Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 11:56
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
Resource
win10v2004-20240611-en
General
-
Target
2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe
-
Size
121KB
-
MD5
8558b6061a1e6e2f11cdc94cb4af6284
-
SHA1
e9456a7b0334be88e5654ede4075db8ca56bff6d
-
SHA256
d1cee50f03156dcd11a2c062aa55667e057bca0cee3515d5234cc83225132b60
-
SHA512
6a9bc05f14dc21dc70b18bfda0b6f253d073833a63c2b03fb1ac11bf5785ac3a8773d0aafc8f44e966d2b4d826731aab0bcaf46a4feb3a17372fe3931617af53
-
SSDEEP
3072:8JLSTOUz1OfITGsttfvtypbyxE7SWpjNmD:w11WGsXfV00tWS
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (78) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
hWgkMAsg.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation hWgkMAsg.exe -
Executes dropped EXE 2 IoCs
Processes:
hWgkMAsg.exeJyccYYoQ.exepid process 3524 hWgkMAsg.exe 2604 JyccYYoQ.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeJyccYYoQ.exehWgkMAsg.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hWgkMAsg.exe = "C:\\Users\\Admin\\eSAIEgkk\\hWgkMAsg.exe" 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JyccYYoQ.exe = "C:\\ProgramData\\TIoYcowc\\JyccYYoQ.exe" 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JyccYYoQ.exe = "C:\\ProgramData\\TIoYcowc\\JyccYYoQ.exe" JyccYYoQ.exe Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hWgkMAsg.exe = "C:\\Users\\Admin\\eSAIEgkk\\hWgkMAsg.exe" hWgkMAsg.exe -
Drops file in System32 directory 2 IoCs
Processes:
hWgkMAsg.exedescription ioc process File created C:\Windows\SysWOW64\shell32.dll.exe hWgkMAsg.exe File opened for modification C:\Windows\SysWOW64\shell32.dll.exe hWgkMAsg.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exepid process 4476 reg.exe 2272 reg.exe 3052 reg.exe 2808 reg.exe 2476 reg.exe 5040 reg.exe 4612 reg.exe 2440 reg.exe 3696 reg.exe 4500 reg.exe 1184 reg.exe 2912 reg.exe 4072 reg.exe 3484 reg.exe 3236 reg.exe 3948 reg.exe 4388 reg.exe 2392 reg.exe 4600 reg.exe 4844 reg.exe 3340 reg.exe 1680 reg.exe 224 reg.exe 1316 reg.exe 2392 reg.exe 4732 reg.exe 4500 reg.exe 2680 reg.exe 3856 reg.exe 1592 reg.exe 4136 reg.exe 4504 reg.exe 4272 reg.exe 3976 reg.exe 3280 reg.exe 1192 reg.exe 984 reg.exe 1592 reg.exe 660 reg.exe 1668 reg.exe 3472 reg.exe 4612 reg.exe 408 reg.exe 5036 reg.exe 600 reg.exe 3584 reg.exe 4328 reg.exe 1504 reg.exe 1696 reg.exe 228 reg.exe 2104 reg.exe 3884 reg.exe 3028 reg.exe 1540 reg.exe 2960 reg.exe 3688 reg.exe 2404 reg.exe 1644 reg.exe 1508 reg.exe 2328 reg.exe 2484 reg.exe 2432 reg.exe 1072 reg.exe 3712 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exepid process 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4396 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4396 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4396 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4396 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3884 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3884 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3884 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3884 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 1856 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 1856 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 1856 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 1856 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4704 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4704 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4704 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4704 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 2996 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 2996 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 2996 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 2996 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 1696 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 1696 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 1696 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 1696 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4000 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4000 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4000 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4000 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 232 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 232 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 232 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 232 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3084 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3084 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3084 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3084 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3992 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3992 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3992 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3992 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3028 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3028 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3028 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3028 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3640 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3640 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3640 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 3640 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4744 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4744 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4744 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe 4744 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
hWgkMAsg.exepid process 3524 hWgkMAsg.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
hWgkMAsg.exepid process 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe 3524 hWgkMAsg.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.execmd.execmd.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.execmd.execmd.exe2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.execmd.exedescription pid process target process PID 3472 wrote to memory of 3524 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe hWgkMAsg.exe PID 3472 wrote to memory of 3524 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe hWgkMAsg.exe PID 3472 wrote to memory of 3524 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe hWgkMAsg.exe PID 3472 wrote to memory of 2604 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe JyccYYoQ.exe PID 3472 wrote to memory of 2604 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe JyccYYoQ.exe PID 3472 wrote to memory of 2604 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe JyccYYoQ.exe PID 3472 wrote to memory of 4992 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 3472 wrote to memory of 4992 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 3472 wrote to memory of 4992 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 3472 wrote to memory of 3976 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3472 wrote to memory of 3976 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3472 wrote to memory of 3976 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3472 wrote to memory of 2728 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3472 wrote to memory of 2728 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3472 wrote to memory of 2728 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3472 wrote to memory of 2500 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3472 wrote to memory of 2500 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3472 wrote to memory of 2500 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3472 wrote to memory of 2960 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 3472 wrote to memory of 2960 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 3472 wrote to memory of 2960 3472 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 4992 wrote to memory of 1940 4992 cmd.exe 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe PID 4992 wrote to memory of 1940 4992 cmd.exe 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe PID 4992 wrote to memory of 1940 4992 cmd.exe 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe PID 2960 wrote to memory of 3284 2960 cmd.exe cscript.exe PID 2960 wrote to memory of 3284 2960 cmd.exe cscript.exe PID 2960 wrote to memory of 3284 2960 cmd.exe cscript.exe PID 1940 wrote to memory of 1976 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 1940 wrote to memory of 1976 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 1940 wrote to memory of 1976 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 1976 wrote to memory of 3468 1976 cmd.exe 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe PID 1976 wrote to memory of 3468 1976 cmd.exe 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe PID 1976 wrote to memory of 3468 1976 cmd.exe 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe PID 1940 wrote to memory of 4512 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 1940 wrote to memory of 4512 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 1940 wrote to memory of 4512 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 1940 wrote to memory of 1056 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 1940 wrote to memory of 1056 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 1940 wrote to memory of 1056 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 1940 wrote to memory of 4128 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 1940 wrote to memory of 4128 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 1940 wrote to memory of 4128 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 1940 wrote to memory of 1468 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 1940 wrote to memory of 1468 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 1940 wrote to memory of 1468 1940 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 1468 wrote to memory of 3888 1468 cmd.exe cscript.exe PID 1468 wrote to memory of 3888 1468 cmd.exe cscript.exe PID 1468 wrote to memory of 3888 1468 cmd.exe cscript.exe PID 3468 wrote to memory of 2156 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 3468 wrote to memory of 2156 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 3468 wrote to memory of 2156 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe PID 2156 wrote to memory of 4396 2156 cmd.exe 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe PID 2156 wrote to memory of 4396 2156 cmd.exe 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe PID 2156 wrote to memory of 4396 2156 cmd.exe 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe PID 3468 wrote to memory of 2244 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3468 wrote to memory of 2244 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3468 wrote to memory of 2244 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3468 wrote to memory of 2756 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3468 wrote to memory of 2756 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3468 wrote to memory of 2756 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3468 wrote to memory of 4060 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3468 wrote to memory of 4060 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3468 wrote to memory of 4060 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe reg.exe PID 3468 wrote to memory of 3212 3468 2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3472 -
C:\Users\Admin\eSAIEgkk\hWgkMAsg.exe"C:\Users\Admin\eSAIEgkk\hWgkMAsg.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:3524 -
C:\ProgramData\TIoYcowc\JyccYYoQ.exe"C:\ProgramData\TIoYcowc\JyccYYoQ.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2604 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:4992 -
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1940 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3468 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"6⤵
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:4396 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"8⤵PID:3696
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:3884 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"10⤵PID:2548
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:1856 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"12⤵PID:2404
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:4704 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"14⤵PID:1192
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2996 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"16⤵PID:4316
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:1696 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"18⤵PID:4112
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:4000 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"20⤵PID:4504
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:232 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"22⤵PID:3020
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3084 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"24⤵PID:4768
