Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 12:00
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
-
Size
118KB
-
MD5
9c6ec48eb16153706191b02cf4097fb8
-
SHA1
30f27efe943d15303aa16222098aa4de673c5b24
-
SHA256
ae80b53fa28ce550437852929dfd8e9e5b2679d04532e92da64e1932d167369f
-
SHA512
7787972133f41af090c66dafb1720e53e96138fdd9ed7b86b334529b5f14fa7bea4cc7e377c43c4475978bd2e03ea33078d1f7a586f650bcb96d7ee5666ea21e
-
SSDEEP
1536:XLlP/G6wRvQU7GZYIxnd/jJIaHalDSy4xw5YaPs+tKs5QYYv+q72ErlBzBHjn7:XZXG6wGU7GZ3pj2G6YMTidv++2EvZX
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (82) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Icggcsko.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation Icggcsko.exe -
Executes dropped EXE 2 IoCs
Processes:
Icggcsko.exeOSUAAQYk.exepid process 2372 Icggcsko.exe 2844 OSUAAQYk.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeIcggcsko.exeOSUAAQYk.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Icggcsko.exe = "C:\\Users\\Admin\\pUcMAIMs\\Icggcsko.exe" 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\OSUAAQYk.exe = "C:\\ProgramData\\ckoAAgwU\\OSUAAQYk.exe" 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Icggcsko.exe = "C:\\Users\\Admin\\pUcMAIMs\\Icggcsko.exe" Icggcsko.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\OSUAAQYk.exe = "C:\\ProgramData\\ckoAAgwU\\OSUAAQYk.exe" OSUAAQYk.exe -
Drops file in System32 directory 2 IoCs
Processes:
Icggcsko.exedescription ioc process File opened for modification C:\Windows\SysWOW64\shell32.dll.exe Icggcsko.exe File created C:\Windows\SysWOW64\shell32.dll.exe Icggcsko.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exepid process 4028 reg.exe 2300 reg.exe 652 reg.exe 4144 reg.exe 2924 reg.exe 4880 reg.exe 212 reg.exe 1632 reg.exe 4980 reg.exe 388 reg.exe 3976 reg.exe 1612 reg.exe 3616 reg.exe 1132 reg.exe 3924 reg.exe 1732 reg.exe 1576 reg.exe 1544 reg.exe 1200 reg.exe 4072 reg.exe 3744 reg.exe 1788 reg.exe 2028 reg.exe 2160 reg.exe 3976 reg.exe 4936 reg.exe 2624 reg.exe 3740 reg.exe 4484 reg.exe 1828 reg.exe 2748 reg.exe 4464 reg.exe 3648 reg.exe 2676 reg.exe 1348 reg.exe 3924 reg.exe 1248 reg.exe 4688 reg.exe 2940 reg.exe 652 reg.exe 3708 reg.exe 3880 reg.exe 5092 reg.exe 1208 reg.exe 4376 reg.exe 1568 reg.exe 4612 reg.exe 2708 reg.exe 1208 reg.exe 436 reg.exe 2092 reg.exe 2296 reg.exe 4416 reg.exe 1160 reg.exe 4804 reg.exe 312 reg.exe 676 reg.exe 1348 reg.exe 4120 reg.exe 5040 reg.exe 3640 reg.exe 1524 reg.exe 2376 reg.exe 2144 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exepid process 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4072 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4072 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4072 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4072 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 5040 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 5040 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 5040 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 5040 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3196 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3196 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3196 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3196 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4300 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4300 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4300 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4300 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3888 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3888 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3888 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3888 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4476 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4476 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4476 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4476 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4072 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4072 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4072 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4072 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 5108 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 5108 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 5108 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 5108 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3704 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3704 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3704 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3704 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 1308 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 1308 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 1308 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 1308 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 1184 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 1184 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 1184 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 1184 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4612 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4612 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4612 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 4612 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3968 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3968 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3968 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe 3968 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
Icggcsko.exepid process 2372 Icggcsko.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
Icggcsko.exepid process 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe 2372 Icggcsko.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.execmd.execmd.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.execmd.execmd.exe2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.execmd.exedescription pid process target process PID 4880 wrote to memory of 2372 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe Icggcsko.exe PID 4880 wrote to memory of 2372 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe Icggcsko.exe PID 4880 wrote to memory of 2372 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe Icggcsko.exe PID 4880 wrote to memory of 2844 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe OSUAAQYk.exe PID 4880 wrote to memory of 2844 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe OSUAAQYk.exe PID 4880 wrote to memory of 2844 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe OSUAAQYk.exe PID 4880 wrote to memory of 3520 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 4880 wrote to memory of 3520 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 4880 wrote to memory of 3520 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 4880 wrote to memory of 4200 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4880 wrote to memory of 4200 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4880 wrote to memory of 4200 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4880 wrote to memory of 4028 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4880 wrote to memory of 4028 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4880 wrote to memory of 4028 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4880 wrote to memory of 3924 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4880 wrote to memory of 3924 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4880 wrote to memory of 3924 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4880 wrote to memory of 4956 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 4880 wrote to memory of 4956 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 4880 wrote to memory of 4956 4880 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 3520 wrote to memory of 4260 3520 cmd.exe 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe PID 3520 wrote to memory of 4260 3520 cmd.exe 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe PID 3520 wrote to memory of 4260 3520 cmd.exe 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe PID 4956 wrote to memory of 4272 4956 cmd.exe