\Temp\wAwo.exeFilesize
112KB
MD5ccde7aa9aafb422512aefa69d235ce6c
SHA19ebd4caedecd304f3422f92f91a029f74f9f24a5
SHA256b2d115d34eb1f89b0c2be1f426a3e73fe81068a857fc2352a3704b8917061146
SHA512123fa1ba72b8cb76aceb4a4242a1b4ca05be81ed968416df8913fd769e421e3c0b4af78d50c696b51a81cfaf35370876f671508f426d47fc3564d57e718a43e1
-
C:\Users\Admin\AppData\Local\Temp\wEUc.exeFilesize
120KB
MD532d8d6f671967febbd7b724b50141630
SHA1798aa01886eb402eb8d2fad62751a008c5d93c9b
SHA2567e62c2d0ba0aad4533c7597eda236b3e22ab698d11bc03da4bcfbbf6203ce374
SHA51277a297b156415e507e476c8d0614bbf802895bc8c5c7c2d6d2d1a808fd00d37fb18219cf4f5dbf385173442841741ecebcd5a3f0bfcd138bb4be193cb2bf775f
-
C:\Users\Admin\AppData\Local\Temp\wQkO.exeFilesize
112KB
MD5757dbb88886bc06e74500e5b56737afb
SHA177ff03d5abe296098f562e4afe7aa79290395744
SHA256317420ec0eb5abca9402b4cf6b6db61255863e933c95d18e3d18a58b24fa4ecf
SHA512d89323856b5784c6978299d90368442a8794607db95e4510cca78bb36c7c0495ba73a227409a66c6c294c4156c9f838cdfb3e15d7652f889b69e153865d128f8
-
C:\Users\Admin\AppData\Local\Temp\wkQe.exeFilesize
110KB
MD504cfb139e74dceed1b3be5ce2e34a7c1
SHA11637cd72b242e5c0a0bec62de2482c8ce460ff8d
SHA256a8d4917a28387fd8e540adff2ca6c3785219b8fddc0f0e2d5a530d83d81593f3
SHA512053d88263d2e5809a1bd714d5fb318560314c3152e8b501c8da48616aea384d75cac6405dd0af1fc198fcfea73273d7dc567adfa6e8d5e70c33065c6807fe1fb
-
C:\Users\Admin\AppData\Local\Temp\yMMA.exeFilesize
111KB
MD54c4d743205d95045c9ba06744b9b3c93
SHA1868b29d47a9baee1d2d3daa5e5c7ca9d9b882789
SHA256fc454bacdc4a025f83bbb3e35dec90ecd9474dbcb5b5910a533f6403c4ca2264
SHA512f25dd800c885c76821ed4d81b16d3afe7225796a0f848129fbf6a7a96471e2d010f944672fb2db80b5b38ff1fc23c3c34014aac8a1b2fceda1e356193f433f73
-
C:\Users\Admin\AppData\Local\Temp\yQoK.exeFilesize
112KB
MD537ac006224411f6d8de39e72ab26f610
SHA1eb7a981395103c18251612060852758fef06e8f2
SHA256936b91b0b9800b00c89a40d90f530b340b24c6681994a36ea7d150b6e4f872c0
SHA51255c4092c4f4e15d85608dd8fec01d445f02b8e1a26448ed97bf3dd3e4a7ae27f1e683f741e8d0676df741164f9d5cc69a7863b19dcfaff8058d6d359bff192f1
-
C:\Users\Admin\AppData\Local\Temp\yoge.exeFilesize
237KB
MD51f2d360ab93e499ec0462abc9fd4b7b5
SHA1966e1d1c7ba07e1a66c7d651ca7b1dd4e9e89e98
SHA2562bfdb49f6306554fbf5521536c2def4fff1c46da9fd247e138c1dbae5780cbb2
SHA512fc5a4d1d3649d1cc29307c4a81387ed31a5bf229af4b3f1a63a9954226de38e669ec4c9cd8a9281d950926ac4f0f86d9a93cf1e1848fd731a6ce2de3eb6d0860
-
C:\Users\Admin\AppData\Local\Temp\yscW.exeFilesize
111KB
MD5bea96510193d292f8050dd2e86c151a3
SHA127b22dbee82a6d63ca71e0356983d4b30168bd50
SHA25646fb148cb1ca7568a31e37307e32320476348143ccfe0bfa8972b0d94022b0db
SHA5129d389d2c327c23aa042f25c02e7cc0aaba27e40a3a3f9e8424d38eb71316ef53da2b75fbe8b4f3466f432f06c03587a84dc929c617ac7fa58c2704871d272c60
-
C:\Users\Admin\AppData\Local\Temp\ysgI.exeFilesize
1.3MB
MD520a044d36def286058184e75f2a5a1b0
SHA17357735a789fc436a6c2e78f91f6dd88ec58e3e5
SHA256c253d7ae14f639c4b0c59a3ac264febb1cd4696f434a0937b0da9c829a95c75b
SHA512e2c4ab5b51d0aedfe604ffde9af43b8723bbd6be222f99f8816c6d24036a9bc41e667c0152e15b3d5688c15f8abdfa0e4e9da097e1538f76cbc3ed3a0c2d4a7f
-
C:\Users\Admin\Downloads\AddCompress.doc.exeFilesize
926KB
MD53e74d4eb0604b29dd55f3efb9e360861
SHA149f088b990ec6cfd4e30ef98906e293189f84525
SHA256840d9e9278d19dfc8a0517b9e826f0cf18887a6ceea0339a9711891c065201c7
SHA5128f5b03756f0ae645150574918948e89569a218ac808f4409e3a6a094c682bd7fd1987f61f246aab1899492cc43860ba9a407bcf3319e3281f78aeb648becc464
-
C:\Users\Admin\MqkkcwIs\YiYcgIEw.exeFilesize
113KB
MD512670e2d8bf2e07626f29b042b0dbbd8
SHA108e78c9b205bab27b4bae424b867fc4c95dc08c0
SHA256013e73eb4d1f6e01c35b0c37e68f9e46bc0f74ed2af565f61fc02611593a27d4
SHA51249b0e915c96ed64f99fb6c08e23f3ceba1ec7ff93eda4f1226dc713b3490998333c28db8bb0ff16c777e87cfaef4aa03b35b047491efd1cf049c1b086e0fe720
-
C:\Users\Admin\Pictures\SwitchLimit.jpg.exeFilesize
964KB
MD5e769f6b83a71666eb5087d61d0064c3c
SHA15d49b2b5d8bead52f5657e99c7d12e9ce597c8b5
SHA2561619512ad766acefffe0b3b528ad9df47ab126ffa88d7c8122cc4312a0e9b172
SHA512174bef01de63d472756061599b0037bb7d1af03c562bac29602c53fccb18351ba3d6caea05312addfc2637674e19dba836610d5c75c6f8c45775531543301991