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:3992 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"26⤵PID:3468
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:3028 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"28⤵PID:2408
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:3640 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"30⤵PID:3408
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:4744 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"32⤵PID:4508
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock33⤵PID:4180
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"34⤵PID:1348
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock35⤵PID:4476
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"36⤵PID:2652
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock37⤵PID:1712
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"38⤵PID:2256
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock39⤵PID:2344
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"40⤵PID:1912
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock41⤵PID:2912
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"42⤵PID:1540
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV143⤵PID:3044
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock43⤵PID:2728
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"44⤵PID:3340
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV145⤵PID:1368
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock45⤵PID:1584
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"46⤵PID:2856
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV147⤵PID:60
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock47⤵PID:4344
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"48⤵PID:4484
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock49⤵PID:1844
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"50⤵PID:3416
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock51⤵PID:4716
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"52⤵PID:1800
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock53⤵PID:492
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"54⤵PID:660
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock55⤵PID:1856
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"56⤵PID:4772
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock57⤵PID:2700
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"58⤵PID:5040
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock59⤵PID:3024
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"60⤵PID:5048
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock61⤵PID:2320
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"62⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock63⤵PID:4384
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"64⤵PID:1412
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock65⤵PID:2220
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"66⤵PID:2760
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock67⤵PID:1860
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"68⤵PID:4876
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock69⤵PID:1936
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"70⤵PID:4980
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV171⤵PID:2936
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock71⤵PID:1212
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"72⤵PID:4316
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock73⤵PID:3028
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"74⤵PID:2392
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock75⤵PID:2408
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"76⤵PID:2004
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock77⤵PID:2128
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"78⤵PID:4368
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock79⤵PID:4584
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"80⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock81⤵PID:716
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"82⤵PID:1192
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV183⤵PID:3024
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock83⤵PID:2756
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"84⤵PID:2256
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock85⤵PID:5016
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"86⤵PID:1108
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock87⤵PID:4968
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"88⤵PID:4856
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV189⤵PID:3472
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock89⤵PID:4408
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"90⤵PID:3308
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock91⤵PID:3348
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"92⤵PID:4680
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV193⤵PID:3296
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock93⤵PID:4976
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"94⤵PID:2328
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock95⤵PID:4124
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"96⤵PID:3052
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock97⤵PID:4072
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"98⤵PID:2760
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock99⤵PID:2000
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"100⤵PID:3348
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock101⤵PID:4400
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"102⤵PID:5028
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock103⤵PID:1752
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"104⤵PID:532
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock105⤵PID:1680
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"106⤵PID:1860
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock107⤵PID:1812
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"108⤵PID:384
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock109⤵PID:2148
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"110⤵PID:4308
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock111⤵PID:2408
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"112⤵PID:2552
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1113⤵PID:2224
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock113⤵PID:1932
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"114⤵PID:1556
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock115⤵PID:664
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"116⤵PID:1756
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock117⤵PID:956
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"118⤵PID:5016
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock119⤵PID:1752
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"120⤵PID:716
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock121⤵PID:4076
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"122⤵PID:2912
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock123⤵PID:3412
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"124⤵PID:2292
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock125⤵PID:4620
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"126⤵PID:984
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1127⤵PID:1720
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock127⤵PID:776
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"128⤵PID:3128
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock129⤵PID:3096
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"130⤵PID:1188
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock131⤵PID:3312
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"132⤵PID:4512
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock133⤵PID:4796
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"134⤵PID:5048
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock135⤵PID:2272
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"136⤵PID:3444
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock137⤵PID:3664
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"138⤵PID:1156
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock139⤵PID:4384
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"140⤵PID:4792
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock141⤵PID:2220
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"142⤵PID:1412
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1143⤵PID:4884
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock143⤵PID:4968
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"144⤵PID:1020
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock145⤵PID:1884
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"146⤵PID:1844
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock147⤵PID:3696
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"148⤵PID:1972
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock149⤵PID:3192
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"150⤵PID:2452
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1151⤵PID:4792
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock151⤵PID:2112
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"152⤵PID:2824
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock153⤵PID:780
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"154⤵PID:3640
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock155⤵PID:3120
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"156⤵PID:1928
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵PID:4452
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock157⤵PID:3152
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"158⤵PID:832
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock159⤵PID:4928
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"160⤵PID:3856
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵PID:3648
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock161⤵PID:1060
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"162⤵PID:1812
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1163⤵PID:2756
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock163⤵PID:2868
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"164⤵PID:2488
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1165⤵PID:4000
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock165⤵PID:4472
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"166⤵PID:2272
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1167⤵PID:4116
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock167⤵PID:3192
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"168⤵PID:3696
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock169⤵PID:984
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"170⤵PID:4060
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock171⤵PID:532
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"172⤵PID:3012
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock173⤵PID:2156
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"174⤵PID:1828
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock175⤵PID:2756
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"176⤵PID:2556
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1177⤵PID:4388
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock177⤵PID:1860
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"178⤵PID:1148
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1179⤵PID:940
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock179⤵PID:892
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"180⤵PID:3296
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1181⤵PID:1796
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock181⤵PID:1972
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"182⤵PID:4500
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:2244
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock183⤵PID:4512
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"184⤵PID:3412
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1185⤵PID:1752
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock185⤵PID:2156
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock"186⤵PID:1192
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1187⤵PID:4048
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock187⤵PID:4532
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1188⤵PID:208
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1189⤵PID:1072
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2188⤵
- Modifies registry key
PID:2392 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f188⤵
- Modifies registry key
PID:1668 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1189⤵PID:2564
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1186⤵PID:2060
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2186⤵PID:4360
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1187⤵PID:1156
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f186⤵
- UAC bypass
- Modifies registry key
PID:4476 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XiYUIIcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""186⤵PID:1532