cscript.exe PID 4956 wrote to memory of 4272 4956 cmd.exe cscript.exe PID 4956 wrote to memory of 4272 4956 cmd.exe cscript.exe PID 4260 wrote to memory of 2108 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 4260 wrote to memory of 2108 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 4260 wrote to memory of 2108 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 2108 wrote to memory of 2488 2108 cmd.exe 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe PID 2108 wrote to memory of 2488 2108 cmd.exe 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe PID 2108 wrote to memory of 2488 2108 cmd.exe 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe PID 4260 wrote to memory of 4016 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4260 wrote to memory of 4016 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4260 wrote to memory of 4016 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4260 wrote to memory of 3324 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4260 wrote to memory of 3324 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4260 wrote to memory of 3324 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4260 wrote to memory of 4648 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4260 wrote to memory of 4648 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4260 wrote to memory of 4648 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 4260 wrote to memory of 4612 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 4260 wrote to memory of 4612 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 4260 wrote to memory of 4612 4260 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 4612 wrote to memory of 2080 4612 cmd.exe cscript.exe PID 4612 wrote to memory of 2080 4612 cmd.exe cscript.exe PID 4612 wrote to memory of 2080 4612 cmd.exe cscript.exe PID 2488 wrote to memory of 1388 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 2488 wrote to memory of 1388 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 2488 wrote to memory of 1388 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe PID 1388 wrote to memory of 4072 1388 cmd.exe 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe PID 1388 wrote to memory of 4072 1388 cmd.exe 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe PID 1388 wrote to memory of 4072 1388 cmd.exe 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe PID 2488 wrote to memory of 4640 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 2488 wrote to memory of 4640 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 2488 wrote to memory of 4640 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 2488 wrote to memory of 5056 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 2488 wrote to memory of 5056 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 2488 wrote to memory of 5056 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 2488 wrote to memory of 3220 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 2488 wrote to memory of 3220 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 2488 wrote to memory of 3220 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe reg.exe PID 2488 wrote to memory of 5096 2488 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4880 -
C:\Users\Admin\pUcMAIMs\Icggcsko.exe"C:\Users\Admin\pUcMAIMs\Icggcsko.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2372 -
C:\ProgramData\ckoAAgwU\OSUAAQYk.exe"C:\ProgramData\ckoAAgwU\OSUAAQYk.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2844 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:3520 -
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4260 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2488 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"6⤵
- Suspicious use of WriteProcessMemory
PID:1388 -
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:4072 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"8⤵PID:3968
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:5040 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"10⤵PID:3532
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:3196 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"12⤵PID:4524
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:4300 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"14⤵PID:2268
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:3888 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"16⤵PID:1324
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"18⤵PID:4000
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:4072 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"20⤵PID:5024
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:5108 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"22⤵PID:3456
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3704 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"24⤵PID:1312
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:1308 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"26⤵PID:3292
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV127⤵PID:4736
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:1184 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"28⤵PID:2932
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:4612 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"30⤵PID:3956
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:3968 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"32⤵PID:2076
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock33⤵PID:4420
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"34⤵PID:3964
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock35⤵PID:3704
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"36⤵PID:808
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock37⤵PID:388
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"38⤵PID:4068
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock39⤵PID:5092
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"40⤵PID:1388
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock41⤵PID:4968
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"42⤵PID:2764
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock43⤵PID:1196
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"44⤵PID:3904
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV145⤵PID:2284
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock45⤵PID:1580
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"46⤵PID:3032
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock47⤵PID:2648
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"48⤵PID:2068
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock49⤵PID:3616
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"50⤵PID:4764
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock51⤵PID:3432
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"52⤵PID:2084
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock53⤵PID:3856
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"54⤵PID:2924
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock55⤵PID:2092
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"56⤵PID:1776
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock57⤵PID:4016
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"58⤵PID:4608
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock59⤵PID:5104
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"60⤵PID:2756
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock61⤵PID:4040
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"62⤵PID:3448
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock63⤵PID:3060
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"64⤵PID:2440
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock65⤵PID:1020
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"66⤵PID:4028
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock67⤵PID:1432
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"68⤵PID:692
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock69⤵PID:1544
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"70⤵PID:4948
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock71⤵PID:3324
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"72⤵PID:1420
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock73⤵PID:1768
