Analysis
-
max time kernel
149s -
max time network
59s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
26-04-2024 15:44
General
-
Target
2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe
-
Size
117KB
-
MD5
43a945ccc2d99ab669fa84f0acb31272
-
SHA1
1e61b384220de9bc8f994c7cd6a7f9486e52fbfd
-
SHA256
cb2df46750a6f585485eec85a425dde5d6afb1eb360823e894c03383c38738e2
-
SHA512
d6a33f17e86ab22a4a0dfc27f7ad0555ccaa836ac6cca33eac13de70ee8ff7f9f3bdf1ca047876ff53fe31370255333f6d560175628520b118c666d511dd2dba
-
SSDEEP
3072:J1PP8+ij5wKp3Csdclg+Y8iOKi3sgv6l/FxfyLcOwQXZyzX66m5NzvKN:D9liCplg+Y8iG3ncwXk7gNrY
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Renames multiple (88) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Drops file in System32 directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\rEEsQIMo\ZsEcAYwk.exe"C:\Users\Admin\rEEsQIMo\ZsEcAYwk.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\ProgramData\VkAYEkcY\yisIMwYc.exe"C:\ProgramData\VkAYEkcY\yisIMwYc.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"8⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"10⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"12⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"14⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"16⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"18⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"20⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"22⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"24⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"26⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"28⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"30⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"32⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock33⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"34⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock35⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"36⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock37⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"38⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock39⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"40⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock41⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"42⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"44⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"46⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV147⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock47⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"48⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV149⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock49⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"50⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock51⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"52⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock53⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"54⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock55⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"56⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock57⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"58⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock59⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"60⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock61⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"62⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock63⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"64⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock65⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"66⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock67⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"68⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock69⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"70⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock71⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"72⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock73⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"74⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock75⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"76⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock77⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"78⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock79⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"80⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock81⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"82⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock83⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"84⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock85⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"86⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock87⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"88⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock89⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"90⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock91⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"92⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock93⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"94⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock95⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"96⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock97⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"98⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock99⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"100⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"102⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"104⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"106⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"108⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1109⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"110⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"112⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"114⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"116⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1117⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"118⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"120⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock121⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"122⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock123⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"124⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock125⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"126⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1127⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock127⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"128⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock129⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"130⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock131⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"132⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock133⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"134⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock135⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"136⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock137⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"138⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1139⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock139⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"140⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1141⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock141⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"142⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock143⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"144⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock145⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"146⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock147⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"148⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock149⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"150⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock151⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"152⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock153⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"154⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock155⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"156⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock157⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"158⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock159⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"160⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock161⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"162⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock163⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"164⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock165⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"166⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock167⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"168⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock169⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"170⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock171⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"172⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock173⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"174⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock175⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"176⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock177⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"178⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1179⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock179⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"180⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1181⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock181⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"182⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock183⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"184⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock185⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"186⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock187⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"188⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock189⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"190⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1191⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock191⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"192⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1193⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock193⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"194⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock195⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"196⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock197⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"198⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock199⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"200⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1201⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock201⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"202⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1203⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock203⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock"204⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1205⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock205⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1206⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1207⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2206⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f206⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