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1187⤵PID:2960
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs187⤵PID:3924
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1184⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:600 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1185⤵PID:4400
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2184⤵PID:4608
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1185⤵PID:1932
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f184⤵
- UAC bypass
PID:2032 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PeoUMAws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""184⤵PID:4716
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs185⤵PID:716
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1182⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:5036 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:2004
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2182⤵PID:1712
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:440
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f182⤵
- UAC bypass
PID:1108 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:4080
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AQcAEwQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""182⤵PID:4020
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:660
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs183⤵PID:1012
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1180⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2476 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2180⤵PID:3940
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1181⤵PID:4368
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f180⤵PID:3136
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1181⤵PID:2900
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OEAUogMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""180⤵PID:4812
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1181⤵PID:984
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs181⤵PID:4344
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1178⤵PID:1900
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2178⤵PID:1928
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1179⤵PID:3408
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f178⤵
- UAC bypass
PID:5000 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mSYMMwMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""178⤵PID:4300
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs179⤵PID:4884
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1176⤵PID:3836
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2176⤵PID:2336
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f176⤵
- UAC bypass
PID:4128 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mcIkMocA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""176⤵PID:5048
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1177⤵PID:4472
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs177⤵PID:704
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1174⤵PID:3216
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1175⤵PID:3688
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2174⤵PID:1324
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f174⤵
- UAC bypass
PID:1612 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IoAcYMMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""174⤵PID:5024
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1175⤵PID:1156
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs175⤵PID:2836
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1172⤵
- Modifies visibility of file extensions in Explorer
PID:4320 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2172⤵PID:4108
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f172⤵
- UAC bypass
PID:3412 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1173⤵PID:4952
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UIskQcck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""172⤵PID:3124
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs173⤵PID:2032
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1170⤵
- Modifies visibility of file extensions in Explorer
PID:4928 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2170⤵
- Modifies registry key
PID:2440 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f170⤵PID:2708
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vOcwQEUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""170⤵PID:440
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1171⤵PID:1884
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs171⤵PID:4020
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1168⤵
- Modifies visibility of file extensions in Explorer
PID:224 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1169⤵PID:1316
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2168⤵PID:1888
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1169⤵PID:3600
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f168⤵
- UAC bypass
PID:4112 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gGgUsoQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""168⤵PID:4448
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1169⤵PID:3976
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs169⤵PID:2476
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1166⤵PID:704
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1167⤵PID:4124
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2166⤵
- Modifies registry key
PID:1072 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1167⤵PID:4844
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f166⤵
- UAC bypass
- Modifies registry key
PID:2404 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fMUQIYsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""166⤵PID:4676
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1167⤵PID:2680
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs167⤵PID:4120
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1164⤵
- Modifies visibility of file extensions in Explorer
PID:1028 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1165⤵PID:3964
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2164⤵PID:2256
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1165⤵PID:5028
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f164⤵
- UAC bypass
PID:1556 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vAEoYgwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""164⤵PID:2564
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1165⤵PID:2408
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs165⤵PID:5048
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1162⤵
- Modifies registry key
PID:4612 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2162⤵PID:3292
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f162⤵
- Modifies registry key
PID:3340 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1163⤵PID:4336
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UckEQkQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""162⤵PID:3348
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1163⤵PID:2292
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs163⤵PID:4400
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1160⤵
- Modifies visibility of file extensions in Explorer
PID:2912 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2160⤵PID:4080
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵PID:1540
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f160⤵
- Modifies registry key
PID:660 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qCwMksMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""160⤵PID:4108
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵PID:2128
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs161⤵PID:4796
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1158⤵
- Modifies visibility of file extensions in Explorer
PID:3976 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2158⤵PID:1316
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f158⤵
- UAC bypass
PID:4980 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1159⤵PID:3940
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gyckIUcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""158⤵PID:1972
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs159⤵PID:3792
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1156⤵
- Modifies visibility of file extensions in Explorer
PID:4388 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵PID:3436
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2156⤵PID:4116
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f156⤵PID:2852
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\macAsYgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""156⤵PID:3164
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs157⤵PID:3308
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1154⤵
- Modifies visibility of file extensions in Explorer
PID:4400 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵PID:2500
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2154⤵PID:2548
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f154⤵
- UAC bypass
PID:4532 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gkIoYckc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""154⤵PID:4124
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs155⤵PID:5028
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1152⤵PID:544
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2152⤵PID:1504
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f152⤵
- UAC bypass
PID:440 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1153⤵PID:4836
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QgwwYgEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""152⤵PID:5016
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1153⤵PID:2484
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs153⤵PID:1812
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1150⤵
- Modifies visibility of file extensions in Explorer
PID:2432 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2150⤵
- Modifies registry key
PID:4272 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f150⤵
- UAC bypass
PID:1796 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1151⤵PID:1412
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FAYIwQcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""150⤵PID:960
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs151⤵PID:3648
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1148⤵
- Modifies visibility of file extensions in Explorer
PID:1296 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2148⤵PID:1668
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f148⤵
- UAC bypass
PID:5040 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pkwEYEgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""148⤵PID:1696
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs149⤵PID:1604
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1146⤵
- Modifies registry key
PID:4612 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2146⤵PID:3012
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f146⤵
- UAC bypass
PID:2500 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IeQsAMQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""146⤵PID:3584
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs147⤵PID:612
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1144⤵
- Modifies visibility of file extensions in Explorer
PID:2244 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2144⤵
- Modifies registry key
PID:2808 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f144⤵
- UAC bypass
PID:3600 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nUoUIUgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""144⤵PID:956
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs145⤵PID:4020
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1142⤵PID:2300
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2142⤵PID:4060
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f142⤵
- UAC bypass
PID:1808 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1143⤵PID:1192
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZKgYMgQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""142⤵PID:4952
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs143⤵PID:964
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1140⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3688 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2140⤵PID:3952
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f140⤵
- UAC bypass
PID:4600 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TSEkckQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""140⤵PID:3408
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs141⤵PID:4300
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1138⤵
- Modifies visibility of file extensions in Explorer
PID:4416 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2138⤵PID:440
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f138⤵
- UAC bypass
PID:4308 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1139⤵PID:2552