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"74⤵PID:2404
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock75⤵PID:2296
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"76⤵PID:3856
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock77⤵PID:4556
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"78⤵PID:2720
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock79⤵PID:2924
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"80⤵PID:4640
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock81⤵PID:4440
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"82⤵PID:3160
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock83⤵PID:1324
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"84⤵PID:3952
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV185⤵PID:2748
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock85⤵PID:4804
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"86⤵PID:4536
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV187⤵PID:4600
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock87⤵PID:3440
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"88⤵PID:3556
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock89⤵PID:2244
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"90⤵PID:5036
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV191⤵PID:4776
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock91⤵PID:1544
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"92⤵PID:1008
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock93⤵PID:864
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"94⤵PID:3128
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV195⤵PID:1308
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock95⤵PID:884
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"96⤵PID:3508
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV197⤵PID:3976
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock97⤵PID:876
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"98⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock99⤵PID:1232
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"100⤵PID:4520
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock101⤵PID:4708
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"102⤵PID:4532
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock103⤵PID:4376
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"104⤵PID:916
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock105⤵PID:3508
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"106⤵PID:1572
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock107⤵PID:4476
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"108⤵PID:2720
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock109⤵PID:2296
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"110⤵PID:2092
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock111⤵PID:5036
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"112⤵PID:3432
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock113⤵PID:3108
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"114⤵PID:1140
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock115⤵PID:5096
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"116⤵PID:4720
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock117⤵PID:2736
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"118⤵PID:2220
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock119⤵PID:1680
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"120⤵PID:212
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock121⤵PID:3164
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"122⤵PID:1420
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1123⤵PID:312
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock123⤵PID:5084
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"124⤵PID:4196
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock125⤵PID:4900
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"126⤵PID:5040
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock127⤵PID:3432
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"128⤵PID:3680
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock129⤵PID:3952
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"130⤵PID:2488
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock131⤵PID:4184
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"132⤵PID:1324
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock133⤵PID:3292
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"134⤵PID:216
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock135⤵PID:3076
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"136⤵PID:3808
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1137⤵PID:1232
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock137⤵PID:2652
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"138⤵PID:4988
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock139⤵PID:3640
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"140⤵PID:676
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1141⤵PID:1776
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock141⤵PID:4600
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"142⤵PID:5072
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock143⤵PID:2156
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"144⤵PID:2696
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock145⤵PID:2452
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"146⤵PID:3092
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock147⤵PID:5008
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"148⤵PID:4300
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock149⤵PID:3752
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"150⤵PID:4956
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock151⤵PID:3048
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"152⤵PID:4200
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock153⤵PID:3708
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"154⤵PID:3440
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock155⤵PID:4968
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"156⤵PID:4252
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock157⤵PID:884
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"158⤵PID:3208
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock159⤵PID:1856
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"160⤵PID:3344
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock161⤵PID:4512
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"162⤵PID:1336
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock163⤵PID:1772
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"164⤵PID:4736
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1165⤵PID:3640
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock165⤵PID:1640
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"166⤵PID:1920
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1167⤵PID:5036
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock167⤵PID:2120
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"168⤵PID:216
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock169⤵PID:2376
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"170⤵PID:1004
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock171⤵PID:2020
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"172⤵PID:2356
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock173⤵PID:3556
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"174⤵PID:3196
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1175⤵PID:548
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock175⤵PID:100
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"176⤵PID:3532
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock177⤵PID:4120
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"178⤵PID:2276
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock179⤵PID:1388
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"180⤵PID:3672
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock181⤵PID:2084
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"182⤵PID:3192
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock183⤵PID:2104
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"184⤵PID:1192
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock185⤵PID:3324