-
memory/396-66-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/396-81-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/404-107-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/404-95-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/628-7-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/656-44-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/656-29-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/744-32-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/744-20-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/856-14-0x0000000000400000-0x000000000041D000-memory.dmpFilesize
116KB
-
memory/1060-253-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1060-264-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1216-201-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1676-106-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1676-119-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1860-359-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1892-0-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1892-19-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2124-247-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2172-162-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2172-178-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2180-308-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2180-317-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2188-166-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2188-150-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2204-236-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2204-224-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2208-333-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2680-281-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2860-254-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2924-252-0x0000000000400000-0x000000000041D000-memory.dmpFilesize
116KB
-
memory/2960-342-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3228-341-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3228-350-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3380-307-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3380-295-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3404-299-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3404-289-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3616-360-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3616-351-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3852-251-0x0000000000400000-0x000000000041D000-memory.dmpFilesize
116KB
-
memory/3852-265-0x0000000000400000-0x000000000041D000-memory.dmpFilesize
116KB
-
memory/3964-213-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3964-197-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3968-261-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3968-273-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3968-225-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3968-209-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4164-366-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4416-67-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4488-133-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4488-142-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4520-290-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4536-154-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4832-85-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4832-94-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4856-55-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4856-40-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4896-177-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4896-189-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4940-325-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4940-313-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/5048-130-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/5048-115-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