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uUwwQcsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""138⤵PID:2404
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs139⤵PID:2004
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1136⤵
- Modifies visibility of file extensions in Explorer
PID:3284 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1137⤵PID:1184
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2136⤵PID:2900
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f136⤵
- UAC bypass
- Modifies registry key
PID:3948 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IooAcAsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""136⤵PID:4976
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs137⤵PID:4112
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1134⤵
- Modifies visibility of file extensions in Explorer
PID:600 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2134⤵
- Modifies registry key
PID:5040 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1135⤵PID:4432
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f134⤵PID:740
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1135⤵PID:984
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xukcYMwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""134⤵PID:4292
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs135⤵PID:4120
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1132⤵
- Modifies visibility of file extensions in Explorer
PID:1988 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2132⤵PID:348
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1133⤵PID:316
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f132⤵
- Modifies registry key
PID:3856 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tqgwcoQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""132⤵PID:5004
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs133⤵PID:3888
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1130⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4504 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2130⤵PID:500
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f130⤵PID:708
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1131⤵PID:4676
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MoQAIAsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""130⤵PID:2488
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs131⤵PID:4844
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1128⤵
- Modifies visibility of file extensions in Explorer
PID:1976 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2128⤵PID:4180
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f128⤵PID:2760
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uYgsEwgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""128⤵PID:3664
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs129⤵PID:2836
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1126⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2484 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2126⤵PID:3012
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1127⤵PID:4680
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f126⤵
- UAC bypass
PID:1340 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gsEgcMMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""126⤵PID:4000
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs127⤵PID:612
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1124⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4136 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1125⤵PID:4596
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2124⤵
- Modifies registry key
PID:2392 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f124⤵
- Modifies registry key
PID:4844 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AygQoogk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""124⤵PID:3340
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs125⤵PID:4368
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1122⤵
- Modifies visibility of file extensions in Explorer
PID:960 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2122⤵PID:1576
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1123⤵PID:2008
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f122⤵
- UAC bypass
PID:940 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jIEUMsIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""122⤵PID:3324
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1123⤵PID:2000
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs123⤵PID:1556
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1120⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2960 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1121⤵PID:1516
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2120⤵PID:4980
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f120⤵PID:2128
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bcUQkgIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""120⤵PID:3308
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs121⤵PID:4744
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1118⤵PID:1316
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1119⤵PID:4364
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2118⤵PID:3052
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f118⤵
- UAC bypass
- Modifies registry key
PID:3236 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DAggQkwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""118⤵PID:4204
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs119⤵PID:2936
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1116⤵
- Modifies visibility of file extensions in Explorer
PID:1124 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2116⤵PID:4452
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f116⤵
- UAC bypass
- Modifies registry key
PID:1540 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1117⤵PID:4060
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gAogsoUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""116⤵PID:4672
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs117⤵PID:4388
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1114⤵
- Modifies visibility of file extensions in Explorer
PID:3124 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2114⤵PID:4336
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f114⤵PID:1072
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uqkcIoUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""114⤵PID:1668
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs115⤵PID:2320
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1112⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2432 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2112⤵PID:1720
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f112⤵PID:2404
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XaEkYQwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""112⤵PID:1504
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs113⤵PID:612
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1110⤵
- Modifies visibility of file extensions in Explorer
PID:3312 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2110⤵PID:2060
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f110⤵PID:4964
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aaoYogoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""110⤵PID:2220
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs111⤵PID:3236
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1108⤵PID:408
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2108⤵PID:5048
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f108⤵
- UAC bypass
PID:2320 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HgocsQkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""108⤵PID:2900
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1109⤵PID:4400
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs109⤵PID:708
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1106⤵
- Modifies visibility of file extensions in Explorer
PID:4980 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2106⤵PID:2856
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f106⤵
- UAC bypass
PID:4780 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TWcUQkoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""106⤵PID:4836
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1107⤵PID:2760
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs107⤵PID:1072
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1104⤵
- Modifies visibility of file extensions in Explorer
PID:4540 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1105⤵PID:4072
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2104⤵PID:3648
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f104⤵
- UAC bypass
PID:2548 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eIAUsQQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""104⤵PID:1988
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs105⤵PID:2484
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1102⤵
- Modifies visibility of file extensions in Explorer
PID:1576 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2102⤵
- Modifies registry key
PID:1592 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f102⤵
- UAC bypass
PID:4812 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\laEocUUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""102⤵PID:4448
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs103⤵PID:3668
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1100⤵
- Modifies visibility of file extensions in Explorer
PID:1884 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2100⤵PID:4500
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f100⤵
- UAC bypass
PID:4048 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nKEwsksg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""100⤵PID:4488
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs101⤵PID:3120
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 198⤵
- Modifies visibility of file extensions in Explorer
PID:4408 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 298⤵
- Modifies registry key
PID:1316 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f98⤵
- UAC bypass
PID:232 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cUoUEwQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""98⤵PID:4704
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs99⤵PID:1156
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 196⤵
- Modifies visibility of file extensions in Explorer
PID:5080 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 296⤵
- Modifies registry key
PID:2912 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f96⤵PID:3096
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dmQEswsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""96⤵PID:8
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs97⤵PID:3312
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 194⤵PID:5000
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 294⤵PID:316
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV195⤵PID:4444
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f94⤵PID:828
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TMIEwMYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""94⤵PID:1012
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs95⤵PID:1192
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 192⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2680 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 292⤵PID:3124
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV193⤵PID:1964
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f92⤵PID:2156
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vMoUogYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""92⤵PID:2452
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs93⤵PID:5048
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 190⤵PID:4596
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 290⤵PID:3020
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f90⤵PID:2144
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bIgokskg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""90⤵PID:3488
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs91⤵PID:4368
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 188⤵
- Modifies visibility of file extensions in Explorer
PID:3144 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 288⤵PID:3964
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f88⤵
- UAC bypass
PID:2960 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RAAEEcws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""88⤵PID:2224
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs89⤵PID:1680
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 186⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1696 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 286⤵PID:3436
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f86⤵
- UAC bypass
PID:5024 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vwQsskUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""86⤵PID:2728
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs87⤵PID:2392