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"186⤵PID:1560
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1187⤵PID:4400
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock187⤵PID:4556
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"188⤵PID:208
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock189⤵PID:3924
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"190⤵PID:3456
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock191⤵PID:4708
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1192⤵PID:3432
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2192⤵
- Modifies registry key
PID:2092 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f192⤵PID:1460
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1190⤵
- Modifies visibility of file extensions in Explorer
PID:1776 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1191⤵PID:3164
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2190⤵PID:4532
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f190⤵
- UAC bypass
PID:2256 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JOskUMAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""190⤵PID:2748
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1191⤵PID:1388
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs191⤵PID:2440
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1188⤵
- Modifies visibility of file extensions in Explorer
PID:1324 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2188⤵PID:4492
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f188⤵
- UAC bypass
- Modifies registry key
PID:3616 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1189⤵PID:4116
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xQwwMggE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""188⤵PID:4936
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs189⤵PID:3396
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1186⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:652 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2186⤵PID:4200
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1187⤵PID:4056
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f186⤵
- UAC bypass
- Modifies registry key
PID:2676 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1187⤵PID:2572
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMsAYcAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""186⤵PID:3200
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs187⤵PID:232
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1184⤵
- Modifies visibility of file extensions in Explorer
PID:3032 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2184⤵
- Modifies registry key
PID:1568 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1185⤵PID:4600
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f184⤵
- UAC bypass
PID:4440 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oekUQcYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""184⤵PID:3740
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1185⤵PID:876
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs185⤵PID:648
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1182⤵
- Modifies visibility of file extensions in Explorer
PID:4740 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2182⤵PID:468
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f182⤵PID:4972
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:4028
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GAkgQwQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""182⤵PID:1708
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:2952
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs183⤵PID:4588
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1180⤵
- Modifies registry key
PID:2940 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1181⤵PID:1460
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2180⤵PID:4024
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f180⤵
- UAC bypass
PID:2092 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1181⤵PID:3808
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qSMUoUko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""180⤵PID:2028
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1181⤵PID:900
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs181⤵PID:4300
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1178⤵PID:2144
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1179⤵PID:2592
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2178⤵PID:2400
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f178⤵PID:916
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WMcEcMcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""178⤵PID:4040
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1179⤵PID:2128
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs179⤵PID:1200
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1176⤵PID:4880
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1177⤵PID:4480
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2176⤵PID:3304
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f176⤵
- UAC bypass
PID:1780 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1177⤵PID:2796
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmUMYwgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""176⤵PID:4116
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs177⤵PID:3076
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1174⤵PID:4556
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2174⤵PID:2108
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1175⤵PID:4980
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f174⤵
- UAC bypass
PID:4404 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1175⤵PID:2168
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pqMcokMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""174⤵PID:2572
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs175⤵PID:1412
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1172⤵
- Modifies visibility of file extensions in Explorer
PID:864 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2172⤵PID:3312
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f172⤵
- Modifies registry key
PID:3648 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1173⤵PID:3048
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pEgQQAwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""172⤵PID:876
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs173⤵PID:4688
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1170⤵PID:840
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2170⤵
- Modifies registry key
PID:2624 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f170⤵
- UAC bypass
PID:3504 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YmYgcsMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""170⤵PID:4028
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1171⤵PID:2488
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs171⤵PID:4236
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1168⤵
- Modifies visibility of file extensions in Explorer
PID:2720 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2168⤵PID:4140
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f168⤵
- UAC bypass
PID:3164 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eoQgUwYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""168⤵PID:4676
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1169⤵PID:3652
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs169⤵PID:1460
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1166⤵
- Modifies visibility of file extensions in Explorer
PID:4196 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2166⤵PID:3184
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f166⤵
- UAC bypass
PID:2312 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSsAAgoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""166⤵PID:4464
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs167⤵PID:2592
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1164⤵PID:4932
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2164⤵PID:5008
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f164⤵
- UAC bypass
PID:2036 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SssckIsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""164⤵PID:4480