1207⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1204⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1205⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2204⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1205⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f204⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1205⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EUYAQgMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""204⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs205⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1202⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2202⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f202⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUMIcggA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""202⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs203⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1200⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2200⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f200⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1201⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QUwIQQgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""200⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1201⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs201⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1198⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1199⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2198⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f198⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1199⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aucggQAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""198⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1199⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs199⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1196⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1197⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2196⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f196⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FasoAYgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""196⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs197⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1194⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2194⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f194⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DogIgcYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""194⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs195⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1192⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1193⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2192⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f192⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zSgsYQMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""192⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1193⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs193⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1190⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1191⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2190⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f190⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OKogoQAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""190⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs191⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1188⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2188⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f188⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQcosQUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""188⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs189⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1186⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2186⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f186⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aUoEEQEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""186⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1187⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs187⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1184⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2184⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f184⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FwgsQIAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""184⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs185⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1182⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2182⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f182⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XAYQYMMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""182⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs183⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1180⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1181⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2180⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f180⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fqAAEowc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""180⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs181⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1178⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1179⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2178⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f178⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lQMoQkUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""178⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs179⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1176⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2176⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1177⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f176⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cWgUoEIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""176⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs177⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1174⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2174⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1175⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f174⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OyksMMUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""174⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs175⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1172⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1173⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2172⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f172⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qEMAwAQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""172⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs173⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1170⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2170⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f170⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PUgkggwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""170⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs171⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1168⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2168⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f168⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fWoUgAQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""168⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs169⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1166⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2166⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f166⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1167⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pmQIUcIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""166⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs167⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1164⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1165⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2164⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1165⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f164⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jSwYYsYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""164⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs165⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1162⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2162⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f162⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uccowwcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""162⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs163⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1160⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2160⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f160⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YmAsoYgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""160⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs161⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1158⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2158⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f158⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wGgUwsYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""158⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs159⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1156⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2156⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f156⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hMEgkcQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""156⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs157⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1154⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2154⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f154⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nuMUkoco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""154⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs155⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1152⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2152⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f152⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xoAsQEMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""152⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs153⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1150⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2150⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f150⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ncMkMYcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""150⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs151⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1148⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1149⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2148⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f148⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gCAcAUAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""148⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1149⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs149⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1146⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2146⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f146⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUIAQkYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""146⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs147⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1144⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2144⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1145⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f144⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iqoUkQMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""144⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1145⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs145⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1142⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2142⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f142⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pCsscMsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""142⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs143⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1140⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2140⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f140⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1141⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XEQAkUAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""140⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1141⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs141⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1138⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2138⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f138⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kiYooAgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""138⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs139⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1136⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2136⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f136⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kckIAEAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""136⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs137⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1134⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2134⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f134⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gCskQMwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""134⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs135⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1132⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2132⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f132⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WSwkQIwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""132⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs133⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1130⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2130⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f130⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lMIUQwYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""130⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1131⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs131⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1128⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1129⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2128⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f128⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hmEAUMww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""128⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs129⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1126⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2126⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f126⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\deoYoIUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""126⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs127⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1124⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1125⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2124⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f124⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aqwoUoUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""124⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs125⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1122⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2122⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f122⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sAAEwwIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""122⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs123⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1120⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2120⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f120⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EEUgQsks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""120⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs121⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1118⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2118⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1119⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f118⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dkYIsYUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""118⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs119⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1116⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2116⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f116⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pCEYMIQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""116⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs117⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1114⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2114⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f114⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FAgscYUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""114⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs115⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1112⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2112⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f112⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AGoEUIYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""112⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1113⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs113⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1110⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2110⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f110⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MSUUUwQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""110⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1111⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs111⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1108⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2108⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f108⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KMAkMsYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""108⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs109⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1106⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2106⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f106⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gQIkUoQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""106⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs107⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1104⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1105⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2104⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f104⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zKUUcsgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""104⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs105⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1102⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1103⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2102⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1103⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f102⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vkwEMgEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""102⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs103⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1100⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2100⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f100⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tuIUkUUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""100⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs101⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 198⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 298⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f98⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV199⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hMcYkswk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""98⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs99⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 196⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 296⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f96⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kggwUgIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""96⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs97⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 194⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 294⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f94⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WgwAoMEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""94⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs95⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 192⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 292⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f92⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qUEIUkEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""92⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs93⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 190⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV191⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 290⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f90⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eIsocUsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""90⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs91⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 188⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 288⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f88⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\heYMYkkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""88⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV189⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs89⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 186⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV187⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 286⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f86⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zesIQccI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""86⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs87⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 184⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 284⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f84⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nesooYkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""84⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs85⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 182⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 282⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f82⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iSYoIEYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""82⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs83⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 180⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV181⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 280⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV181⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f80⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kCQsIkoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""80⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs81⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 178⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 278⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f78⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kkoYAwcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""78⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs79⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 176⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 276⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f76⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tscAwQsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""76⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs77⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 174⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 274⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f74⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lkswkYEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""74⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs75⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 172⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 272⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f72⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nwMIIYUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""72⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs73⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 170⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 270⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f70⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qyYQkUIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""70⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs71⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 168⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV169⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 268⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f68⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IAEMgIgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""68⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs69⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 166⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 266⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f66⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WkYMoAQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""66⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs67⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 164⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 264⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f64⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sIoksQgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""64⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs65⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 162⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 262⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f62⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zcswUkgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""62⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs63⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 160⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 260⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f60⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NEMwgUkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""60⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs61⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 158⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 258⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f58⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV159⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TWoUMMQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""58⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs59⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 156⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 256⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV157⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f56⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV157⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aEUskIcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""56⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs57⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 154⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 254⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f54⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WKQQcMEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""54⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs55⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 152⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 252⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f52⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ecgUAcsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""52⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs53⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 150⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 250⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f50⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BcgAkkYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""50⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs51⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 148⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 248⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV149⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f48⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fwkwoMAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""48⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs49⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 146⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 246⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f46⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pyUEgscE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""46⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs47⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 144⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 244⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f44⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QWYYAMAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""44⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV145⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs45⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 142⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 242⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f42⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OEAkIAQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""42⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV143⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs43⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 140⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 240⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f40⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qyccwgsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""40⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs41⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 138⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 238⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f38⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iEoMcIEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""38⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs39⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 136⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 236⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f36⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tUUIkwEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""36⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV137⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs37⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 134⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 234⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f34⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV135⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\doQsgIUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""34⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV135⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs35⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 132⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 232⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f32⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PiYUYIUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""32⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs33⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 130⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 230⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f30⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wmkgIsAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""30⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs31⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 128⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 228⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f28⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QoQIYQwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""28⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs29⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 126⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 226⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f26⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GWAswMQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""26⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs27⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 124⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 224⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f24⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aAwUMwIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""24⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs25⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LQsAwcsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""22⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\deIMwEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""20⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bYQYcUkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""18⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 116⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 216⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f16⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JUEEYokU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""16⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 114⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 214⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f14⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kCsoYAQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""14⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs15⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 112⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 212⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f12⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GSMoUkkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""12⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 110⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 210⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f10⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YYsEMQYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""10⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 18⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 28⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f8⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kwogMkwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""8⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZSssYoUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""6⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ROowwAoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xUsQIcQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlock.exe""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exeFilesize