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 184⤵
- Modifies visibility of file extensions in Explorer
PID:4432 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 284⤵
- Modifies registry key
PID:1184 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f84⤵
- UAC bypass
PID:3444 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV185⤵PID:2320
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PywEsogA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""84⤵PID:4944
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs85⤵PID:3792
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 182⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2328 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 282⤵PID:3940
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f82⤵PID:1336
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bawAsMIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""82⤵PID:4884
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs83⤵PID:2936
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 180⤵
- Modifies visibility of file extensions in Explorer
PID:1900 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 280⤵PID:1516
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f80⤵
- UAC bypass
PID:3296 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iQkogock.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""80⤵PID:3816
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs81⤵PID:664
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 178⤵
- Modifies visibility of file extensions in Explorer
PID:964 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 278⤵PID:3220
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f78⤵
- UAC bypass
PID:3648 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XaIYcQMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""78⤵PID:3216
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs79⤵PID:4364
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 176⤵PID:4676
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 276⤵
- Modifies registry key
PID:3472 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f76⤵
- UAC bypass
- Modifies registry key
PID:984 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jSIckYYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""76⤵PID:4408
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs77⤵PID:4952
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 174⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3052 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 274⤵PID:2008
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f74⤵
- UAC bypass
PID:3436 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pSIkoUck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""74⤵PID:3096
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs75⤵PID:1756
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 172⤵PID:5016
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 272⤵PID:2032
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f72⤵
- UAC bypass
PID:432 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DUEwMkQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""72⤵PID:2900
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs73⤵PID:3140
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 170⤵PID:1964
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 270⤵
- Modifies registry key
PID:4500 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f70⤵
- UAC bypass
PID:3844 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wogYMwMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""70⤵PID:2856
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs71⤵PID:4060
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 168⤵PID:1156
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 268⤵PID:2336
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f68⤵
- UAC bypass
PID:4988 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VaoogIMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""68⤵PID:4400
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs69⤵PID:4428
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 166⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3484 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 266⤵
- Modifies registry key
PID:3696 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f66⤵
- UAC bypass
PID:2556 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vSkUYQkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""66⤵PID:1448
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs67⤵PID:2472
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 164⤵PID:3236
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 264⤵PID:4492
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f64⤵PID:2912
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV165⤵PID:1680
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iiIQYcQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""64⤵PID:3964
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs65⤵PID:3836
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 162⤵
- Modifies visibility of file extensions in Explorer
PID:4360 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 262⤵PID:2272
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f62⤵
- UAC bypass
PID:488 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nIgsYkkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""62⤵PID:2488
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs63⤵PID:1696
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 160⤵PID:1072
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 260⤵PID:4444
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f60⤵
- Modifies registry key
PID:3712 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PSIkMgMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""60⤵PID:4928
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs61⤵PID:3600
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 158⤵PID:2936
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 258⤵PID:4396
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f58⤵
- UAC bypass
- Modifies registry key
PID:4500 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV159⤵PID:3124
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OGIkoUsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""58⤵PID:1192
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV159⤵PID:4792
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs59⤵PID:2868
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 156⤵PID:2156
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 256⤵PID:3380
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f56⤵
- UAC bypass
PID:5012 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV157⤵PID:4584
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YmcMUIIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""56⤵PID:2808
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs57⤵PID:2664
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 154⤵
- Modifies visibility of file extensions in Explorer
PID:3484 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 254⤵PID:2060
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f54⤵
- UAC bypass
PID:4540 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmAAwgAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""54⤵PID:768
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs55⤵PID:4180
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 152⤵
- Modifies visibility of file extensions in Explorer
PID:4472 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 252⤵PID:4420
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f52⤵PID:4176
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zQQAAgQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""52⤵PID:3800
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs53⤵PID:4744
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 150⤵
- Modifies visibility of file extensions in Explorer
PID:3668 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 250⤵
- Modifies registry key
PID:4600 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f50⤵
- UAC bypass
PID:4360 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vQwcUUoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""50⤵PID:4968
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs51⤵PID:3444
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 148⤵
- Modifies visibility of file extensions in Explorer
PID:832 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 248⤵PID:2452
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f48⤵PID:4444
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EYksgwco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""48⤵PID:432
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs49⤵PID:3664
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 146⤵PID:1432
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 246⤵
- Modifies registry key
PID:1504 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f46⤵
- UAC bypass
PID:2936 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYccMkkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""46⤵PID:4032
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs47⤵PID:4792
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 144⤵
- Modifies visibility of file extensions in Explorer
PID:4180 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 244⤵PID:2352
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f44⤵
- UAC bypass
PID:2404 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xisoEsYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""44⤵PID:3960
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs45⤵PID:4584
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 142⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4328 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV143⤵PID:3408
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 242⤵
- Modifies registry key
PID:1680 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f42⤵
- UAC bypass
PID:4340 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hYwokwUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""42⤵PID:2156
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs43⤵PID:4872
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 140⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3584 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 240⤵PID:4408
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f40⤵PID:4176
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rGoAEsQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""40⤵PID:2224
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs41⤵PID:4300
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 138⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3028 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 238⤵PID:1696
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f38⤵
- UAC bypass
PID:860 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mEkQcMkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""38⤵PID:4672
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs39⤵PID:4716
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 136⤵
- Modifies visibility of file extensions in Explorer
PID:3124 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 236⤵
- Modifies registry key
PID:1192 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f36⤵PID:2708
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eGswsUQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""36⤵PID:700
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs37⤵PID:432
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 134⤵PID:2480
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 234⤵PID:2500
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f34⤵PID:2472
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zCUMgIgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""34⤵PID:60
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs35⤵PID:208
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 132⤵PID:3484
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 232⤵PID:1892
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f32⤵
- UAC bypass
PID:4104 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qaIQwUUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""32⤵PID:2664
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV133⤵PID:3292
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs33⤵PID:1368
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 130⤵
- Modifies registry key
PID:3884 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 230⤵
- Modifies registry key
PID:1508 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f30⤵
- Modifies registry key
PID:1592 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nssgwMEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""30⤵PID:3044
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV131⤵PID:4112
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs31⤵PID:1800
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 128⤵
- Modifies visibility of file extensions in Explorer
PID:3052 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 228⤵
- Modifies registry key