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs165⤵PID:4408
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1162⤵
- Modifies visibility of file extensions in Explorer
PID:2228 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2162⤵
- Modifies registry key
PID:1612 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f162⤵
- UAC bypass
PID:4396 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hKMwoIQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""162⤵PID:3356
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs163⤵PID:3792
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1160⤵
- Modifies visibility of file extensions in Explorer
PID:4720 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵PID:2368
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2160⤵
- Modifies registry key
PID:4376 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f160⤵
- UAC bypass
PID:1376 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jIAEAkQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""160⤵PID:3048
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs161⤵PID:4744
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1158⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1788 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1159⤵PID:3904
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2158⤵PID:2764
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f158⤵
- UAC bypass
PID:4232 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BKwwogYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""158⤵PID:3684
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs159⤵PID:4028
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1156⤵
- Modifies visibility of file extensions in Explorer
PID:4324 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵PID:4532
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2156⤵PID:4656
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f156⤵
- UAC bypass
PID:2360 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYosAQAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""156⤵PID:4356
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵PID:2384
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs157⤵PID:2288
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1154⤵
- Modifies visibility of file extensions in Explorer
PID:2696 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2154⤵PID:1640
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f154⤵
- Modifies registry key
PID:312 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aQkgsIYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""154⤵PID:2796
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs155⤵PID:4636
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1152⤵PID:2952
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2152⤵PID:3032
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f152⤵
- UAC bypass
PID:4520 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WSMoAsUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""152⤵PID:4400
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs153⤵PID:548
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1150⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2748 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2150⤵PID:4232
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f150⤵
- UAC bypass
PID:3904 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uCwEEcIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""150⤵PID:4260
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs151⤵PID:3504
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1148⤵PID:5036
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2148⤵PID:900
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f148⤵
- UAC bypass
PID:2128 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VyEowoQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""148⤵PID:436
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs149⤵PID:2736
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1146⤵
- Modifies registry key
PID:3640 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2146⤵
- Modifies registry key
PID:1208 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f146⤵
- UAC bypass
PID:4980 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bsgcMoQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""146⤵PID:4884
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1147⤵PID:4316
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs147⤵PID:4880
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1144⤵
- Modifies visibility of file extensions in Explorer
PID:4056 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2144⤵PID:1668
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1145⤵PID:3344
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f144⤵
- Modifies registry key
PID:4804 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FoUkgQgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""144⤵PID:3156
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs145⤵PID:2508
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1142⤵
- Modifies visibility of file extensions in Explorer
PID:2384 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2142⤵
- Modifies registry key
PID:5040 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f142⤵PID:4532
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MsgMMgYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""142⤵PID:3652
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs143⤵PID:1940
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1140⤵
- Modifies visibility of file extensions in Explorer
PID:3128 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2140⤵PID:4628
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f140⤵PID:4464
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\akQQIkYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""140⤵PID:4300
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs141⤵PID:3884
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1138⤵
- Modifies visibility of file extensions in Explorer
PID:1256 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1139⤵PID:2000
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2138⤵
- Modifies registry key
PID:5092 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f138⤵
- UAC bypass
PID:4608 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jGgkEQYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""138⤵PID:1772
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1139⤵PID:2220
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs139⤵PID:2084
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1136⤵
- Modifies visibility of file extensions in Explorer
PID:3672 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2136⤵
- Modifies registry key
PID:1828 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f136⤵PID:3968
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HqQkkkIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""136⤵PID:5084
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1137⤵PID:1708
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs137⤵PID:468
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1134⤵
- Modifies visibility of file extensions in Explorer
PID:1244 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2134⤵PID:652
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f134⤵
- UAC bypass
PID:4116 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zGAUsIAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""134⤵PID:1648
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs135⤵PID:4236
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1132⤵
- Modifies visibility of file extensions in Explorer
PID:4656 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2132⤵PID:2368
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f132⤵PID:1776
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\juMwMcgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""132⤵PID:452
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1133⤵PID:1348
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs133⤵PID:4980
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1130⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2924 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2130⤵PID:2400