149KB
MD596432ba6d2a3f2439c0e61223d955e64
SHA192c0dc4702d4f49e1ef59a4bdcc72c76d3c9f77d
SHA2564b15bfd4ef64715eb2f840e97b2e076c3114a850a20633010cd357091df8ed9d
SHA5124aa96fcc13b13a3c2fd850352e9f60387c528dbd25d7d214bdc2f71575c3905eb7f750174fc08dd0be86d0996144b191d4daac95f7146540078b0d9b4fab1290
-
C:\ProgramData\Microsoft\User Account Pictures\user.png.exeFilesize
116KB
MD5de24ec791694ccf9be95c3c306d79ef3
SHA1eb3d84a4cc2eee29741cc371c56668bfab7bb85c
SHA2561843b27cc179b01befef0e897aa5c3b88b3e4c4f766f293b862a5fa30a90b453
SHA5129ffbed8f23ce1236100f9328097567920ed0d691b27d66b459e5772a64be1ee28c54eec3b3564a79cde244d9408842c8b9da9a365c1669d3d69fb844093e835f
-
C:\ProgramData\VkAYEkcY\yisIMwYc.exeFilesize
108KB
MD572e5439b33842a4b0ba9dec2f7e70feb
SHA16fc91dc333dec6ea8feb1c63a2559ef3cf58cb99
SHA2564f08f79db985c68dec92e36568f966a85355ca21ece7b5dfdba7d5e834a4eb06
SHA5122894bf86ee4761a1ceb841b8700b2b1b38ce6ac2030762f1f85fa8773d9b9fba62460e1443cbac5db639ed42f4185cc0ca1039befbad823ee338d878670b90f0
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorBlue.png.exeFilesize
117KB
MD5177020ade92b7cb5c12b2ca02df76699
SHA189a72d8470db8861a1b788d8acfd804355bfbe22
SHA256b2d1ce17a5ba104c31b4b9480210ccf410be47998cea239b8e07d68b2828586b
SHA512be0cffdfbacda0bed45e124d695ec31b41bbbeb65caf1f64f162894fe8c2ad65e75b1feb78bc12500b5a42d8f6a20cc038f35c69a3070670db2da013bf5e863d
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ElevatedAppWhite.png.exeFilesize
115KB
MD5cface2d04745e57c5c1bb084f0e244a2
SHA107fd75f07099fbfda1882790eb0f20b40804a852
SHA256b04a5be1b1c82752aa0c94360b6bac98d4c98b2dc1ea030729f12a929f661206
SHA512f96b7d696df66ac5b9983e55f00d7a69e94fc91ea32aa33b3ae16c4da463e43c0464d65d09cdef3f3379b4f3285d53b6fa22ea51d4c4b9cda4f63106d4a5bed7
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Error.png.exeFilesize
118KB
MD522a02dc7a2c8b77e99c307bc1c1984d9
SHA18f5ad7d54be582a2da5890ef9e4e670faaa616b3
SHA256db8a13a121b53e1e6b9f7294347d70457d7240e00675c33515ca0fcaa89151b9
SHA512896507b588919775c3a67c7ea39183126897e6aaf37610dfa074942bccd7d036bec50156e27a72b66f290499ab3ff9460801eda3657812d4ad26c7894ed8bedf
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-150.png.exeFilesize
114KB
MD583afab0aa9e3d3a0d54e093b1da7646b
SHA165b21b43ae39fc0144119a9f7dab0ec47e8fbb58
SHA25680226e0dee90d600fd05027e53b648bc8aba4c33a88484b68209ea96fb80c134
SHA512f91f7f6d144137a2acfce0d645d9ba0697279a2efd8e6ed0790a26e0f725e6a6d97d82df852e6301d2aa27198f975a1b2ef27e759fd8f8eb89543c01a30aa45f
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png.exeFilesize
111KB
MD5205c28f6c4da43682dcc2dc523e77fa4
SHA11bf4b58ec5180823d4d1bb0fe354705cb8d56dbb
SHA256fd6187698fe02e478068989119f19c5cdd7bd0d3ffb553b0a57da4c6ae25d66c
SHA5120c6f975639e3edd377ac22e4a03cc6cbd6de692792adfa73d7b232d2042b3e4a60118d1fda3ef771893ff3c992d398c39bd4aaa9060359129d045f27132d0dd5
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-100.png.exeFilesize
110KB
MD50da96ffec793366339ffa80894b408c1
SHA1fff05843273d93ba91f0b36f80ef16503e3222b2
SHA2566b6b37468fdd0bd6411cd54700826e54f162f21eab582cd602476e1ebdb77865
SHA512289013eeb30117d33a292f2725f34dfe14df957c9b269687ae9752eb6b093028f45c145c53dc43d68286f7b5ad908aa44407b45bdc75df6f557c0af59d851381
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-125.png.exeFilesize
112KB
MD596690e75c024c6771617c609041f5f83
SHA1f9bab8ac4eed52062c35ed428fb0553b75968e0f
SHA256e5395fd91ea5672fa8c9198e9ac1d5dfc468d43ca5e739b4854f7974964334a1
SHA5122c8ed0517650d1864a04f098bff1ab4cf3e7a796e48d39db6b6f5bf19839c19dc57924b5dbb4019f69b73dd9a33f3b0b34dacaadab1898471599f58512f4f1a8
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png.exeFilesize
110KB
MD5ce28c3b4a8eb5e828b2cf294d887358d
SHA165de91216d5778cffc6142a4e91f7834f8be3bd9
SHA2567fc2d4f6aefccf1512fa2fb98fd75b30d0abce3cd88ce5c3ac77b3e587378567
SHA51252ab18512f06b9742ac376ad81433238081e5f9a9bb337683b3a9292bcfe5ccb0d5ea4f663c1f562e68e7b316be9e8d3067b6ab909ecaf313b79e75bd0e6bbe6
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-150.png.exeFilesize
109KB
MD54eedf50519148afcb51992e2769083fa
SHA185c1abd31fbcd773e5557eea6b5d9b904d631cce
SHA2563c0d35d79ce12143acf51e9870c07e971b1e3be554bf472523fcff7469e08d8d
SHA512f110762c35e78cdc0575ac38a98583b9d3bb43514bd0a22255372ca8b39a5880508c1c78686caf3cab7e5ef21c6b9465b38a4702baa3837ce70260fa34d620fb
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-200.png.exeFilesize
110KB
MD54599dfcd9336a371932ce86294fee5b8
SHA11bc0ada46916eb23c1c43bc8f00eeda1a995d6ae
SHA2560019aaed4b0dc0cea0843614a0bc0b19bf2901f5e6c660e1e26795b7fd68ccfc
SHA51295e430aabf8652e48d4a107bcd7949d9ee9fefeadccc7b01f200a4e71405778e5786c0a8812d284e4a57c44066d204aa9b93d1a8ae1dc764cd56f1711e5ad314
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-150.png.exeFilesize
110KB
MD5e945532b370384336793d7c30ac27ac2
SHA1cd27322875ba5c6a979ecbbf285842f81159ee8a
SHA2567991caa4e015acca320a5868896c0af2cb5986b564ecf6d8eadde83b5e678cd9
SHA51227e3165d0a653f9562657f4d559624863895f75e24eb9a9ab06bb7ef10d481b815ad60ac63f74390a031e2fd4cf0001d6505b32f99da94159185f1e01adac179
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_43a945ccc2d99ab669fa84f0acb31272_virlockFilesize
6KB
MD506db768a6aa1d62200826358b4099ffe
SHA11f59c300939cc7211327c6020a95b8083e1b617a
SHA25666e1cd26c61f27567c02fcce0e757acc75a0afac1bca6d646b7b5aad69a86517
SHA512c648209b7df60c557aac45346ea649efa77123c06d5e9b1285054b7bed0791450736803f3dd6487674a8f463ff72f7ebcbf1d56ff17403b4fe197371ae6bd8e6
-
C:\Users\Admin\AppData\Local\Temp\AAgc.exeFilesize
111KB
MD51104eaacfed6adb68e7abeebcb4a8fd2
SHA17e199dc22704dd949d664058e5bc03c7c3ff4e34
SHA2563dc1c9798cf2608a9405bf85663b737f76508cea42860ac33db9c43eb8550c93
SHA512be3afb0e5b42c88ae8f4a47f39fab9fac024eb34f62ab981b1b9333a53ddc0d807c24b1f39f2c20710d03bf939428957694e7ce5e0c9be6a3827cccf43fbadd6
-
C:\Users\Admin\AppData\Local\Temp\Acos.exeFilesize
139KB
MD560eb6cf512c2b61b6bcd8d8abf8f18ea
SHA12ee39d161da7661fd0708f4fddb6506e1682847c
SHA25640abb881a3420a52e70522ea40ee9fae194c74aa7609b2dc79995a972e6adf6b
SHA512d7fb9448f92388df72e9cd94d33d5aa352221a1acf7341dacb5f7fb5adc812b75faff79f0bca1817896318d553d7740ce8f535e618ba2b735d4a4d3dd15fc685
-
C:\Users\Admin\AppData\Local\Temp\AgEY.exeFilesize
699KB
MD5488578b7182fe4350e21124c7903f15d
SHA1aff4e08f45cf929d936e955c06cba88830bedb67
SHA256f2506efa465c9dc8500ac4d9b184f8163e2cb45f9321e7922503ee61aad9cf56
SHA5123837092d962dc4d5c123cee9a8f94fa3c545d40d8dd68a7ceacd5264397ee102833b4ef3bc306f2b015786dbcca64286a8dfb871810e39601060fe95e231010b
-
C:\Users\Admin\AppData\Local\Temp\AwES.exeFilesize
125KB
MD565a9c2e6cee5f9bb18b60d2c6c843ba0
SHA1dddb17d35d23d94dc52a591ca43dab075ffa9205
SHA256a46819feaf64de1a510dea84cb5ba096fbd9c257ef358ac8fc752b04c638dbb7
SHA5128bc5596eba96cbd8f285e87b93731a01fc19781c5ff44143e6d04c9e3cc528cf76b518ea52fa9ecf34cd9ecc7652079cec121a35a3760fc898f26709cfbd421a
-
C:\Users\Admin\AppData\Local\Temp\CAQS.icoFilesize
4KB
MD57ebb1c3b3f5ee39434e36aeb4c07ee8b
SHA17b4e7562e3a12b37862e0d5ecf94581ec130658f
SHA256be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742
SHA5122f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6
-
C:\Users\Admin\AppData\Local\Temp\CoMu.exeFilesize
5.8MB
MD51bac8191e5ef8b4ae3ba6d435a6397cd
SHA1d54cda1977f011b1c4d7b06bd453db4993f2ac56
SHA25681757e9611e70812083686ed8ebfe84833e175cced8e7e71d1f21753409c9f01
SHA5127de13a82d779f28ce84bc4e385bc4e08638a24badc73a202fc0d9f92e36dab296bfbe72e182df2f037c03c9e76b7342b9d78d2eb14a3461605c72f126ce28f87
-
C:\Users\Admin\AppData\Local\Temp\EEYA.exeFilesize
114KB
MD5b83739c8877b0e08cf722611a6c813c2
SHA1208d18ee25c6f6a068766924737221598138a4c1
SHA256d041e9a5eeb2eed90a77520dd61f044ee6fb0a64a08b727bfeae4e7805782741
SHA512ef285bf658e877382ad7f7c50f11bec9e673eeb225ddea781732dcd08512f2b5b6fe8a2c4c25dd0186404f54e07de36ca4dbba6d7d071a2ab19f2247421e6531
-
C:\Users\Admin\AppData\Local\Temp\EEcA.exeFilesize
880KB
MD5a87bd33048b9d823f173f7c1f7942283
SHA119523a484c3b65f0bdaecfdfa8b9a834f2352052
SHA256b52255ae44827af802dff1b1ef2c1ffe34dd50b9d94a786918bc1d4982704bc0
SHA512687513ddf37fbab85b1aed886f65db325ca1d898ed506d405608ba9485dec4778ff1b5f60a8f54350f5328bc072d6f57ca9f0dee2b610af4cfdbdf691c64a25d
-
C:\Users\Admin\AppData\Local\Temp\EQIe.exeFilesize
114KB
MD576d9639c63064b356504a0fc95341011
SHA147955e7baa0bc9bbc77be331e147c010bb1f782a
SHA256911d853356a59578a717c479bb28d19994d7ebac7d2b2bddfa8b005b5cbc6af1
SHA51285a0db8a068f73db901ddb05f3493985bc8697a38b5967fb1751eaad0f82bb1f6414eb12e1cf0bebd4e258adaeb37faa5cb0e1f81bcd990ee0505bfd7a027440
-
C:\Users\Admin\AppData\Local\Temp\EQwC.exeFilesize
1007KB
MD5d807943f068fc4597a151d29d062d4d1
SHA1c9b009768ece35eb3315df28a491f6f8ed306937
SHA25648ba4ed604e1e62a4f9f6515588b4dd71e374dd95122fba632fbba8bf5d79a50
SHA512a2254658022b546043e4ad432a0be5b0a753252e632acb4235b205f30fdec5145f33851c2ad96b651d54f8ffcc9f3c70556bbd64409779e803e01639671f277f
-
C:\Users\Admin\AppData\Local\Temp\EsMe.exeFilesize
5.8MB
MD59ee006a633a14da8b1be1b0940472bed
SHA12a42b4859efb56552a71f9458b75a2b63f3fd061
SHA2567c6d2517ed85e7433158702853e827ca2ba9095086c830582ccdd3195577ed89
SHA512b5dbd3641882f586750f52782f7e5fabe434c93163dd590a623f65f6054e8a424ac1e4bc52d76575b6bb564904e7cd5df93ec061d91e2d66364d19dec06786e7
-
C:\Users\Admin\AppData\Local\Temp\GIEA.exeFilesize
139KB
MD5e7c2ed7c033e904a7fb4058086714b8a
SHA16c69597f7678ea27e02a0cbdcbed62299d3c8481
SHA256fe334b5ccc978a914cb193ae4394d0901a01f20eb6b9791a3ad55c9760e63bbf
SHA512bef6c96dd227cb35d0dea6ba3a9a690e9525e037429ba019f92e5a8c4b2b6078aea94c156768cb6f2bb46cf0965bcbfe874d34ffa4884f0106f568d71933428c
-
C:\Users\Admin\AppData\Local\Temp\GwMI.exeFilesize
137KB
MD5cd5058d175905544e3b399afad8cd901
SHA17ddf04a04e19ce59d26c0e8fe9325cc446a7ffd1
SHA2569d2222e1dd723ee92460cb7affc9c4f5d069926006ff6b7ad2f3210f622439e9
SHA5127393955dc109482ac513fe3be07e8c335b4221f36859a49dd52d47581c59c9af3f9d32f9a068c3a39d353a31a79d63250d67f28df855adc17d3f4c1cb66196a9
-
C:\Users\Admin\AppData\Local\Temp\IEgS.exeFilesize
115KB
MD56731cbd2da694e4e1261c7d85e94e21c
SHA10b522cd9c7fdc01c3c4caaa824e9d3725947d99f
SHA256716582d668a14fce3aab12112f7b02810f388ca7789c27ce64a174f6e43b56b1
SHA512beef8e78ad150129434a0eef1124fd38aefc5306bc59a779b3419a2a25904fe6d8e3492851eb2c9cbf97b9c278cc9ed2665b8615708185652ac8bc2d69026e8c
-
C:\Users\Admin\AppData\Local\Temp\IMcw.exeFilesize
555KB
MD572b0ea76675ef84ef7cfd12e8cd7b910
SHA11a178e1637ebd9586902b29e5fdcb4ecb99436cc
SHA2564e730fdfe259cd8afa66669049e46dc882860ad12c034828ebdb3d78a2559848
SHA5126fc99c85681fc3b1b7657fab1661f33d149b3727120722eff1e72778130d66d2f530e35023f37adb696c7caf10ee0fe63e74885997ee22de2310c034cec2c4f3
-
C:\Users\Admin\AppData\Local\Temp\KAoy.exeFilesize
112KB
MD54898c6db0331067a3d725879618a91cc
SHA19f840179ee714cb52879c466ac3f90e9baf51d1f
SHA256d5060bb94bd9f2786803e585db9718c10b1fa9ca3e16eae0811b8bf22852f5d6
SHA512db2587ccfdb8eda97aafd01d2bf5bdd2e470385a32041154ee8812cec6a3cdbc3fba7ed71f25b3b946d82d1feaf704ccbbf176523fbe2908cea3dbce73d29936
-
C:\Users\Admin\AppData\Local\Temp\KIUS.exeFilesize
566KB
MD57835ff3e6ca2ac18708a122d747b1941
SHA1a2479df72b4b75635c64f2e5041685146aa4f285
SHA2565fb43d4fa6d7557089f353a55fb90e0a121e4bf927d737dbae397d2b0aafc791
SHA5122defb364cbde11c4eb6a6a846b249ebd3e457deef684b5af7b08b5dc3bbb2219ec7bc65f8d760fe2b81824bca14842026b1b769e680a61e748729057fc05bd62
-
C:\Users\Admin\AppData\Local\Temp\KMog.exeFilesize
110KB
MD51e5c1d50b24be92309cf13dae0253ed8
SHA1be34c8e89653f99fe6a1be41fe34846c89dd2550
SHA256991c347152f3acac6fc4d1e7b7dd07bbfbd9efe71b229f83c00b79157be63725
SHA512c19b52ba03dd6870e640551512d027be60bcb9360f6712d54d84ea3ab1b2e60ee3a5683fd15e22ca7e70de51cd2bd855068ca76b6b30dde75df292f62af6718c
-
C:\Users\Admin\AppData\Local\Temp\KYUI.exeFilesize
117KB
MD5bb72ad83bd078c912a12a3d6dee73edc
SHA14b747a4439be77452abc116d06c9761272217779