PID:2272 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f28⤵
- Modifies registry key
PID:408 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dAwskkUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""28⤵PID:2004
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs29⤵PID:1324
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 126⤵
- Modifies visibility of file extensions in Explorer
PID:4488 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 226⤵PID:1664
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f26⤵
- UAC bypass
PID:2244 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NcEIEAoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""26⤵PID:1964
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs27⤵PID:828
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 124⤵
- Modifies visibility of file extensions in Explorer
PID:2564 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 224⤵PID:1672
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV125⤵PID:2856
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f24⤵
- UAC bypass
PID:600 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eQwoAwIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""24⤵PID:4996
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs25⤵PID:2904
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
- Modifies visibility of file extensions in Explorer
PID:3292 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵PID:3928
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵
- UAC bypass
- Modifies registry key
PID:224 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zAwgMoYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""22⤵PID:4872
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵PID:2276
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵
- Modifies registry key
PID:4072 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵PID:4812
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
- UAC bypass
PID:3696 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eSAYgMEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""20⤵PID:3748
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵PID:4272
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
- Modifies registry key
PID:3280 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵
- Modifies registry key
PID:1644 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
- UAC bypass
- Modifies registry key
PID:2104 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WAEowogc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""18⤵PID:4964
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV119⤵PID:228
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵PID:1212
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 116⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4732 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 216⤵PID:4672
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f16⤵
- UAC bypass
PID:3600 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nOIQcskI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""16⤵PID:2408
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵PID:4452
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 114⤵PID:2856
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 214⤵PID:440
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f14⤵
- UAC bypass
- Modifies registry key
PID:4388 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BcAooMEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""14⤵PID:4480
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs15⤵PID:1468
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 112⤵PID:2712
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 212⤵PID:660
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f12⤵
- UAC bypass
PID:1680 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cYcYoccI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""12⤵PID:1840
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵PID:3128
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 110⤵
- Modifies visibility of file extensions in Explorer
PID:4508 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 210⤵PID:3148
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f10⤵
- UAC bypass
PID:1596 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jCokEYEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""10⤵PID:4384
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵PID:708
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 18⤵
- Modifies visibility of file extensions in Explorer
PID:3968 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 28⤵PID:2336
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f8⤵
- UAC bypass
- Modifies registry key
PID:228 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fgYssoEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""8⤵PID:316
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵PID:2560
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
PID:2244 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵PID:2756
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
- UAC bypass
PID:4060 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oyksYkcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""6⤵PID:3212
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵PID:3152
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
PID:4512 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵PID:1056
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
PID:4128 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JmcQUAYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""4⤵
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵PID:3888
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3976 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵PID:2728
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵PID:2500
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKUYIgsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_8558b6061a1e6e2f11cdc94cb4af6284_virlock.exe""2⤵
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵PID:3284
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
Filesize147KB
MD5796361392eb02c107d03514514d97194
SHA1f345cb50877186f65192ab76a50f41ebe692b3f9
SHA256fca73909bb81c5a27c52ff82426b2fd18b29f092c47f724323f1d3979979d592
SHA512c0acdb7a00c37b6b9dbf4b21d7fb53494fda18e96f3edf16fab3f038c9d62452365358988297dee79d1e1ab1335d8d2fe2e0b66cf87440d5e40cc27bc47e5b04
-
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
Filesize148KB
MD5f13b91b5899573e0b34886559aebc9e8
SHA1dc24cbf41073368fe0299baa39f795d258514e95
SHA25657e2017ada12c9ef8122b093ff2984fdf2d6e6a16db5fb0da670a0d95e4672fe
SHA512f10cc572a7498e2e5ad747af61a77e6834f9e585c68944b5e078f81a7f4ee2f1a3a9a4ff7809e9c6c1552b934b0034c708f280c9243fcdfa98e5dcc454e1f541
-
Filesize
110KB
MD5dbe76787204f908e093acadd5f150ce7
SHA1bfd17f6a22a1610fb786aa46436d4380937a261f
SHA2565b93f4fc33c9039fa4a40fe00842e9952337b5a580605e3c1e90a3e6096995d9
SHA512987fd012ff385f7decfa1197a2f4311c056160d966499eb4103f30098b9453f7f463292134bec114b7212b8501dcf5a87bf14e68e378e408ecf2e15352fcfab8
-
Filesize
110KB
MD5f6f88163b088ffabd38519bd44eb9ceb
SHA1c2eab09077dfb52ab56d67f2218fcf2abb9e50e0
SHA25670d6771d1c7ff14c9767457970314f70f5b15724234217ea90cb5948f956ee2e
SHA512194d7839249cb7dddd041124f4958bba03be3a49c30de7441fe34571ae9153e0e69876901413696f2391ff088c0d6664692cae75513e3734dbcc445a43687314
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png.exe
Filesize113KB
MD51a61135acee38c13f38a9fe9f0ad7b3a
SHA1cd7b5b80fbaf982edc2a4d63360d9afb414c751f
SHA256e6d0ef39d1112bc72449d0424948e2df2736d91c97c3d2e363506aab5de80d04
SHA512484a68d9ee197a324e66fceed5c9d0a5fb4e8a5bc0bb1252eda333050a845ef3a96ab6418403d86656fc5a85862ac3a7dda4904e0d5aa432e863564028ae9d3e
-
Filesize
111KB
MD520005c955d55fd14eb0416be1eebfcaa
SHA18e27cbb8f2360d4ea4aa21103eb9255ba8968d10
SHA256794d04befcd381f1676a46e3bfd162e8b09dbd68fcb3733d4303139aade0ea8a
SHA51276c7d67d518840cf816f4916361eb4943c409d60a5a2ced869484e1d0d78d90e71a66dc04d17f17f26c7d4b36e935861aca91b97e052c12be433355e22b3d707
-
Filesize
6KB
MD5eaceccfe7af04f19a216c26f2791a458
SHA17b9087b51c7dab7be798a4e6b1c128d204f1de84
SHA2560d792889bd18fbfd06914b1314fc632108f4d284a6147a25b146fae82ffb9171
SHA51289579be17b6ec7a69b5d8dfbae36cc09b90711429a4362ab8b6a0281d88fcb0dad2cc6e9c3f3a88bb5be91310a9b67cad482558db0bd356ea025c07561a768a5
-
Filesize
114KB
MD52274f8ae8ba50245daa084bd3256f64e
SHA1c8865d509d44fc0e7a9e373da774f6e52d5c15ea
SHA256be9bf0bd2fb50c8a7b846c1a5edd652d00ee713b77fbf32a2d5453c8b1d659eb
SHA51253ae8be4be0e1791b22c683df95fa5165ed76ead0ddf7890440f23780ecd2dd83334c99f161a5bb1912f3f674a319182dee48b5184ef06c048d924f731f8f689
-
Filesize
115KB
MD51dbfde04de92ae054e0e9045d7701b5f
SHA1a613c166696b7babbafc34684cbf59127aa08880
SHA256cc5cad3faecf8e5042115b890ac19b6c92fe47ccfadd23b2005279b9ab876bf6
SHA5120130ae04e4ef9d5cc3089d7fc484500457c93a689bd054ca1f543c5c3843068bb9dc83720bd6e8f13deca3987a4159bafe1bc4c8a4991cd1dd760c88143c8ba4
-
Filesize
110KB
MD57b0d0e67b1609e9df72396eb9abe0a14
SHA1f17a960655a70313989a24cc00768c934f4418fa
SHA256b3476dceace8a1a4c2a0df636d8349a6b26553b2be7e1f472f0a225725464574
SHA512a4b5d17a04fa2eff60e9ab468fddb0f34b71c1fdcb73dcfb8638e1a53ce6e8ec92deb4b515f6453c8efae059859f678f1dd4b6e58c16e20ade02481ff00a6053
-
Filesize
112KB
MD5bf0033e09b365b8a84da79ccd4510e91
SHA18f0dc1d83e62c734bb1e0f3f72804537cc579401
SHA2562e422ce67640fbd5e6ab69513766c23b66f5a55ee6dd37af5663bc1f3c4d3505
SHA512c3dfa1d21f8e604d06480bb6e58b6e15a7f984d503fe18f7500ed3daa743091c67c15428bd4bb60bb78a8db3885ebddddd0c1f73fbec98c633812ffc62ee37de
-
Filesize
120KB
MD57c0384ab6259b5cf49d2dc5c991cd128
SHA1f746e60cb100c04da1db6a5dad9807decb2c6438
SHA256535e66a8e130a40790105582047db97aec02d0771c73e2f56d5cf70d6a41a35f
SHA5124b1f0a4e6c57776dd83b4891bcf5918a69da08082bfd5182a3457a90b939097658539bb19bd2a188527a4c06a06f558358d3f1f843df501e0cfc896b13d9f0fb
-
Filesize
111KB
MD50513ff46991630419f1ca0e85761d7c8
SHA17d54c1b630ac99085033e3c66d5c20a3349f1e0d
SHA2562f1721dbb7282a928429efcb1aede3b3c3b9e61ef648103cf790a181006412bb
SHA5124d2dba5dad86569c2e0605e3fbcd2fa1930557d642ad599cda6a6ad8022c79bb9ce0037cef13b4ac32b809445df83266ebc7ae1f36c9112ac68406656f911987
-
Filesize
113KB
MD5eff4f6dc0b51cf5303498b001fa111be
SHA15e7341b208aa7457746dc8e5dc64bdb3e3eed5de
SHA256296fbc8f53e276f868ccaeb9636456761ed0e77c4ec3c4ca03cd3058000eaef9
SHA512ee179d64e300cb7355ceb38e61dae63aaf2ab43e3fadfc558be0c4a21cb6eff3affba717cdbc126336506b41d36ed8ac20760df706287b87bdf6d365b9c565fb
-
Filesize
702KB
MD5e8fd9888c9faf690ad14efc1f4635289
SHA1db841acd2d164e240f10e7cbb9e34d570b2cdd1b
SHA256a64ec6ff9bbcd4cc48970c1c628db8da41bd47fe1af10ef01d08aef23ad6417a
SHA5126674d4ab4d7ee511796285aac83861d770deacf60708dc7ccefc39f499dd6af503aa7cad80776f53462ab376cc43819dc142078c2b4cace2388b425dfadf57ce
-
Filesize
153KB
MD5ddac80a671ad2c821b0e8060925dfd2f
SHA19757182a6ac2861a4cff6dfdf5a0a15dd5b23925
SHA2564fb6e47acba3386daccd33ec3e379fabb282a3724f162cd1a4833c88306e5244
SHA5122357f9b18c6bc948eb44dfe274871c6947a27ccf4e215eaea4e5217383016dc0357839dafdcbf5222c4bbbde851b07629166475c27bbdaa4e55f05809da3059a
-
Filesize
119KB
MD5dd4a130fe7849d996f6ae169d25dfe0d
SHA1b2f68ed8317c89647f7ca3849a03d0e537807a22
SHA25671a9ca46669017b6a58d8682d838610c57c9aee1bb62ed0d188ef6caf158ea3d
SHA512dfc58b2ea2643ab19673749d57b36e4cde7b8ee747076582edaf25df77cd6909b223ad11018c16b18c21623e481c4bf7cc8fe9c8e6adb81b70a1dba689d4b782
-
Filesize
1.3MB
MD5ba8d4c418b89aea1ee9cd0d9ef4f32f9
SHA18b58a2ba638392492714f53c9b755990b857c3ee
SHA256ba9cfa58be1144c2f1a2f996a922aa1dc47edb670edfa6d3b3d90391e78cc72a
SHA5126720b84247b33725fc919a99c8d422578de45234e5d01bed6980457bc959b9066cd0c87dc2d6d2951769908401af162e86c615fff03e1b67099007e0b9181683
-
Filesize
111KB
MD5b73d9b276166c50f776a7e46715b09fd
SHA11e1b983a5ae6081dc7c1526e0c45dd8080d5525b
SHA256626bd5ad6341f5b41abb8ed076dcc4e9c61b7313b5aacd77f8e1e15c5184fb97
SHA512a13ca1fc54e3d279736ad5715bd20c3469f49b1a2979e567beadfb60714d770fcdbaa6e7ad6c0902f61f98bf0215dc6090675b01ee73ddd5e135771f08115eee
-
Filesize
115KB
MD58d012e3fce16e79730edd8d1a7d39207
SHA1c583ab33556ef0901c644ef82f2d94781e6c62b5
SHA256f8ea9a539380941647132d63e5d0d88c70b30e8f5f9fc0454e468d0f4aae2478
SHA5126a1426bcc4bf4826d126230766a0a3ea0f67a6f29b2e2515c34db308da2a8fe4014d1600ee28995b2555ca143fe87c6887021a48466619e566a894f64d59fe5e
-
Filesize
112KB
MD5a7cbf0d7e91689dd5a98c3f847161c50
SHA1c48841398287f7c512cfcbef0a3a42bd787eb217
SHA256509b293931514e4d11ade1d4e7248906ca03fd800f2e9c6a835828d431ddfcd7
SHA51246b2e619209030499b1cc8035069eadad93d9d85757eccf1a72a60bddcbb2209262632a75fd66b90f635c0473559290b19353b3f9e0a5474236a7306145813e5
-
Filesize
112KB
MD5f4c3733bcf2287d92e50fae22d04b8a7
SHA172ad3c01212878aad2f9cb11ac9b8c93da0ca20d
SHA256568afe10bc8b1d3d8ed7946682301bde7f13a56d12dac49a0d162492c4881f22
SHA51285ba90f2129735b8d8400348bed3ff28e9574c0db27efc5590c08d194087000607520bbd213d0e0eb632dc68881be77561c3b9ff456ed9be68a6bad9169f0681
-
Filesize
566KB
MD55544a8626a82bc7a281735cdcecbc693
SHA1f3c4fd031274ece7902e15b831a4267aca525014
SHA256e45316ee6cc30ccc6f612220d5bc5d82c316b3187aefb02e8507e4360d167547
SHA51254bad50ff5377ae65e38871647ae4e45e87777cfc97d5c99bc5058b07fd2f83a66d43e76a03b715bc838aa172593454400a17818c743b512c4cd1d403bec894e
-
Filesize
4KB
MD5ace522945d3d0ff3b6d96abef56e1427
SHA1d71140c9657fd1b0d6e4ab8484b6cfe544616201
SHA256daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd
SHA5128e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e
-
Filesize
348KB
MD5a9d7a53cf3b044ea4c2f2f9dba66d4eb
SHA15247986e27a4dbab3dd78ab6c297b5ed14e77417
SHA2560a8ba0be01faddf970f7665115e579e78d9059fb9a5da99499ffd1b4bac2768e
SHA512ffa2c2587365c4ab8038bff048ef28c3610c64f5dd8a48e1779bb028962aff24e1cac8324d3520269d0590e3bbb81ea6f31b6ab5058e4d07ee22f280d00ca652
-
Filesize
113KB
MD5e9209a58a2d9ae13dc49c6b000c40254
SHA176f33b05c95ca31343975bed42a1b8f6f4134e5e
SHA2561dee1e5dee69786e367d6aea037ed35628fe3077cdcf34b0bcf206814d64e891
SHA512e702ad6c2c4678ae6fc3041bc339f3463883a21a94e8fe73b9bf0268224a39fa9b24bc19af137623a176f3ca3a7accd076456fad33b07607a0cf8b556b422029
-
Filesize
119KB
MD5ba8541d93cc5360aaafbcffac78da9fd
SHA172a48daae7a62c720676d7ce6b76741a10d47afa
SHA256170d8e8ea346c996f09c44ba9060956ccb9952201a983dfac699fc558ba97d0e
SHA512a5f63ca65ee94ab015abe33fd150864ccbb54f95930460b4462ff3241fc13a8c27bf0085233d74a7b8c4c211dcbd53215779b297a70464f5d35c59ef9c341f7f
-
Filesize
557KB
MD5c7c62d061988f8acc86b53f2f6948a13
SHA135613929ef82f4fa34fe6e499e218879e852d231
SHA25602f09da398d7fddb5d4087bad50510e278675737677bcf6d9d1d3a9e86dab836
SHA512e9a43492cf9b68223f2bb29e21d27c0302c5289904e08d1c5bf91a33be0ceeaa325536d3a615fc55e3128ec90e80f6be6698efc3e9e45b67ee51320e7181ef5a
-
Filesize
109KB
MD5e109160642675aef0dbdec63d47a3f44
SHA1a2a31aec040b566bff683d047d79a1eb8592c72f
SHA2569d810ddf6a6b1d443a4cf6e105e1414db4b6dc76524d7dcb7d95d03839a042ec
SHA5128deccd931d0e15cee7ec3defbff7689a2ae52621605380145617661b9285b5d6dfbdf462bf754ddc196e820e5fcee794b44108cac0a409bced06816e9a1917d7
-
Filesize
721KB
MD584a208608190f6682d5a0bb4962c369f
SHA1914df0b93160809d17b9d2040007260919f7ff4a
SHA2563aafd83b0ce9b6b28393df4f9784b6107c2ada08f89e3af410effea7c22c1005
SHA5122f38aa4d948ac16f7d2706da0d5f039adcb63a1850d36d415a54a6d8499f492b8eb7ce1ca92fec4ab127c61c1d089670d1e0250d9f1f1dc083b9c807785f9401
-
Filesize
641KB
MD5457bd54205c9873ef9fdf9fcaa1e5594
SHA1e0b06fac9b151e5a606b40aafadeb8f0007624b0
SHA2560031c6945ab5cdaad8c1bdf4dba832e1dbe5731d35eb5f7ad140fca198fda7fe
SHA5121f621e8cc541ebb9e1d3bc2621666c4588d75c1fc443ab06e99f045c982158e3a6ccd0105433a0a6e3b0e0e5c2b1f3ef6dcc6dc62ccec23e278bf228e7083f4b
-
Filesize
743KB
MD5258f6732e84d911f5effeed636eab93d
SHA13e775f402b17c129cc8bc2fddac8baf4f1ba6349
SHA256ce0c184d8b9bc76cd3eaa98b54f5cd699f602ac9364eb610bc48fa182844e8a2
SHA5124a76df7b894f07575d423c3c5fb4c923f56e4abcdeb577d0b80be30cc1f6f2dfd005efa98048e36cd2e829d8314ef3f32ad07d7affe49cf36f1b7ba7b885c2d8
-
Filesize
119KB
MD582e9e8e7b1d713535cc07db2c3a00754
SHA1f3d6a89fee61eae1934c4322c7279f3bf5768f8a
SHA2569166dbf6315a93ed4f33ff2d1f0216830ddef7c41038f0a4efbf0769aa5cede2
SHA512ddc7714fd33d5460a77b2e4728def32ecc06ae20eefc02d72b4bbfe10bc96098503326493a1be3fbba4bd6873e193b82609b6e0d7e88be773be2dbfe2170626d
-
Filesize
114KB
MD58f615a9db08b1ce8158ac2f599b542d7
SHA15f89b8ad6ca1c65dc790cf9638640fd8351b89c2
SHA2563eeca7f746cdf590fff793e9fdcabcfc058acc5dc33016ad3bd5a4b68a04e4b3
SHA512158370edb3a219f8017d88f36ec431691c63a4861e29df4f29a0c79789df141ea7cfc1dcaf431c94a31c62ecd9370037e64d4c696b98c639455e417ec2d729f4
-
Filesize
887KB
MD522cb0d11c6f9062441c89ced56b4b933
SHA1981effbe285ff11165a89cfb87181ff39df5d96d
SHA256a08d8fc7b1dd1c260c2f3647d892789c576f650947276e961e168cf8faa7bded
SHA512476d8c5462da62a43ec1fb7add9412ca917138aa012e9494660d7aa42a8c23c7bc0885d50f7b5f54aad536c8340db01033880ea4cdecf0beebfbc3e86ffa28e6
-
Filesize
237KB
MD553f02be2318143717638256e434cf8e8
SHA141affab9423b960c7f02947da735ee08f2815742
SHA25618cdc95202b9a34aca82d872c2e0922778fb53175307fc666cf2def953d1fea8
SHA5122068bf7d3e8e78abfbb01daf2df5512d46b64ecd266bcc7d71f93b01f0a77214d929a69fb60d594e0cea75e298742dc7f76eb5efd144304e09aa6774fca1c110
-
Filesize
113KB
MD56b2e5615613dca07a0ab22cc4d77abbc
SHA1a512cac9b57740b03fcd164d5d5c2b968d3f1b59
SHA256f86d1ed2cc0cda270c5ea380cc82adbd0e0c01f6c5afd804fe320838acdf6bd3
SHA5127abbc5668d9246dddb5047f41187e909e38041958d4bf1ddb0e72dbbcdecbf8e7976e2ed63081e155469c4c06ae738abbcdb8f14cbac882107645f20e8c99383
-
Filesize
112KB
MD5667a00d421132abe0d8c015cff336a1c
SHA1c173c0aeb47ebcb16d629d378465c91af174088f
SHA2569d1b48f1dc1b5e5cf40c66ee9e434da343c3cac6b179a989d377cc333426bdef
SHA512a21bd2be5ad55758c0e0d4cb10e649e75953164497b978dea856eea984788afe5b510dd99278cc498bceea21cea6ef0220a1653c81c169f5f6471f5200902d93
-
Filesize
112KB
MD5234c8a7483423fbb20b97fda67c7079b
SHA19f4536d8af3a711315c3f94b45ca44485d008862
SHA256962481558916245ddac4e4203eac5879f030b53ff45277dc1ac1725f58f15e12
SHA512d88541859ff0a0d4b574fbd8889ce439c29e0010b4ffa1ce7e75080b66bb3c1504f6d9d691397b536c9971760e5277a62f60e6ec1d1a370af3e0420fbe15bb71
-
Filesize
237KB
MD557a530804749bc7c2262342f4ee3abf6
SHA12706ef6a33c58a9f6d1c31b04fad416fbddcfa9c
SHA25602d661113718badb9a5fe4fe27eedb400498e0f3ca8a0f47fae59f26932d853b
SHA5121c8bd7279fb550740deae1b3e415cbb427a0d8195d61cbafd3582095c2a530cdce00f055f2e8bcae46d8ac8737c3e01890137093d3b2d553eeda47184955a419
-
Filesize
116KB
MD568ff889d5bf579675b7697270277bf14
SHA122824a23280a8b434f1c8b9acce52ea1f592d580
SHA256fd0d894995f02d09503627ba15e6523bea075c2b3bf7362cfb6594fbbab3c617
SHA512155d23fd40714ddf504d66b93b655032ef14629a854e8ae918542f3ef0c8cf53577de8a061de579c5e3ab6904e5e8771c1637464b23483f8ffe3e5c236a38b56
-
Filesize
109KB
MD504e80cb09215c6fb159e2bb293e37175
SHA1764e1cafab365463b7d94a4bd785c8c1decdff4c
SHA256f43086734c3f05442b978b81e49706b3cf4b72ae2152e4eed865d76b2ec4416e
SHA51270674d2905d6ddfea49d695f6ddef33dc0a84511ca35c1641fb687777ef7c38fb5f014e01185000a478869610155fce79fc87a5edf208cef931282e592cfba4e
-
Filesize
119KB
MD584c93571d8a7eea8767fbe104c908b4d
SHA13ef6244f964da07c60d7accc5a4d9bb4cb2d5c01
SHA256b05597bebd5fc490a1fd7258b8ad726cad793a08b5aa1710e5e93d6c717dc9d6
SHA51214a56e67285ae8998d624e95e4b6f91bace4f61ba229765266bf132cfdecdc017f91bcf04e8509548724d1d1b14d186d1f1e524abccb4de0a739c34bd9fb17e2
-
Filesize
114KB
MD51a7f9ab4825165562b967a2625169efa
SHA11f7d1ab570ab4f7ece9f21c1e7bb7cc1ce23edf2
SHA2566ced2b7535e783417c9a040fd662070eb19712202f80c41e09afb174ee9287fc
SHA512d2d0f157bbfc3a6a1ac2ff7bbb06f8fd2fe7b190dce4d0162d017cd372315b7ba6f5738e5697de0e58f6c9c3b3668e87300320c996b010933658ddef716fd549
-
Filesize
4KB
MD5ac4b56cc5c5e71c3bb226181418fd891
SHA1e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998
-
Filesize
109KB
MD5d6dda682698c0c563ebac5bbc0bf48e3
SHA15163341c816f288bc1aa655f32051a6dbe2823b0
SHA2562645dfde6084132e0d5ffa302dde49b9f37b12b4858970735eb27a7c9521a2e1
SHA512f75a36a444cd0135282aee91a262f1b5a279bc4094605f0421b821540b8d356cd0de8796024ca940271ee4baa0dc03f14bbc79fee7698c929e6d66d4ae72edd5
-
Filesize
4KB
MD5ee421bd295eb1a0d8c54f8586ccb18fa
SHA1bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA25657e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897
-
Filesize
556KB
MD58b0c0290006e415f5ae1010db1361648
SHA1ce6727ebd3ae10b66a8fb2cbf95fee783908a371
SHA2568bc4d27f1cad4219b968849d5fc603b5140f6bb97c17ff21ac190f972678ab46
SHA51245397c598b6792a6e0cbb658df899f80365419ced51d328235f4a56a62de8d7a6f1518d0728930ce42c3306aed9a2b3785ac3bd5ee63ee6140a15780c5ec2302
-
Filesize
5.8MB
MD5eb58e6add077212cf596b37ebec57877
SHA1bbf1380933bf00ecf6e8d561b783f80accf4b5e4
SHA256c2aa119ae7c1d0bc05d8d73702ce0ee0beb14e544df971a6224d8721e30e96fe
SHA5123be785c826265b21b5aa5b3d46e825922ac8259308bf968471320e596f184102bd6da13ec06382d7f27b5e29aae2bd3fa8bcbef5965629c814e537a031df751e
-
Filesize
138KB
MD5bb5f5f5733a9ee27b3202619ec360015
SHA19867bb8c7123c94e2b07f7cbcc2437df91df0d8d
SHA25653270d24dd760c297364c67d3d64ff1885028a8cac9b129d1586ae77153cee83
SHA512e8fb57d451660ad9ae89bd4dc0cfe68367f60b4097c17319b361ddbc2cfed0e9703f0765c7356e45465b46c7bbfae4475af167473e97bb90514335c57531aa39
-
Filesize
113KB
MD59f2de801f34135cfdce6d88e55c7bbe0
SHA1196cc2cde8c53afdbcd10bfe7387b4de7662b52a
SHA2563c267fddac6a8f4a427f1f2db0cae403cc701439df5af200d7de8013e4a156a7
SHA51262a3178b359b87fd48175b42cbbd2c0e6abcb91b71fe6111c843e559a1950a864d2c494bf81cabbe225cf473d249f841d96f9bef0f515810a9265c4039b020b2
-
Filesize
112KB
MD576a5448bfdffd3227166c13b85174c07
SHA1a7ab4bf8685b04b1b27cb9e2b299abbf87cad078
SHA25671b745ce592aa3c85a1523c9d0fc41981c4998c2466af66de61cd507d3838417
SHA5122dab2fd3d8cb3cccc59c1d45652fa18e34eef7efe16f8215c2c06def6a5cdf743e6e79bbd2e60bb36deb34296932cde14f7659878406fb2b7d73cf0535a663c1
-
Filesize
236KB
MD53ce73dbd174f404ef73e53e2c3a24811
SHA189ec408c5cdeaf6f759475c530d651232e131882
SHA2564765f988a974df3a351e7795595966b1671f1279e24ac03071515ddb5dfcd252
SHA512639c9e97399be9e8d2bbccbdd31bfe92cbde7482d4fff275dcac28d84ab94ffbba3de6013a838bfa0291648484c31d92308a4e837a406cfd5efe87984b5330e0
-
Filesize
719KB
MD55b52bd1a73cc1aace475d9075c990f94
SHA15286e72344ac315c77b5d512e23b258d1e3328e6
SHA256f165acc4d0a505f32766e557e3e357b529a113d564fc5735d6325cb57241de46
SHA512b6c5366f437a5b867fcc78cce680cb027698402bee0a21e6c8303a2f6d2e25ae9067a09c5deb84214d15c8c71fcf52d853c517a18732f755aeb427a9a2c55c45
-
Filesize
721KB
MD595b11288761f08a64f5f2ff34fddd005
SHA1e02e5b43f8c9e6f201114efbc4fcff437a70e43a
SHA256beabab70e60453ea696847257ffce545bfb0f9d40e31cfda19181d05320d1580
SHA512a102cca3c265fda2d8a2f09aa82667952cfa6a1017f565736f2347d7fa8d2a1a63ed347b01ff5156e6feb5c7e777fb77040515c3fe3df10e3bc6160e062d5d02
-
Filesize
642KB
MD563a90761e1627502cebc60e67cd770b6
SHA156aceac2c6b6c49fc208be373ae4684b5ea9f646
SHA25675771ccab5b569ead8d46734b9ed66fc85bb0b5c26178ef5678ca90ee2e234f9
SHA512791885eadb7cad94291bb1213bf4ba7df46c27cf2e2e939e3e251dfce00c853f8bd5fc154bb836c1a2cc6f3a3a9a8501d17427ca17e35f576695f8a21dafed1c
-
Filesize
479KB
MD59112e389af34e1a2c7036abed2f153b5
SHA152a7bc502f9961407d08b541ba37103254d4b205
SHA2565252259f5d2382a48f1c3cb47543d43752c77904d5621dd9bc89eefb8882204f
SHA51265c32adc02b6de944940886c471c502b64982dc757a07212dd5744d3da19ad94026a5251a6b3e9931eddd3d7b4f2f532126fd5cacd5d2a8392346fe25b986045
-
Filesize
115KB
MD598a71d7966682bf798051ba181fc0676
SHA1e8d9c03405d8ec1cf4151fc73ed11a084a03e9fc
SHA25683fce0f81b889ddbeafc999d218077de3b361ae0474018ce50d63a527366cdf1
SHA5123365ac59595ce74fe1e8e26bdb8d385fea3aa5bb83416321ed90ee63ea25ebb4ccaeda48b829fc68dde9f0a36217a574392c942e3424e333952d79d84d69bc32
-
Filesize
119KB
MD5ad17ba5f56d57714c57c4360beaa0b2a
SHA1817f7a31df7a464cbae31552bc994057b38f4ac1
SHA25636493a6d641d2ce1aad0863fd4a246350e726dee88d71c2cf6409bfedb30c0a1
SHA51273b966ebe5a9ea6bf96a910d79175b1a147517c824e67a316411e1bfa52c4e75c78ec4ce7dcd75c14649eb8d0d310c27f7f81a7d583c7bad1b354f3ec8ce0acc
-
Filesize
5.8MB
MD53783b0e6a8f16cbb035939314c8abfc8
SHA1a49b22891c69e3da76cf9da92d9f2a322e0da32f
SHA256b9fa6312f86a7bc78a4fd3c85ca50722414e6557403dc1189ebd213939d6373b
SHA51203d311b6b24f78efca65a25ccdacdc9ce4c7a6b16c3cb5395dde136de2eef0cdbfe8f1454d6dddfb2d802915583da9e809e72351e3b3dff13edf8a2df34ae680
-
Filesize
111KB
MD52fb9ff708fce624a212cbf1d6f2d0f62
SHA1e4c8326db55be69502594ddb817c4aad018451f4
SHA25625d0e10d1066d1f42d314209965c0afe3ce9f0851997fea7509d79cd50421a73
SHA512407f4336d6701e631928f77f829b28d47636fcc2d283eae5484746946fc8562048750540fed624257e5c3343a4f5a346d6452aa1a6e758e4ca953847d706136d
-
Filesize
1.7MB
MD5ddaa38e369fddfd902cd879f82dbdb0e
SHA1e5f423480f3b62271e3accb28810b41609f2fa17
SHA256d21dfeffe3804ab41840c735aad69e6bd6c5e05ac277d3fb72d328d761b3db52
SHA512780f52c618f70b65ca1240070d33504b2b496264536c8a21d5854ac4dac76c1219e25474a30b914daacda67b81f42674df447c0bd1de6857b18320c449c99068
-
Filesize
113KB
MD564c65ad90a2bba5e1d60a464c9a73117
SHA10968deac366fc1fed32340816b6a943b4b6fe68d
SHA2561d62d73b310bf742282007572b349e5f9659ec4f91a8cd2bff5d499871fd6085
SHA5128774b90820c60c285c69099339db93b87157f5bfc823b1688c27bce64b8b47a255de09090a71abd67b76bc947fa79c603af4b4eccc965343c988dac0ca0f23da
-
Filesize
113KB
MD537010f0b15d0ecf3cb3d879d753f4475
SHA133edadda10036e27fb1487969726085f5d461c29
SHA2565625ec08313a1b64109f1c7a1054a9894ce9e43ea9d1d190f212eb16a502616d
SHA51292743d34f55d907a30ed6460c1841a5de96a7d0e138358eb1f7dc173082ca09f48a2e8643d118f60d384b1be7767d1edf972e9f00b74ac066dc851ce97afb0b7
-
Filesize
113KB
MD5a7390b1740cb2075bdf470551b434330
SHA1d5a349416ca41e1496daf6126b3a60c814e094cd
SHA2565b6b72b1d943bd7f34ebd948d5eca0b2e1dee2dd7458bb9fce17f90e68195406
SHA512d28148329053162fcb90a8688f44fe427ba8daf91bbccb5b6032dce0b4c181a8452a17dd96c45501310bd70b2e8a63f7634170c8ee93be4eb8dd94e7d3b377d8
-
Filesize
133KB
MD5579a866f7d3e503694d385c2f361443c
SHA12475c1e910ec8554833a11049057d24c68baf536
SHA256150edb794220d71c1155e46d050fb77ac043f262949c0af8f2743bbce10c84f1
SHA5121cc81264efdf774ce2038c1a1b7a6677e898745980e36a81a098739421c6a4e222d97eba04974d63f97771830c8ba062c6e371cbd02c8c7404806627a91f22be
-
Filesize
1.3MB
MD54373a6efe4e3ceee67b894730aa8d640
SHA169fb8614dab88cebdcb8117a77b1d461b9ea2906
SHA256c78c7995f9f1526b283262f9847c357e1c13d99340746a8185da81a4fd37428d
SHA5128cbfee00d17a10244fc9434ddd22b6fedc30514b75c6d94a3722bb8370dcf624b713ed2018bc7bddb34bc2c1aa2b0fd29803aedeac103758a848ac196ad85c73
-
Filesize
117KB
MD54821182bf299662b1586fb4a335c3303
SHA1a6441498ca216a7c091125af1221b1618ac88326
SHA2568ad8ecef8c8dcf4a3364b4b60310225625a9af9c013a33e2347dd1355c6dd075