SHA2568362cc02a85d7338dddf1ecc404ddaa16a035a99b5ac35039dd604b199dfec6f
SHA512cc9b1bb83c076ba03030dec10f2adcbbe4bea66f0047dc99dcd1290f8d513ad8b2f84866a5c19ea943a54ddcbdeec2aaca637946fbfe435ff582c36a18270822
-
C:\Users\Admin\AppData\Local\Temp\MQES.exeFilesize
5.8MB
MD5837d5e09a9e19ff69a4f96ff3c892cf6
SHA1a67f40bc9b3ac65360053c6f998432fc1454d6ea
SHA256b1705b8295f58ee72c655283592ef7b12923b281cee7a18c7379bab8402ca301
SHA5127b80fd18cd9a02c47cdf266028f9c284ed6b3d8722902ad6e7a647b1adb2530e246b0d63e80a9322817f1f9aafa076e5e100f3f81034154f13fb9a7bc96a1654
-
C:\Users\Admin\AppData\Local\Temp\MQUY.exeFilesize
110KB
MD59c6d578c40861f4b75d5698447fdb747
SHA113106e873fb63c163e388cd126c1aff8822fce1a
SHA2561bd2bc3c23610082ac201d0eeb827cac80c2f1e6bd52dfc88192f9477ef5c709
SHA512746a6de3ee8595d3fdd131ea06faf33b11871be3745416dedd309d9249c623d7bb89c4a6433404920993fa4583a820769091981e6aef504853566357c87e74bb
-
C:\Users\Admin\AppData\Local\Temp\MUga.exeFilesize
722KB
MD54f4fc0623d186c5c13d96d3116fedc40
SHA1d63d489f02c2603a7115a3dae74124a8c0d0f0ec
SHA2566247733e07021aa6e011d3ceab7afd59b2976982ea51ac9f6a1f19702af71854
SHA512372ae859a5a77c58fbbcecbfa795456fb45754342b68ca410470257a9de7478645e00370385170c9581fa8a58a636fb8f4495beccf9618780f08ad98e0ee2a06
-
C:\Users\Admin\AppData\Local\Temp\MgMW.icoFilesize
4KB
MD5f31b7f660ecbc5e170657187cedd7942
SHA142f5efe966968c2b1f92fadd7c85863956014fb4
SHA256684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA51262787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462
-
C:\Users\Admin\AppData\Local\Temp\MsYu.exeFilesize
112KB
MD5b6d2c1c6246bd3ede3290e3100ac2667
SHA190047febc6a4cf60e6454132cdc33033735ddfc0
SHA256eff08b0335a0addece68cdc7ab0bcb4ed4583ab67144c87c8d16de577d63b64a
SHA512fad078d1a53e2423380db0801c3595849e2baa55a3147386e762223f79c9d7e1df44f17c97f2de06aeb9d2ad10e774475fee2e548b32cb5e1a21972ddbec8f43
-
C:\Users\Admin\AppData\Local\Temp\OQEA.exeFilesize
113KB
MD52fe56ec226c9750128cdbe6447be1c73
SHA1396c33cfb069b8b883bcb3ecdd3ad34c65a94efd
SHA25677477f55a258abc45f47de8c49c82b8a025426a2b91188642fde87fbe605c0eb
SHA512bb6bef8798e8520d86ea20d210a21063d792427f0a3d4ea3733dc25a86bcecd7d82157a5c31562bb1fba768212b5c046e4087b3ee335284d1f443c360362d183
-
C:\Users\Admin\AppData\Local\Temp\OgQQ.exeFilesize
117KB
MD578b4b158ed11d841be373b387841b25d
SHA10e30d16319641a2d020608f5a4aa37b2714bfa8d
SHA2567a7224ae5ef61ad5cf8bd32fa56e40a7ac3b518e1c93372d5b63c29f5f84bd69
SHA5120d8ff1e6d5a04bb344046530c6ffd46429cdeb70c9bb04b09941e98c6bdddbfc4d08f8e9b971f1e22fde256812901963ef1837533c378b41594bce10c9efb0df
-
C:\Users\Admin\AppData\Local\Temp\QAYs.exeFilesize
321KB
MD5f4e0e8587c85fcdb6bad82e4f10cf93e
SHA1c6a6b17b45145be71bec73ad045d139994168c81
SHA256635e1d613df6a11c4e42d951d164125f2c40c41edcdbe81c88c3f479ec982a0f
SHA512ebb8306d58a88d76e75aa7ca6e19ee03538fc2ed598a1e5ff5988094740bdbef54618542b8c3126783c1f152d71f3a681444b2e4b26255e943c99d4b243f23d2
-
C:\Users\Admin\AppData\Local\Temp\QQoq.exeFilesize
111KB
MD5821c311332855252c297568c17ddae30
SHA13f6409ab7eed75e957975548cce7d1858d3859ff
SHA256ef55ff97cbbd4ea58d2ef3edfa5a4297f650dac8ded5ed5fbb0c1e9773ca0003
SHA5125fd064f05f9718f2cc3eb4d011b4cdf8957e7c00928b58e26c2e692a8e7fb65a587eafb5dd6be748e4216f7de396dd73979a5a2823dd1d87408c16ebec8ea584
-
C:\Users\Admin\AppData\Local\Temp\QYgk.exeFilesize
112KB
MD570a5b2044a86cbd4ff66adc8049c4187
SHA160733efd9ada5b563d7bf1802f08a7ef713a84f2
SHA256d4a97958495b6feeb289a8f21a4c5134c253b3cafdbcaed9fcfffc76d4e7f0e6
SHA5126701cfc8cc50fd337af9d66b3f4eb0c49bf663e6c40137059e6a3d085d2f7e6ebb7ffd9106f3ee0cbb19cbaed1f46b72273c5bbb39eb22c134b18b05a7d56571
-
C:\Users\Admin\AppData\Local\Temp\Qggk.exeFilesize
112KB
MD599ed51d731a51efa8e1dea86724f6070
SHA13a2cbd5dc3de28859118f9f6c9d79936e26c350d
SHA256f9f7a25b58cf7b42bb4d2a85d9b347a138bdfd31e3ce6ecac9003e2265470c56
SHA512c6484e4d5a11d8e6641bcd43ab16060d5349dd226627b099d2aaa0ba21c55cf287c2397a0bc3467885fd4574a7b8bc2ea677575e1d3740f3ebe7b19d44136d98
-
C:\Users\Admin\AppData\Local\Temp\QsUG.exeFilesize
1.7MB
MD58ae5d9e1a89bce8dfef9fb3cda60a259
SHA16ca7097092b730640b69350c85ff4eb6c81dca57
SHA25619bbdddeb36239bdf4af7a88600482936e8dc3ef31a8211033419ef9a6d0e807
SHA512d48a43e91b03917ce872baf70868e6325ca8f3c86ccfe6ab59f13207339a805d5b93576d4086301e0256bc5544e15f0fda3875ade133a26ba5dcb503c2a3ff0f
-
C:\Users\Admin\AppData\Local\Temp\SIYe.icoFilesize
4KB
MD5ee421bd295eb1a0d8c54f8586ccb18fa
SHA1bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA25657e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897
-
C:\Users\Admin\AppData\Local\Temp\SIwQ.exeFilesize
719KB
MD57a48abbe7a17c586ab8887170b1dea8f
SHA10812dd02c172742348201c4a01657751b690afa1
SHA2567ed88ccba56679671efa048f79fd331e01e103fa9210300e6313f0dd3d4f0aa7
SHA512aa00db56286039a70e4ba79d3d56a779d8d85f636fd6b307e57f26187765c09b22f2816a00c76fe7e2b5c26920906530de9e102bdd3a052c955fe511908b5f1b
-
C:\Users\Admin\AppData\Local\Temp\SYoW.exeFilesize
117KB
MD59359c5f5c7dcd3640620cee24399943a
SHA1344717534b6039a3e967c5d561fb894b38339732
SHA256ba03345532295d5c6f2eda7cb19e0cd8e0c1de4a10048d3e55e62a44a0c592e4
SHA512e34e95016e4c87e63663897f7cf93483559579cbe0d44a4a75584bcad599374ad24a6c2d02737c0bf62dc9dcf995df3c1e9e398d829bd37996db591554756037
-
C:\Users\Admin\AppData\Local\Temp\UAss.exeFilesize
119KB
MD5801439a65866de475f63e854b32c0736
SHA16895008a13b1106f9f5fdf63b76dd2437ab49944
SHA256476e62e9769ebd9950d3ec10d63bd881648621e57702a64094b7e23dc56cecb8
SHA512b7b43cfb7a2ab5e447977dae132595a24b487451edbb7ff0a6ff62adcb706f990b390a5bc171136833b8fddfb786c1bfc2feb9f52a091a8486801dae1bb070d3
-
C:\Users\Admin\AppData\Local\Temp\UMcI.exeFilesize
124KB
MD5c928c3e50b81c50f27c2ac422c30f269
SHA1076918096b175c3b8d027ed015c47ef4e757bbe2
SHA256ed1850a0c87aa38532cc2b464043367e48e6e512dda3f711e0febbb4a3bc593e
SHA512038a2ff7188db7e16ffd49d88ceffc16c38de89125c44e276b84708f925b86d38a33a6fe98f5fa8d4d9c95ee4b1faf3241f695ed1632a067ae3a333342ba7fb7
-
C:\Users\Admin\AppData\Local\Temp\UYko.exeFilesize
114KB
MD50fdb7b19b37ba8f90b20626402715b2e
SHA11bfbe16954457b821996b5b753e82b6c3d3a63ff
SHA25643a390cca2f7f01de60a5443513d12454cf1b86cb326bfe230ad4aee47cc8ab2
SHA512f6e18bb42a9f9236c4f863689a9a610f4b213551a0a14092c3a7ba28b82a1214b177efdc52a50d2f30a6fc62e1f74284344df747fbd4f8fe8f5e7f3ea5055056
-
C:\Users\Admin\AppData\Local\Temp\UgcO.exeFilesize
248KB
MD593158822fa55b395faa510c5dce1e32b
SHA1eb5611c1b51880dbe185cd00de8b176ae6bd3bc6
SHA2562d6f59674198937ed078745ce6b6399f4d9cf39f3af3871fbc96481dadf26d93
SHA512a7d08029e629ca40fabfff1f3650a58f8e938a2da2c9dc967e05a941152ef47612aade555fd169788c69605e5f0668d1bf1b8b63fd39aa600681b6add788bd55
-
C:\Users\Admin\AppData\Local\Temp\WEEU.exeFilesize
307KB
MD543702f48639c96eb8cf0d93d1a8d6fad
SHA1cad646b2fc6433e47408bbd96884f734a654ee23
SHA256277b32a684ed1ba3c41e1fac34de0d04f1f45e71fcd4622a0016d6b431716d69
SHA51266ff23fe7999bafd3b30504b038a7ea9f94a9ff61337595ba42b43176d5ccecccc639b646b608b96b7b9674a0cb6b64e7ea9c6d507116a52e05f582cbaa0d0cb
-
C:\Users\Admin\AppData\Local\Temp\WgAe.exeFilesize
424KB
MD5d78ebb739d29bf1e37d35b5330a8759a
SHA179d772d1b72af05ceaea626fedac7b7a66d8cd22
SHA2569ac65c75196fd7421450bc6830d84718560753fd32415c3d70ecd55e2ed37ac8
SHA51286b654189e4d892e5b96332f97b4df40a04ac32270d3cf7a2c16dc5b8416814bb58370fbaf02be6075af6e99eddcf19c8bd2bb0e72b8abfcf843d78d08e630c2
-
C:\Users\Admin\AppData\Local\Temp\WkQM.icoFilesize
4KB
MD5ac4b56cc5c5e71c3bb226181418fd891
SHA1e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998
-
C:\Users\Admin\AppData\Local\Temp\WwEE.exeFilesize
111KB
MD56a677e1196fcb8d92ede8cdbda8f5451
SHA1425dafea7b66388e154c4fb87af4880775a7bebf
SHA256c202007fc94841ed12aca0b2884e0494b8846246009ddb474d1c4b611ee784b3
SHA512c5005384027f4e8937ba988414e3a9f7ea260d199a8a3d8cc45c32b8804735eca6be9c77caedb998cfbc11d6bbd14f727c853c66bcceac9875dce7b39a44bff2
-
C:\Users\Admin\AppData\Local\Temp\YUUq.exeFilesize
237KB
MD5604c769d818509d80b32917754645ae2
SHA16f35fb8a59defdaf14cf36ad85dfa9a98a7a2c3b
SHA2569dee9314c65554b4f3842fa9c129b39f796c3d056abc071f57ab57c021e32d0a
SHA5120977ba6b5ebe71d498c7988ad803b26f6fff969bbbb0eefd430b2e4903254148e59cc2bc876d553670741e3446f09a917d9bf0e716a0a4ecf2474f079e3d5585
-
C:\Users\Admin\AppData\Local\Temp\YcMo.exeFilesize
744KB
MD54b3e7e333be734ca777eb8d64ffe3cbc
SHA1588e19a902a61b2b6ed7a85c73050698bc050d13
SHA256346bcb007807aede7d49b06c27a122a796b479df977a84791baf277bce41c4f2
SHA51232b0f23a238fb6de79ec618f9a3a44e142433fd29ddb02d76855b564ac479a3dfcadc01ff835369a467322fba069cfd80a3c17029192d1cf567af50e1817f7e0
-
C:\Users\Admin\AppData\Local\Temp\Ygcy.exeFilesize
110KB
MD5e1b6a7e823f0fc1a4ef78cc577c968b5
SHA119616bda447ca164be425106ef4b0c56c4c30716
SHA2562cf85323c1b2bc161a023b7f5225ea0f1b574b13a556634a7eebd910f3449ad6
SHA512c00479b81468987396bf9bb225ebcace2c98c3bd7fc92fa9d127de33cc7a5215d500cd158b1a2184bdd2d28b092eef2fcfb81f3de455f7bff9897e36ff8ea791
-
C:\Users\Admin\AppData\Local\Temp\YgsY.exeFilesize
236KB
MD506c284a2230cc30b12794b8b58de51b6
SHA1352010ce3d705418dcbbcf6475aaa8bef2337dde
SHA256dc08d2d8b31a95a0dd0a779266e00a5d70521f29aec1372449d849f2c6016fbe
SHA51292748abdb4c87aeeee41d448d3183618df94fa3d2415b7690c6b0b95d78e1909d4d13ce025ef8eeb36740be7d4292c453729ff903f6d708ded4539e8596bcd68
-
C:\Users\Admin\AppData\Local\Temp\Yows.exeFilesize
720KB
MD5a3c3531568b9fcd29021ea35525170f2
SHA111dceda640ba3a119657ccbea3f55c3dbc3bbf56
SHA25696de7f8870476e1e5808368452762efd1b715bbcb1e01a892a4a67f1f6350234
SHA51232932a58e76b61c58ca15cdec91f766756e8b1db0b8f928fc8381e0a7be2038e197d2a81bd2e19e115d360675b840b57c85ddd56f55146a957e23273ab6750ac
-
C:\Users\Admin\AppData\Local\Temp\YsEQ.exeFilesize
656KB
MD57462b917d6329fe4271c2a385d8978e3
SHA119a25bbc3f05ad89017e5e34cef3cd89f5b7053d
SHA256a6d9cfee652c1836d912167871744d57211298d8c8b0c5512862011d67c84524
SHA51255e89bc1dad8a8ef63444786a8426b9f7c9c7f96f91d2edc4a21910d54fb1e5a989015a573b871ec0cf93562c92b2d302794c33c39e6856ad216ca99e67c31c1
-
C:\Users\Admin\AppData\Local\Temp\Ywcu.exeFilesize
156KB
MD5999218557cd6450c9e6bccb16c4637b0
SHA13d9f98a90c193e19ad996117009214cb7194e993
SHA2568eb00ea2863c1712d94bfd36f42e2a06418345fd3e9f9cdebc8bc9f6687805a4
SHA512b58e9d523f94991b233cf874bf922aca1e3c885f9894041a0ad22eb3491bb57ab21b63dac8bc69eed32e2671d4a56952e13ab01e159c0bd834d3a4c747de8dfc
-
C:\Users\Admin\AppData\Local\Temp\aMYY.icoFilesize
4KB
MD5d07076334c046eb9c4fdf5ec067b2f99
SHA15d411403fed6aec47f892c4eaa1bafcde56c4ea9
SHA256a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86
SHA5122315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd
-
C:\Users\Admin\AppData\Local\Temp\acgo.exeFilesize
281KB
MD5867bfa9e2bf82c2340bff4f2ecb6281e
SHA1d67aa4073460594f9aed51301f55c5a11fdef9e9
SHA2564a29ff29438c6255d3b55d3b2fa96f787337ce4e0184c96596a0f0e6d5b50912
SHA512dfdc8bf7b49b821898f2d9c7761fc3d3690ba286a2250b80bcfcfeb38844312e9ebab7340a7d31b99ae51213b999c1c51e9a327998f28a247f64fbbe60e35326
-
C:\Users\Admin\AppData\Local\Temp\cAoo.exeFilesize
555KB
MD5f9c55275cb6077ea59e1e4535ce9cba8
SHA1b091de889a3c1880fe387aac138f3afcbf93b3a3
SHA25611a020feda557c172ac3ea2e698713c57be0e8f6e098d05777fc149c30b00264
SHA51299024897dd9cc5bf39927bf7f283f1e30a333fe0bfac4a1bcb881dc2354f26d5474e2e89295803abe1834fa0ff0514406649e50faeae531e58e9c465ec27f0d6
-
C:\Users\Admin\AppData\Local\Temp\cEkS.exeFilesize
153KB
MD5afbb282409112b22059ccfdca333b8c5
SHA111b4c8252e91b85c28f777b797c7eb969c8aa628
SHA25652bb0eb2a510eef75b0302a3de5bd8b8d3d4c340ebf8d152f9745dc3e10e9e7b
SHA512328abdd955e0eb604d1c33c91ad4af67900cef7330f591bb6341e22d8ce2789d99664f52dfd4084cd911b6fcec923114bb27812dcf35a6fc36ad9f301c74487c
-
C:\Users\Admin\AppData\Local\Temp\cQkY.exeFilesize
115KB
MD5850b29147a90304c719265f9741bed55
SHA1504448664c4620ff29fb4eb1a91952511e5e336c
SHA2565ed54a9f4b71f232314d754f06c8e7c6405f20d465c3a0b93a23b5efe09db3b3
SHA512022cc86ad2459ace3934cb3ed3052020bd6981db547c69c2e8802da40f5a64b9901f6414b0a954b61138459f90cabeae9237fd833c56d57603754c406d9a55cb
-
C:\Users\Admin\AppData\Local\Temp\ccYk.exeFilesize
111KB
MD5362b19d905dbee2cf03ed5c1e34fe12a
SHA1d7444731b25cc96062906a0548a4595ecf722327
SHA25689e43a77f77571ea9c2ef49f59c0db93a52af1dcacb7c559c3e5007779bc47dc
SHA512c365adcacef9d325fa12368bb7c7ccf8749b6cfd0e72891b8af48bb43470f4ec5b84a41d86f1aa1ae6ccbcd79220fca341dfb1a5d5a8573ac029e4601c598950
-
C:\Users\Admin\AppData\Local\Temp\cwko.exeFilesize