SHA512f966961c2b66814bedd52f138e30ae5ff9f18dc9956bdcfddb134fad13aa7e80ee956d672a094f4672caf03e2e035584c815418f2a68df390ced2809f668a424
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112KB
MD5e2e812cbc841cf0d1cad983e20c9f66c
SHA16ab4470f4d99eb51ca095c7abbcd7e1421a1de90
SHA2568dd168e8788affad274cf3980ed23a685dff6e01ee89e2d5737b3b9f9d51e8bc
SHA5125290cd2ef33792a73b084a9986cb9c69f79795605ae13b876a5a8abae2b3c54345713636ea495fa6170b2d93a88b19acfc97d456881a268ae09a83ba75214124
-
Filesize
111KB
MD59f58c0fbd7dd944ad412e9bf9959379c
SHA17050842caec081d8dbc88d587e0ac57bad36249f
SHA2569dfb01c00129e807461ead56d0ec98faaff25cd21c1dcb282537e39b544a5d4f
SHA512bfcec4325ffdb1a911fe27135a73070a52f681cd7c7e95aeb120a7862c9e2adb44772c0d59ce9c0c66a8e58ffff325ae3fca5809218cd177a88d477a48ba56e2
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
112KB
MD580b7c7de2c81c3e4a7f54b093c85f708
SHA1a4d8e1ca4a9a2cac27617c6c3cba2a8af397e049
SHA256c7e3fde552097462b3c80597b4336c86d72d835d7b5fed3b29892d3876983fa4
SHA5124eb661f9cab9feb3197680638f4c43823388e9b93ace42464490a1e5bfac7f628b66aaa9b7a262fef07baba756630f5633d711081ba081250fe4e68bb6858dea
-
Filesize
139KB
MD5243753af3117e5a830a41c9bfda5f0f5
SHA1a64f2f64bf7ce85832a6d486153ac1257424d887
SHA256ccdb92b956d63bfa5375b7512620a590d477b57f311af376246f85d0d0eae411
SHA512ce73bf629d49abd635936856d38f41c0fb9c98372bbedfc8b57ed9f55b54d317d0a0a4d0a0f42fa659ee0229ba5afbb3c0eb724a4f7155cfc78f97781985df4c
-
Filesize
117KB
MD5fdbb45df42b810769961646988c15acd
SHA126bf2c1723fd1ca563d53e1852ff9837c91a9b96
SHA2561425f4f17fceb23eb7aaf8985bfce916053d524fd19268f462a9efb02614719b
SHA5129cab9fd15a419f338d3c4f3a690c21d94de3ec09a6afe2eadb8d57c39a16fd2fbce05cc5e58fe282647c5830c24a8a1f78bda5a081f9bc80a37f26b47bccf5b9
-
Filesize
114KB
MD5145fdfbeccc928f29cbde7381882c341
SHA1fa56ddcd02586b580fbf3fe6d120f0be385c344e
SHA25619a39f89143484acc122f8ca012cd1470c2230a703ff589d634037c48e3b2489
SHA51289d4031c46554fdbe3ac1afc5161178480e3b5e59cdea2834edbf2b73daee7115682c68e226b32f4a08d758e029810a937d74a6a540971d8462263f45a88611d
-
Filesize
125KB
MD57b038b91bb8b2f7693cbcc64f77c7366
SHA161b4423b2825872b4c20f25934050b26894987bd
SHA25652852f02058849a00d2ec5c547561c4f5bebae9b91f2c8c72907c1829545e57c
SHA51229de65d91011c8a7022f2cce0fd7fef01576e134d351c589164dc260b9a737d632ea556289801acb7a71691be44c2f18db21218f5f8d842a27efd20be027c39c
-
Filesize
566KB
MD5ccfb02473fd1a16b5a27629d2756f0b0
SHA15d31ae9f816123b63c89dc27f1075ad02c684435
SHA256fe05f334f08e28cb9309072406af029c5155c3a527b74efb6450eefd86c8ad59
SHA51238f433297ecb72b4271ada2bab5e2c290d8f47fe285e7676af5a6dc25d8082bdb72dcd7cb7211cbdd50fef51d20ea1b860d563ade3902cfe651a27f7e6367ef1
-
Filesize
4KB
MD5f31b7f660ecbc5e170657187cedd7942
SHA142f5efe966968c2b1f92fadd7c85863956014fb4
SHA256684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA51262787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462
-
Filesize
117KB
MD52c550ddba24b9226fb1e3f78c2eed9ee
SHA14b44c2fae67505e49a9a6c3d49e130b1460ccf26
SHA2569975e69aae9877cddcdbb8443314fd19a6e662eab47c706c07443017ada0e04d
SHA51226977e6c5ee6795c6835afce52422e983ea2b45a837e7ebe9cd89500f05c04e2dbedc1c5fc4420b55c86cb6202390db778c3a57200e7746eb12a6d795efd31e3
-
Filesize
118KB
MD5d68ece0d4a77f30614c1a8991c8c61a8
SHA1a24530b8af5ecefc911927e4fd430dbf44caf261
SHA256deb66e4c103d29fae23d6d780ddf40a39f375e592f0e9ce54407e6eff6978b08
SHA512785d9513996890711642f1df90b52c3bd65fbb466480faa45d64b11597491d667f0d3093cf7440c372c01b4ed588340ff3a849574af8637b11fb3cf2e24f599b
-
Filesize
470KB
MD5782e9c84716c5b3a7fe0633e64b0759f
SHA1978e863e61764cbfa4acea4216a8d32e6248bae0
SHA256b9f68b6d676d60d8be101ed0fc15529f1173f40ef87ff085e68904e3a64ef724
SHA512936daa5b91c107080862e01aabf6519e6a0c61f4fdb68eb4d3ba23b4e32465332c6a04fcd3f7f76d7976e711c2654ddaa41b5fc2d26dc2fbbfbcecd41c6809c4
-
Filesize
154KB
MD593af4ed1e72aacb3c3b07ac491dbecac
SHA1a500f00ff9caa742a3dee9b92b577655d57a8389
SHA2565e48a3cfbb7c959a5e41a65a7a0d6a7bd3b686f490a46ff161590daa212153fc
SHA512b4e1fb933ff7601584763329d60586107b92e3a55beef5fd194afa452279f898084aeb3c4057c543ea4b480db88acf04d6b74d19dbba4bb7374e94521d96f78c
-
Filesize
111KB
MD5f84ad5c66b3641531eaf1c7221a32624
SHA1708350a27201c2aab134b44ce6ec213f1c3814fd
SHA256d39d6ef29cab7faf40094ea73c185e4cfc5436125414b9d3e129cc090ef224c5
SHA512793df8446a5495510bd3ca9f14c4b7da7d8eeafe82320de96fdf1b42044954535d29c4a54884185077fe5cc3543217cbd8bfd2d3085f310645711384edc74e6a
-
Filesize
122KB
MD59f3e295bf6239b05ca3ba394285d7f00
SHA1e7f16bd3196fda2285bc5775acb8f4422602535d
SHA256b1621fb1d7c685c37221810d98a2cc66ac563ddd435e3318190f6ad32cdfbfb0
SHA512c5919513690d7c8839f88824d15ff552f4405e9073baef1f48a921e7f7ce625f2422343b3e13183306265906fc0ebb63fccaf9268bdf5aa9b9feb821d722e912
-
Filesize
138KB
MD53e46e13576449cc8c71e2d050ca7b175
SHA1ecb3fa4add0c470f1a8505b034805c4933c020c7
SHA2561760ac4a5f5d92203915c809270ce457769ec2b19f467d5a1ff1e72939209e63
SHA512764b83c770b13239604f642eaaea72346fd3b10bac8bab73ef0b17ea742f7e410b76730a24d47b4614bef0c401c8a01e7098cb4df6944bfc83f653ee4367b481
-
Filesize
700KB
MD5cd89d1a6cf39c2eae586fb00b25d21ad
SHA1854969cb6a5c0f2fe0c25b60417d47ecb835f28f
SHA256f83d8d2dc29cc8c97463b24674747fa0c0b8563c9eca0d4644f0d7635ee58597
SHA51263d8045ba0e599f957d4ad33b671cc661ed4f7e2bf181b919fa25736974dc5237fe14b064795dce8c04936f17b9d7bf07c6d450b55c16488902e9cf8f462a024
-
Filesize
567KB
MD59a08b19cd1b290bcc2fadd7533e0ed61
SHA12820499af55681191e7ffe2f8daa880786af6fab
SHA256a4dd2725aa9c0e56b43c4769eba6e0211ca626fc803d29464e24afd22a662ec6
SHA512bf5500b507f04c2b867bfb21ed932209e912ff4b726fe8565a4191be5a725b5c692aab8522ab2176e2a2b4db093eca8508adeab47a18c8c5877fe6b75f6d0f00
-
Filesize
113KB
MD51865b1f7f20bf9bc498ed4453017227a
SHA1a7bc9d9aa59d3c4e1263d4688233495d06462241
SHA2563c38afac0c3d8dc73685798a39a8ddfd2990773eed0e468dbf99529977875877
SHA512bc7c2c29ba61efa517df87a84ef15e257c0772fa2bbfe0e05b9d2260e81cb3fc9298451f9d577504ac65541f2a7874f218a17d36a4362a458b36b0727d594134
-
Filesize
1.1MB
MD5dbb78b1fa844ba478dc96add9f9bbb46
SHA110f93afacbe30a179beab69aac239bd64d7465cc
SHA256ab3f5b432217cf9b89ae9f4e345126c5303edcef8df110277c9c2482b5ddbfdc
SHA5123fc63f39cd2c0bd0b73374059276f9e0f0141df2c4b45dd7983766327566120218246ddede513ea1926d4dfe8818a817ad0172bd9487bbe12361f772a6499d76
-
Filesize
113KB
MD57a16030ab423d2b19c44a2dfd682ecc5
SHA19a38ac8af8908bcf3808769c43515f31054b5a16
SHA2568582438239ca5997ffec3a997a142e20ca1429c1532c6e2d57979679159dbfe8
SHA512bb59d668854b0f9c6b5c2414194a54eeb1f340f2f4b95cb9ea0ccb368fc2bb63c8094704fd5fa79d2d3efa28346b35c64152e1cd93566647d9b6a5e3adc5e8eb
-
Filesize
116KB
MD597ed61f414e7d1a1022c96548f4659d2
SHA1868d5cc3afff8a74394603b97f78b38ac9ee4685
SHA256d3c90f3044b35fe8ca99edb688290220183f22b44ece2304bfb904d5f3919bc2
SHA512a2b241b2449aab3f70deb51198a2b9526c8e993b541e8943a58b4f9f41f379a36665133c9741116b30c1ee3667d6aca5f15460508e2005ae13509bd75ec8a99c
-
Filesize
112KB
MD51733f23bebfa614b3acf8389b22e484f
SHA1f77ffc6eae0c01474fa6f6965eda8e029c6ec6f5
SHA25697baa39bf405eaa1f846e50f78c6a5ef905f8347f097285d1416880acd520f29
SHA51215cb906fe1a03e917f29dac80e7fdf9f3405b0d9314d9a798ef55a0b9deb3f98d401752d0024153b0ae700dd4faf5665b23935a2bfd59db358a761f71ed67124
-
Filesize
110KB
MD5e34736e94b62e94793f04ebebfc3690c
SHA14418a04c39095edeb5f2933f24f78b3ec703c2b6
SHA256749d22e45b9d7ccf584a306e33716d27ccf80eee4c67bab77d5a701794691dec
SHA5125dd1e52ea9d4a80fa3dd61be32e454ad39c0270966788a690b4a6bff0f34de12d72dc61abb7b3ad7da456263ed92168b828df954a949745f2148e5c12ef125f9
-
Filesize
486KB
MD5edb94de6f0946ef20ab4d0c863d08d01
SHA181b2f3b07e196b612da196de987dbf126bc0d38b
SHA256b49ee467b9cf5d94b857e297a97c46b3adeeb6179c7247942e01cb5d22c45e57
SHA512c5d3212319932777c9e0939c981fcb1abfb602540eb75ad1f8489b1f63de837c26615986ef9b66ec1fc2652f8f48d8020ad097907e7a9d82305015fdcc715a27
-
Filesize
745KB
MD5ede1d6ed75d2589d5150d3245631bec4
SHA1eb4261eb8f1c072857b2241a365995d3c051ba00
SHA256f13f7ae646ed177b8060342332b3f7de3a188c3c10ddfd946d372e2a9616735a
SHA512363afc73a734f09fe9a8ec64bef94a33327cddbbece3d17c8df3be805734d7d88626346030447740ba165c1f406db6d57408a9c727f95f25fd5e614e9f6edcb9
-
Filesize
236KB
MD59c593f9b8662ca12d63e9a7fbb11ce14
SHA1b0a8a5679631d8183e0810c3d8255ece1ddb0cfe
SHA2561e90e385cbc5ffe1f181b3ad8704181e7237bf93e2606cd7f28736cc6e7124d6
SHA512e995e7e00e3090ad9386da8e5ca0093cfb584f3a6dca6426be18bb81230197472242f4895a89ff2dc96af10ea62eff84e744a1e33d4eca13afc28d614a6eb0eb
-
Filesize
115KB
MD5446b3a186ed5913bc10144b4eca8d56e
SHA1b2759a0ac492e4c52f16a32bf6972e7a7be5d1b9
SHA256c19595241ac3b13d53ac07b806e841a094e55219bf184d767bb6bd9c14077ffd
SHA5129b47747e905cc08bf8b3067a61ef4990d13a8d64131f4355ded9ff08b2a771531953a6cbd447317cae716f87f995876dff41deeab29d3083e67118a28d12c953
-
Filesize
113KB
MD5876513dd0e87de79107f3b621e866e5b
SHA17c75d6edbb2906abddf3ce7caf593ba8dcfa98b1
SHA25651a803c4f9275185b2a4509b8daa41bba01df052f382df10861807c119bf4771
SHA512407bf0664da224969bb25820633e5eaf41dcd8a87221c4846e0faac08eb1447af8560c6430dc1e3364b0d6528a1ddb2b006bf0e2eb5253c51690b20057c63c4f
-
Filesize
112KB
MD58c7809551f018c34a7d6539e5c56d090
SHA1f79c363e26c27bca0988593e921dfc9ac807a001
SHA25697e31a908ff4ec687e63f2450f62208663e27bb5b9b3bba1f9b37280d0af66c5
SHA5120996558c7775844e39f303eccd30076cbadb07cd9f4ddab77f4279523a3bce931c59f5d05ceccee78fb8c59dfbd42f44784081cae68fc9404b5a5cc0cd5b634e
-
Filesize
697KB
MD53f1146bf4f530b5899aedfff955cafae
SHA1bafa0e1a2d8e10c428e807e10e26213159f943df
SHA2568455a99f87eb8d9cb7d59fe3493f4abe7550eaaa2ed57b7d10bdd72521c35533
SHA51207a206ac1a3c1067c43759c7ca2a5f4d39c6efaa5386048af07d6ec8d2650e353e90dfe521baada5047b0b0127b9a3f5099791c71c859c738b3cae2af38ff8e0
-
Filesize
113KB
MD55b61b48325f87de0c93b4b7066a65fc7
SHA11364b5e86ca91768e44586f667e45ab1e580dd74
SHA256f999b43fda96aee57558b5a3b45c6f0654526de3dfd9a534238ea3046369337a
SHA5124c72c5899d618e30aee82e7be9b35b0758119de10a53b2c4a4b232f09d4a7f2d82669a6f01b241f7585668807c4343e43cd4f5772756b6b78a4fcef279f7f300
-
Filesize
113KB
MD5d812d256cf7240537ab1caabdf0c6c2c
SHA11a7b08108efbabc9a89186f0d73dd855807cef07
SHA25658c045fb400971d50fd55b810d4efa45eb5367259eed244f28c3c0e296b5994d
SHA512ac1db2bdb1ec44b8eecff3de204eb6ec3bfc4e0d9d2ecd9e91d52cd3489b7e4396e5979630c5fa41b4e2e4692f48bcfb165dc036b6c4e72d2097814226c3334d
-
Filesize
139KB
MD5c0b4e5c7eafa219481a374bd2814f77a
SHA1d124fc9ededc708118024fa6b4239d0f2c1c97cc
SHA256aeebb6d5145cdf162eb7c42551dc19bdc8a8bea6b12f18dab845540f40b70b46
SHA51271e5c28eb39521023314c36ea85315968883df09ecfff2cbc7c7eeb816f1e62d565b8bb529125fa172f770cf3f8314546f68c5514f5c986f4b5050f18655ee33
-
Filesize
611KB
MD571eb3caa28e868ab78e6373eda527ee1
SHA16ec5cc4ee3cf8cfbf90cbe69637d4cce441eda24
SHA256dfb5fe8c732972b960a42688ba4dcf202cc15f27fcc65a6e395d024f642c21b9
SHA5127117014b5066aeec7797ebb00aaa76109b9ff81f1b60f29aac7c58c13740558b87fca4542bb31e005672c0ebb503536affbc7f4f1f53153a2a24dbdce77de4f8
-
Filesize
110KB
MD58e8d9708b6a72445f2aa5d26c2cb3b4d
SHA10cfc03c5e01f4f5b7292ddaea9a4d658daaf5e08
SHA256299d7b5f88b3a1cb467d1d71b16103c26423b8f7a32895ca17a5b139065b344d
SHA5128d398e379d1a9156920d776888774974cdcd2ced9b4a65ba5484f2b62a7e1341d96e93f5dbbcc50a1573050be981fb00957916ac7d2f5ea991de2e1783e932e9
-
Filesize
484KB
MD583fc1d50e78dcbada57e8dce7fd47719
SHA1f9d3c6fe9c4722921dd949fbd44d77d3d64b7055
SHA256ca2711969a2f6d2bba0b085100d42929b33c077ceaf18c8b885b80f266819f38
SHA512ad5c7a3ab2bb9c3fbf789434e095ef61b3c1691c005cb75dbece1a91df586c6a157c22c71ac4409762816bd59d53ce2cba8caddcad1096e7c50f8a707b89cd68
-
Filesize
110KB
MD53e55ee013438e929371b68befc5d8fc5
SHA1a45447d7c80b48c563bf75fbcbf56f276bbd8b81
SHA256443b2e4971fa73114709216b0aa1b083c819604f98d7e30631b053ecf1e85c71
SHA51266ce2272492cd448b17949a1f010f175a810d9a7b1926823ff2c700868f56ebd5fee58292802d3bb2fac83a3bfd45415b52694d894e6966ef3fa32b0d2eb8c74
-
Filesize
112KB
MD5d4962785627b08c355552d998ea3ac36
SHA1a1048331f922d8040a14e3431ea63928306730a5
SHA2564769e81e717ae7729f50f6b9e9920fef386d6c5b4c7f4d8bc17923479f9e6b0c
SHA512a24541200ca5024e6bb9105db606f6c318da1a110926dbd1f6c05d3399dcf444effee500c4a8d7414d1e513b258367368c28c7accfe6e6ec9e8bb3bc8a003da4
-
Filesize
112KB
MD5657d7627c51a99dda4658210a7038cab
SHA1d77d99998c7371765daa53c864d19b92051116b6
SHA25645ab2a8f5e94ec27337987f34fe0353c0ced2e90b1765f4507d65add7018b199
SHA512a378f296d76e3b1d6bfd0a9d3245409764dacca1214de92bf2e32715b065913eafe909a7e4991003a73b7800f501dbfb2d4f0d7e189a1c63b3308a705576caa7
-
Filesize
111KB
MD525ba16d11167f2cf2ed492ac5d544b15
SHA1a4732c9f075eca84bd1c63da6b375dcda6349e47
SHA2562294b1aa940eff6f34da9b25c4dd5bc441014876a9dd5b2655c3e76467bd3492
SHA5122900918b52065dd6d3040ccd4b50894df0ef668bc01aec43a045ffa3cb58630cb828d7bbcf36c447420921918ba9e03e8d09bb32210e4d47ccf61c7429acab34
-
Filesize
110KB
MD59d279f706338025db415fdd34229c3b3
SHA14844a0540d79cf42b72532877322c8b4fd8cf1c5
SHA25686d31334481368ee4ddc0ae54bb17da28b11f9773027be53403b6cd9a6c491f7
SHA512c2ed4c7379c76157c01a50aabb6a4d3e52a3e79b915683bfa74e841ba309f8da418fe5530eeb05c48e19847915a3242c22bce8c8f87660fe18d9a0ebe377ec3b
-
Filesize
109KB
MD5db748648279051da35e99d0a3d7f2d34
SHA1ed034d17d91412ce5a4f684d68df046078e68b6a
SHA256ade19b99a4f8b906b23fe89c788df57811deadd55cb3cbb6680eac6880c532d6
SHA512ec8350c066640b4d1f04ed4fb762a4102f740d4eed0de78d64761296c72fc171f8c4417b848575d9a37b280f5298d9d1f74b36d5d832299920078532f2741a83