955KB
MD5e85c6f1a0f5b3e6d441b3f5e344e98c8
SHA1a74cb4a8d3f15106ca64d7becfd5a46f636f7476
SHA256b8c1a5725e374728d433ec4c19b5abb4a95b9be02093a3422d145de7da34fbaa
SHA512cbcf07b24836a726865d6e8e1aabc3a8f7975acde640895c838b54d3146e5dd358e72668c0722412917fb994764a5baccd9165e1a2135896e78d0caf002f63e6
-
C:\Users\Admin\AppData\Local\Temp\cwsA.exeFilesize
236KB
MD5cafd797e36af39f2b5087649468ab8f2
SHA147b5fb7eda9c3326d6ce7b4963e6741e1e654ec5
SHA25687417f4b317331d38edcb024345265f1d2cc59bcd2981b9df8837ee45453d0d8
SHA512024f3df5cec31d3a7810f60339f7d1c135b185403aaa16715ed0009f2bb29ce475284ffe09e3c01668bf7ce4a1692787bb6f30436345cef4b023fd229ee32e95
-
C:\Users\Admin\AppData\Local\Temp\eAIi.exeFilesize
118KB
MD5e3acac552ff95129fdd741a4c21850ec
SHA1d8c3f2ce7d43b035369a206c10ef900cbb81da64
SHA2563fd0e2c5da92837fb438ec9bf72935060a536aa73ad4edfbd56a560474f8b182
SHA512b71a5a02e68a87e9aac0d5c9a4dc63ee7f5dddf070d739f847a223978ba75f407da5e8f1c7e0fb1aedfb0da6ede47204ebdb5091a9b1f37cc90eb275fa4da574
-
C:\Users\Admin\AppData\Local\Temp\eUEU.exeFilesize
402KB
MD559d6e9dead0ec288b3ef6a0cb9b4f8ee
SHA1df03f2d2e5d4ee224cd1eca99fab3350ec1af46e
SHA2562709c82a991788c87d6c23f5bfdc3c6063bfd9a284beb6baeea0fbfe62647ad7
SHA5127e94d7e4878ae163cbd0b061c70f2e8ad27ddff17cf0218299b540ca34f943e147a40d3e61813807ec91952583ab34a44de006caf283447e92ad77c8d33b0fd3
-
C:\Users\Admin\AppData\Local\Temp\ekgu.exeFilesize
118KB
MD53a3bae81ae4b3b0eece70f0bf6114a18
SHA1c366a63e1f9f1f5afd85ecc92a0d1f8f927d890b
SHA2568769ca5514f32c1bae9fcfc38fcf64146fbeddee3bdd0a22af3c1adcf37bd5a4
SHA5120fb847f7f7ea4e81f1dbc53ff16a6afcde35d50cac25bd6e30c6b11be982e5c62c740731977691ff61663cd2b6aa0160ab6f4ed0083fcca4ac131d3b8dd7201b
-
C:\Users\Admin\AppData\Local\Temp\file.vbsFilesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
C:\Users\Admin\AppData\Local\Temp\gIEC.exeFilesize
148KB
MD5dc3f41da46ce100777ec52b51e4b83a1
SHA155d23d6542fbf8f111de28071290a5e474f5a11d
SHA256e6ecd00de5f65f9da4ddbfb1cb99c5a7a75fde93de46476645bd6250c5d6647f
SHA512e7ebb9f26006740c44cbeabe2bc77668bb4df7dbbe3ac3b008189d5f3838203a1da52984938c751915b96618c4f9c2b3f63590f7f427bad785d22ffd5fae0cf9
-
C:\Users\Admin\AppData\Local\Temp\gIIQ.exeFilesize
111KB
MD5b1f3ae9a38f6ba18cf7d803534eb855c
SHA109958cbbeb122ebceb2ce9cbccf54b97ccaad707
SHA25619c19df6d069b0aae5c59aa69eb43740bde0ca80547772fee810f7ab640a9f6c
SHA5129694f1fdb1fb122802f5a7469872bfc968dee86172f141791ed66d6f073437fb552259acb1489558d890f47dabd32386640919b904ef708423e21624a85b1355
-
C:\Users\Admin\AppData\Local\Temp\ggQO.exeFilesize
565KB
MD5c9c9c0086a73e6d9720cd48034f8b2cd
SHA13041ce6e694d9b429267428fe360d1d310510d2f
SHA256647617b03cc62a737c4e296283e4080219690f2cfda1481f8f7a1566ecbc6d6f
SHA51270847e200b7b2f1dc712a6157593c13bd2c7bbc0ce0db2fd279e4eef24eeafc181e3f695f29ff64ea909f149290945913075f7666fb7e30a772085f63024032a
-
C:\Users\Admin\AppData\Local\Temp\iYgG.exeFilesize
680KB
MD5fbbd18dfaecb3df24a0ea91739c46f12
SHA182d882ac06577a795ce2590583e1e88834b7bcbc
SHA25678aaf2e24459fa2221eb09d108048643cc43d400eaf34d5dc69c7feb659768d1
SHA51248aed2f4b71f8ec11fb1015cf436ace01a1784bd246d872132d0ff684fbd231b5481757d3cae2f2401265bab84f8c29b9ddb1fd2b3ac8412162dca781eda0f7f
-
C:\Users\Admin\AppData\Local\Temp\icgu.exeFilesize
117KB
MD5f3833338ef49736661227efe905b1133
SHA1760d5bbc06d7e05c9f34b0fe40498cc1fcfb611b
SHA256aca2666c2b5ae9dd69b25e61ae74afe3546ca33925dacf327ad816377ef93e0e
SHA5128386f21a66e781095379901bfdc0ca0ae81466c0ec3d1c4b26920637886520ed525d8cbf2d8c7be61ccddf8bef34267cd6172c267b6600a95b2ecb53e5426d7b
-
C:\Users\Admin\AppData\Local\Temp\kMIk.exeFilesize
115KB
MD50da1cd417c6ec2989f4cd1abd95b0407
SHA163c6d0fcbc54750d82c7e9bbdd4fa88ecbea4f93
SHA25609a1f380d03148b81c5e42e31c7cc11d37f5c98684c6bcb40021f7afbcb605cb
SHA512c785d519b5fa9197d6778ef3355e0bc734109972b76fed346ebd6505fd66d91029ffdf9bdfd59ed922437bb655a47cb8c5d59736e6e1100e97016b334eac8b49
-
C:\Users\Admin\AppData\Local\Temp\kYwI.exeFilesize
120KB
MD5a3eda33ca70d54525b2aec61bd680b81
SHA1919e5073255671352fee4de0375b2da618509704
SHA256e14af330cf0c830092454aeebfde422aed6c02980d4d815465a245abc4430b48
SHA512b60f5e8ae83fbd6d5508ec61c5f3daa25282ec12139b9d23f5df3288aa8a0a6de6c025cb52550aa1c3a2a6eba2bdcac9cfd2c864ba738cfb69986231423e27a6
-
C:\Users\Admin\AppData\Local\Temp\kcYY.exeFilesize
365KB
MD50a70df22ee8546e7145c5796f5060ccc
SHA13220ed2fbd08314b769685666d55178477aef0bf
SHA25602d5a1b0787bb89c196a2b4675e3f4de7a4f86a78752e6918f8ce0a6e4894ead
SHA5121e4fd427c0982ebae5dad526c0d64a79360bb3c7014c525c99ce4eb639c00a4a9a1505795435e896b9a6cbf2877d62c0c24f7df5948367dc3a0b0c7f49ebc534
-
C:\Users\Admin\AppData\Local\Temp\kwsu.exeFilesize
111KB
MD5245c543b48203d16e2d0120a3e8279dc
SHA107c4154c6ed9125f5344c544ba1f31e41bc66fbf
SHA256e1950ac797ea8a0d236cb4bc41ab9c0bddafff2ee315b4789dffd72f360e97a6
SHA51266085081cefa94315c4c51746d4f776ee9dc44b6dcf4817d5c6feb046814b05cc978daa714407f71a19acd01bf38f3dcc023a0ce04bb0b3190bc2a07db6aab51
-
C:\Users\Admin\AppData\Local\Temp\mQUa.exeFilesize
116KB
MD5bf0ce2792d20f5a36b23b4477a3f4597
SHA1579a07ee48c8745e7a534c04aa4374278d30645c
SHA2567c1808ec7a097da46518fffdfe6841bfc6aaf8265cf7d4f2f4d8b00bd5f67350
SHA51261ac2cb684ea7a5fce248a2d42e4c36d4fc5bf688a1b77942ee4ceb79872c492e82258f062676abd70365dcdd44b238e7c9744b14b67355a3b5aa6d3e30397cf
-
C:\Users\Admin\AppData\Local\Temp\mcQU.exeFilesize
116KB
MD551e2ca8f3118ae2fa00165da42b7104e
SHA16e3974ab863ff5c70116c5daba68d17d95528484
SHA2561e890c50542db9437ed5fe19395b68e943e01d665aec849f1ac95cef1819db0c
SHA5129c39db7914c2a83c6727fb4e806fe847e67a8d49a269630d39940030a6ec4c2cd5c18c88ff6ed1ffef4e45cd1d028dfe60e52daef0ef156eeafe51e10a51999c
-
C:\Users\Admin\AppData\Local\Temp\oYAg.exeFilesize
301KB
MD5b25332c3051754e1ca55448333d2215a
SHA1380c193057eed3743893d7abb4df64ff56aa995d
SHA256919f6e3a62964b0bd69dc97ec038632f04136d3c9a00c7b86dcbab43d34f5eea
SHA51290a2188001ce669fd18d6a5138f755ca3258e373bbbb01f3bbc0868f3d5b6c645494a00f3a448c734a8ea01b6c8460eaa223cd5a5f5986ef635ff9aa3bf07c66
-
C:\Users\Admin\AppData\Local\Temp\ooga.exeFilesize
356KB
MD5c7e2b1ca640c0a16d6ae5e409827e054
SHA18ad073a0ffcc5927a41ed527017ed91c1dfed66e
SHA2568e294efd6ccb65383d20186f15d56f0df94e81b8681b8f474c6906af02ed078d
SHA51245ba0cc0a4794a3815780969bd646144462eab66cd59c86d9c6275105c99d8db4027f64330376d17e0250c8d3d199c8463f3538d0b52d21117a988e49ba9776c
-
C:\Users\Admin\AppData\Local\Temp\owEW.exeFilesize
115KB
MD597ab22d17d1052cc11504b89d90eacfa
SHA185ea901b857a2e8c6e62d672644a59e599a94424
SHA256d1ddd7421ebb0805d385309253fe1dc9894e5131df7da77eb62a4a4c3ae7f8c0
SHA51284cfd4ec7bb34d652b43694c18919860c6a5acbb76194cd03a8803f7b8e3883f5c08d992e0341a03c5f7a852461aa495386e4d36826cea61f391eb2f1b021362
-
C:\Users\Admin\AppData\Local\Temp\owcw.exeFilesize
112KB
MD5bde46af9acdd1a333f587ce19a2c8153
SHA1e60250766565674e799c4ded71b7860f03648a1c
SHA256e1ec09c571ef4809983ff4064efcb2b233a4becd05fec586fc808967c866102b
SHA51247fac6ded9b8ff0a297e2c6cfbecb6fd44916400bc95838af9278b0b696741fab269fc4f7a62624e3b2dbfc60f1d78785b76d94fb2c0730715482f058d4687b7
-
C:\Users\Admin\AppData\Local\Temp\qAsQ.exeFilesize
113KB
MD5c2b8de597b57e7a28e14a6c6a4ee9ea2
SHA1c5ca7760b7b7d207a66b3df345783393d60b43f4
SHA256f1a9631d0c89d282bc0d7e0c00d7b0f041f5c7c9533058e09a19c28889ade16a
SHA5125fbcb8d43829fc4564350680db62a6412cda549ae6044a900d8bde121eb60e87ff88a18842b17b6725ccc22eafd884a0361654e34c85140afee02917a4540dfb
-
C:\Users\Admin\AppData\Local\Temp\qEcI.exeFilesize
110KB
MD51a3e2652938be274aa5e88eae5a04408
SHA12303159113fc08170e15ff0e0ca7016e3c71ed51
SHA25638dd95147bdf80ec60802319ccb284366ed478885175cdd70bf552d881c60b98
SHA512fda6e0a10ef819c21e9d0afd18fcc029bd7f60615cbb3f77bd1f7f6edf9f9f3ca40172df3b1bd8c1f9d3e5bbec0079a3e5ee66ab333ab25967f14e2f6015a08e
-
C:\Users\Admin\AppData\Local\Temp\qEcW.exeFilesize
119KB
MD5c3d28b9a04b37fbc0c793485a14d077f
SHA1a5d8965ce7576a8d06a58b2c836c07e9fb811b9d
SHA25657906cd5929ca1d6ab750515f964cb727c3ee9fd6ec5bc5e495694ed19e04035
SHA512e1610cf061fdae84608c665a6861bcddf39971e7f77461c1989dc2e10ea5fa51d76bffbbb6cd354a21510025408e4168012c891c8b5c4453111d261bbc4a716a
-
C:\Users\Admin\AppData\Local\Temp\qMom.exeFilesize
111KB
MD53c5b4cde5e49a65e074f53c251c2a1d1
SHA1ada7a339de58b625043410471d12b2d575c4a07f
SHA2566181e791aad18d04a320d7022d14844e1882bdf4cb35081e3bca76dbc4f5a41c
SHA5129536ae2eb92747af3837b2697dbcdd6734f88b08c57b1cc58058514c751ac8ae369640536141eb4df2e592e8f55338c96d30b3782088c57186f7c8bcc3e7cd30
-
C:\Users\Admin\AppData\Local\Temp\qUoW.exeFilesize
115KB
MD59328864c429c4866036d05aab31c3789
SHA17d6a026f03fd4acd8f9727bafafa5064572369b3
SHA256aa41152a6f4c6be290a017cebe72767223cf44c9c2ab75ecc77f27d92d6be354
SHA5122d78bd4aa4a937b436698bfb6801d32ea42c47632bb76a98799384c7284a24f5cfda991d195bee2ab2b724d8e87cc61b38c2853b5bf3f5a1aeee4bc46868e510
-
C:\Users\Admin\AppData\Local\Temp\qkwg.exeFilesize
744KB
MD5820d1f545b9bcd7f8376d53c84f316e4
SHA102681bf78ef41e904f5c9d1fed6e3db967cd0aa7
SHA25690e71bfd9c6be4b3c49d0a1e25b20304598558b281cb46f627ece8abf0697464
SHA5122c863db2f6984083fa682094f0a0211f9841e1dea14e91b3b33027693f5ca27c46616b3a22dcafc98954b65783aebb653f84954989cd99662dbebfd2c927111f
-
C:\Users\Admin\AppData\Local\Temp\qoUM.exeFilesize
137KB
MD514d856bf783bd58264433c4cf8e5920b
SHA1d52916b59d17cede41b67512c482c74b0d7d3a1a
SHA256be64094ec07931c443e337454b131d1974b61c8fac29c632a1f2d218ce61828b
SHA5125dd81f9c9442f7eca540afd460b25868efe0d6ab69f59e8535f8edb6446314dd76a56cc3c65c9a810f13a1cccfd777b6d6b70f8ee24ed4b117d663c40562ec6c
-
C:\Users\Admin\AppData\Local\Temp\sAwW.exeFilesize
347KB
MD514203204d50a8cc5dfde5e47a6a35904
SHA1ba04e251446917bb6b3fde75396d61df7dda2eff
SHA2569bca31206f163b165a2f3ed873c4a471304c85953bc725ae9b5b4947f5409505
SHA512072d95641dc74116da30f85c6e2f7a3964da952d70026a2887e61486adea5388533717a784d6b4a429d9ef83368d1383ed955356b7dea0e28862cab2b0dd2347
-
C:\Users\Admin\AppData\Local\Temp\scUC.exeFilesize
140KB
MD5b2c61ef8f1271e6f9d6d548b7509d7b0
SHA157bf8a7f8ceb62872bf6714e6c62b2b892b662df
SHA256115a388c5601b4400710d6d57a90db0f07c03919c1ef27c36c47faa7b483f7fc
SHA512734c90622165a856a057bbca93d5a8c045d76ed9649e42711e236b24e17f1944115709cf37b9bfdb51de1f766fd9afa90c9c747aca43eeed158931763cb82b9a
-
C:\Users\Admin\AppData\Local\Temp\sgYM.exeFilesize
111KB
MD57be88e4c94652054399a96f4174c30c2
SHA19c22b1bdec05e7dce9a62d96ad511dc7181e39c2
SHA25689e9da0d68442e9e3da59c273450ba4c32fdae2ed9655d73876e76b81d9d2462
SHA512a10abaccd1481313e187c1bb2ab0b0af2cc477c6761ad12c1882049cfe2b47ddfd471dfd98411b7ff95061d11dc36bf1d146758e8e1ce8869fa2bd4b2943c398
-
C:\Users\Admin\AppData\Local\Temp\uEkI.exeFilesize
111KB
MD54858f34f9ff540088c425a35847faefd
SHA145e8e28358306e7eb16b12c8c8e0ad920ec00480
SHA2566ad5f562ff257c85b283eab71c49096ec61f4b4f8fc8e516d993ac16e5b4eb48
SHA512dcb4b972f51b6dd3009c92b5c5c6c34c2d4b6792272a11927a1d5fd7b51777fabd502db3cc8dd3d41e7005f9337aa826a794d68960121dc410ab0e5e7810eab6
-
C:\Users\Admin\AppData\Local\Temp\uEkM.exeFilesize
566KB
MD57a752444e1b7bf2cf8d72d3945ca9edb
SHA1218fca5dc96f0431b1bf9eb42bd57af17464487b
SHA256d855493daf6d8007e08c0f7823e7f60f41b739c897d6967c9c339e0b23b98084
SHA5129e8b2aebfdcfdbd697710f19dc8296f3b8f27013deaffecdb06213f0fa2daa4d68bfb035d1b876b48be1cf34c014655a10bfb63746f1ceb5ac3e8b74c3ad24d5
-
C:\Users\Admin\AppData\Local\Temp\uIYO.exeFilesize
236KB
MD5599c9e161592193065ada11c623ef3cc
SHA10a3c8ec9180a5370f45afaed7b6981ae83717c98
SHA25679b21baa3b44435661aa0378196d90a76773db512bde085e2ff7f7eb46ba7388
SHA51288788de4cc0c520c1fcb2ecb73cf123f5fd2673addd3be9a834a23e137a744f7b33e8d7fb6553365b7462d8582192dce6d9e0354b2ae3920b693280277b3d723
-
C:\Users\Admin\AppData\Local\Temp\uMUK.exeFilesize
110KB
MD5ad36024fcde921628b4a19bc6d1a03f1
SHA1297a29ff6a81b3dbae0a8a2cf0c094863f429866
SHA256c5d8ff7963afa37bdc668e8d51a6ce9f7ddccefc240e23cb1fcd64a3067aed9d
SHA512e4c12ba21736f495a726737be638c9a9c3f40fa3c14bd5709bb200fb6870cd86c200e1eab323e22137d884ecb0a69200acd18dfc4fc41fa7df9849dce51d9d7d
-
C:\Users\Admin\AppData\Local\Temp\ugIg.exeFilesize
110KB
MD5da156a4876472a33c854d6bbc5208d88
SHA1e61e07e527b7399193f2148142d6968d51ff6e30
SHA256e03f8436adbaf490307cedad337f56a983a40adab3c2b010bddd493257464a99
SHA512905b0094cbd4b1e88125b3bedc11b72a9a4ea32331095c36cd0aba4382b269ec6d6d6aecad17049cd2c6fba2a71eb43608f7e7d11ca3a949c2fc78f364587834
-
C:\Users\Admin\AppData\Local\Temp\ukYU.icoFilesize
4KB
MD5ace522945d3d0ff3b6d96abef56e1427
SHA1d71140c9657fd1b0d6e4ab8484b6cfe544616201
SHA256daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd
SHA5128e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e
-
C:\Users\Admin\AppData\Local\Temp\wAEU.exeFilesize
117KB
MD5ac810db7c57233cb947b88b4192838cb
SHA1730a87f0aa1859d40201b8e5b1bbe20aecf4f551
SHA2569da497dabca33373e1a135b43bbe952e57a9c38d601049785cd8385b8245e71a
SHA512361e06741f38e5b88068f486bc418ab6b1751d7837b3da0ab29fb6ef01989f39cbf963ac63273a4b0506c266b8258c54d1ef179b652345b2092d31d8689758ce
-
C:\Users\Admin\AppData\Local\Temp\wUIg.exeFilesize
112KB
MD56d1658a5f7e16ea7e338e5acbafee69a
SHA1ec00893df0cf4702badb446eff9b7bf278d91500
SHA256cd33bc6125ef377bf4207f1b5e502cea672c8edfd07177491aa1a7c41ce32cae
SHA51211def337434374520d97353a0beb37c37b955f7b6fd84c9f59b5af009c8afe69fb09953110c9d8d6cd10ed1e89012d038d567eb66acf7c4d9c5dfe26ea13b7dc
-
C:\Users\Admin\AppData\Local\Temp\wcMO.exeFilesize
697KB
MD5973ad7edbb4611c5202a5c534fe84aa4
SHA13414f402d8228e34aa5e9fbb3ea0c1b81f9482ce
SHA2561de95a614cec6e17873d71c8ab7c09abc7a5b242c698a213c9b76e9410f20570
SHA512ba2cbb953d9154036680fd464f4078947e43b523e89991208bfc097e411ffbe9d845a0fc3c03dd66a3dd51a06e3a516719a5bfb8ae08a6f9f14e9b0c8aed7883
-
C:\Users\Admin\AppData\Local\Temp\wcgU.exeFilesize
537KB
MD5a0589a7b4f6bbff0a59878d25be23bec
SHA1102732dc3b0847c7db9f9411aa5512916b7bc9b1
SHA256504c9d8f92da3f14bc0e120d3135b55fa9eece6e95762948eca8b935b7fd7994
SHA51214237bad086056c2ad826fccd261eaeb3147bf6e7e988024e051cab25cc65086f88c9b54b268b49bdf0edd30edd9ddbe38b4e0e49289e43aca0b1e8055cf4f49
-
C:\Users\Admin\AppData\Local\Temp\wcoE.exeFilesize
486KB
MD5bf6105a171cb1de92f2f7fba435d56ea
SHA17f4e2a6c271ab424f8df99482dea5660c4e55660
SHA256f6f8982c650d9173775459804ed0e978230332bb06b04fe693064072b66ffdfc
SHA512f8e77fc745e8b9e0622cd4322802fc0663982556fd6dd53a92c52a50c27e0468595d15c5dadea9bb31b304b34827b0d92b75e5697310d60c181ada7765501930
-
C:\Users\Admin\AppData\Local\Temp\wgIO.exeFilesize
1.2MB
MD513a5d311b67e881bc88bfdf91b68a6ee
SHA106a6f5d2cf503e8b26ca905a8ab56e5384a5e7dd
SHA2567ca1ea163544582f2996526933bd037961a67df99d4279619e4bc5ca39970a81
SHA51247e2a95ad9b3eff9dd716f714dd28cff0ab25fd1ebd1deda32c84813e3cb7e03aa62adf8ceceb68db7235b206a0fd3fbb97f46a92ca55adbc7cbbb27cbcddac4
-
C:\Users\Admin\AppData\Local\Temp\wgMK.exeFilesize
1.0MB
MD5f623103fe00c20a89c496fc632e31233
SHA1c806861cfa367761c76654940f4a9a6321946c77
SHA2569fc95a488ab22c241d43557e5fdd2b52dbaed2a56e835c8e09a139039112acec
SHA512157cef401ed45c2dd2db96131c055e01d9d5975ceea85d0179cd4d3b5ca373b7510b1170769ea034e582cef980903b85120c9dde19518cc3c0c7ec5f86b45b5a
-
C:\Users\Admin\AppData\Local\Temp\wgcq.exeFilesize
113KB
MD520597c8b5c2a942d426f0cb5f04c533d
SHA1fca8834f6ddf7316bedd41b26acf6049586af719
SHA25620c319e396df51699ec2ffecaeb3d95c4cfccabf54d0a6b8065c0cafa4318d3e
SHA512b4416dd837b7ecd069e333ed6d05e671475ca21e11f484dd182622f062db014ed1e30b320cd5a1de0553666940f1edb2330fdfbc9fce66906820cc96999203bb
-
C:\Users\Admin\AppData\Local\Temp\wsUU.exeFilesize
115KB
MD58456dbee6d4607ad6419bd1b6a17719e
SHA13b306217a1375a4176a2c5e48763aba520e59c6c
SHA2567e1475010b1085e2eea671bda7fad422741e48289a08cb513874ded6a23673ad
SHA51200903fcfcd29419639bd87ee181efecdba284e441ffacec82834991a0b40d641151d200233f38d141c3c17e09c0ce100dfbe490362fff1558625f588ca479fce
-
C:\Users\Admin\AppData\Local\Temp\xUsQIcQc.batFilesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
C:\Users\Admin\AppData\Local\Temp\yAIO.exeFilesize
1.7MB
MD50a62e2f208d7241b949f357f97a921f0
SHA12521195bff9f703bc59860aa33006aabfc60c675
SHA2561788a90c1a419a72ae2f8f83be732d562533eb32da50fe2c6c149c4b0859fb7d
SHA512dc1c6c2c92f2190ef03bf062f175319ea0943d24da8a4260af602aa6a1ed44dab73ae9474ec6f3f1505f237a1e428672f88f1b425ae23a166ec8067703fa3ef2
-
C:\Users\Admin\AppData\Local\Temp\yIwE.exeFilesize
111KB
MD5c5af713ae76bd983aef6d3a19a0972fd
SHA1c9d0fa19c525c6d3773ffc600f8788697c48d273
SHA256148753fc4a7bdf7f02211a8c7a85ff53d63f3f4c70eb849a551eb6022a518f55
SHA5125cead6fc21f6ead088dfc10ee425835dd142b480b57a803266e44462bb86f7a09165725934d8b4174175794ef576bd65465908629b6feecb58ac4479987d08c2
-
C:\Users\Admin\AppData\Local\Temp\yMAc.exeFilesize
113KB
MD52ee1231d19a88bcdc74aa2e3c2073241
SHA13bf6458d8dc3830e1ca9bc1f56d7179149b831bf
SHA256c98405a19833b7ae5293e2988d1ff0febbb2d3f5b20a6a70f51bc0e291a0a14d
SHA512491b3912d91b675f84763b4fc516e93c15a2223c7c00341211ff9a0780f2ec57d7e4f2dee9ceb2497157d9fdca15c7b2d961248b7e9e18b17f5b48c27b6fbec1
-
C:\Users\Admin\AppData\Local\Temp\ysUU.exeFilesize
119KB
MD550b973ece6933113dba7a853b8a63ac4
SHA137f06f26755cced78ff730885716aaf4e79458e8
SHA2561ef7d054b856da233ef739689bc695a16edaf55e26ea5e439345de8da0229b06
SHA51200160e2c799a633abeed9c9a16e5be2ae5409b3a732c50cbdee837fc8b1191fd119aabf47bb3e98d1b09c2f69779e1f071bcc790a84aea69498b98d197988c34
-
C:\Users\Admin\AppData\Local\Temp\ywsk.exeFilesize
116KB
MD56cbab0e3cdf23cf80ee067f26a632830
SHA19a676421617bc12052313c675f241dceda980b90
SHA2561ec270f75af2819b9f94d0ada881fea8c742c74d2f83c1328af9bdfa5ef9e254
SHA512109cf63436298f6b143b7798c89c7e338490344c68004667d9fd3de8cdf0202896b8302333c97283259054bd1ef0d28835ae0fc89bf14f4f57f9510afd9d9696
-
C:\Users\Admin\Pictures\SuspendEnable.gif.exeFilesize
465KB
MD53b205f899e05cebff9c31298c0ca4a05
SHA1f25cc580d951244774066fd3ea9040cba984f052
SHA25678ebcb9748d89123e17ef93826ddee8f5711d4db042df39acfe71f1ec9594258
SHA512891f6397baa8d6dbad5257b3c49ee44f242dd4a5bb56cebbba76a941119bea3b194878e540eb1ef9cf8a3dcc3c4bb88ce8356fb01737ac2cdfbdee1420fc3efb
-
C:\Users\Admin\Pictures\UnblockGrant.jpg.exeFilesize
343KB
MD56f0bd988d620c3f501fe7fcf9a994897
SHA1fb0a3ed05a3de239fb7202e2300543edc3ea7991
SHA2569ef8ad764168f5619e89c17e7fd048fbd2575ca8ac535f50dec1bb815b76e559
SHA5129cd63d3817a58621ba7c0ed07842745b91086119f18eda5d6b3516997c1047497181c487b7069a908d53915be70d9a8f38851b0cc0ee74eef4c68112a274d185
-
C:\Users\Admin\rEEsQIMo\ZsEcAYwk.exeFilesize
109KB
MD5d0978e4f5afdbc04b06ef981b297048f
SHA1663a0a804967bb8fe3c33f5cc4155a01c2de98bd
SHA25677e23103ad5e53aff564cb237e6e8fbf26a6c6d6f077ff500118a89235fec6d1
SHA512ac0345029e7371da870533985252ebd73a1d9f192633fba6d5175b9bebd0c2f4c8c8c368c7e92e98c950a7e1fded85bd676a73dfde1b5d92f7ae3350a2aa144e
-
memory/324-11-0x0000000000400000-0x000000000041D000-memory.dmpFilesize
116KB
-
memory/412-195-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/412-183-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/452-184-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/452-172-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/636-20-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/636-0-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/636-383-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/780-331-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/780-339-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/864-32-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/864-16-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1112-401-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1112-410-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1184-411-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1184-419-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1280-102-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1280-86-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1332-367-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1332-357-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1544-304-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1636-999-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1712-240-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1824-341-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1824-348-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1824-478-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1884-206-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2068-846-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2072-160-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2264-762-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2264-269-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2264-684-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2392-486-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2416-683-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2416-618-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2472-101-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2472-114-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2672-55-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2784-122-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2784-138-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2788-428-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2788-436-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2928-43-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2928-29-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/2968-427-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3056-217-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3108-384-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3108-392-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3220-402-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3220-394-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3252-462-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3252-452-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3296-113-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3296-126-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3360-366-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3360-375-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3368-78-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3368-63-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3468-279-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3468-287-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3612-322-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3612-315-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3748-296-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3748-289-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3760-229-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3760-218-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3936-905-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3936-837-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/3948-495-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4012-305-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4012-313-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4048-270-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4048-278-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4144-453-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4168-503-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4168-491-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4188-983-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4224-171-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4240-470-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4240-330-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4240-461-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4420-15-0x0000000000400000-0x000000000041C000-memory.dmpFilesize
112KB
-
memory/4544-90-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4652-54-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4652-67-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4812-540-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4840-252-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4840-241-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/5040-444-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/5076-261-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/5076-254-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/5088-624-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/5088-350-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/5088-358-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/5108-137-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/5108-149-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