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f130⤵
- UAC bypass
PID:1460 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ckokogMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""130⤵PID:2168
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs131⤵PID:2000
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1128⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4120 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1129⤵PID:4408
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2128⤵PID:3620
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f128⤵PID:4532
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KcgoIcEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""128⤵PID:4748
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs129⤵PID:4412
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1126⤵
- Modifies registry key
PID:4144 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2126⤵
- Modifies registry key
PID:1348 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f126⤵
- UAC bypass
PID:548 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oMsQMwAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""126⤵PID:2816
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs127⤵PID:4732
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1124⤵PID:1708
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2124⤵PID:2304
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f124⤵PID:4744
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TKcEcEEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""124⤵PID:3228
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs125⤵PID:3208
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1122⤵
- Modifies registry key
PID:2300 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2122⤵PID:1696
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f122⤵
- UAC bypass
PID:1568 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tWkoIosM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""122⤵PID:4676
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs123⤵PID:2508
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1120⤵PID:4316
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2120⤵PID:452
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1121⤵PID:4400
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f120⤵
- UAC bypass
PID:2832 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bkEgoYYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""120⤵PID:3620
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs121⤵PID:3440
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1118⤵
- Modifies visibility of file extensions in Explorer
PID:2040 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2118⤵PID:2796
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f118⤵PID:4680
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PqMkIEgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""118⤵PID:2912
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs119⤵PID:3336
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1116⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3880 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1117⤵PID:2296
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2116⤵
- Modifies registry key
PID:2144 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f116⤵
- UAC bypass
PID:840 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lUsoEYEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""116⤵PID:2924
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs117⤵PID:3556
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1114⤵
- Modifies registry key
PID:4688 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2114⤵PID:2944
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f114⤵PID:3744
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MosQcMQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""114⤵PID:4408
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs115⤵PID:3344
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1112⤵
- Modifies visibility of file extensions in Explorer
PID:4736 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2112⤵
- Modifies registry key
PID:1132 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1113⤵PID:1376
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f112⤵PID:5092
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YuwMUwEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""112⤵PID:3676
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs113⤵PID:1412
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1110⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:436 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2110⤵PID:4412
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f110⤵
- UAC bypass
PID:4196 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmQggQkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""110⤵PID:2652
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs111⤵PID:1232
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1108⤵
- Modifies visibility of file extensions in Explorer
PID:4884 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2108⤵PID:3452
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f108⤵
- UAC bypass
PID:884 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DmkgMIMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""108⤵PID:312
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs109⤵PID:4464
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1106⤵
- Modifies visibility of file extensions in Explorer
PID:1132 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2106⤵PID:3312
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f106⤵
- UAC bypass
PID:1416 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fwYkkkUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""106⤵PID:5020
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs107⤵PID:1772
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1104⤵
- Modifies visibility of file extensions in Explorer
PID:3976 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2104⤵PID:3884
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f104⤵PID:2736
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dkAMMEwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""104⤵PID:4988
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs105⤵PID:2108
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1102⤵
- Modifies visibility of file extensions in Explorer
PID:4400 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2102⤵PID:1244
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f102⤵
- UAC bypass
PID:2940 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cycMQswU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""102⤵PID:1420
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs103⤵PID:412
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1100⤵
- Modifies visibility of file extensions in Explorer
PID:4736 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2100⤵
- Modifies registry key
PID:1208 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f100⤵
- UAC bypass
PID:3032 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WOkYAAgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""100⤵PID:3620
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs101⤵PID:1376
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 198⤵PID:5044
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 298⤵PID:3440
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f98⤵
- UAC bypass
PID:3184 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yYEQIAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""98⤵PID:4412
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs99⤵PID:2652
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 196⤵
- Modifies visibility of file extensions in Explorer
PID:4396 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 296⤵PID:5096
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f96⤵PID:4540
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HEQQQAUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""96⤵PID:3680
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs97⤵PID:4828
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 194⤵
- Modifies visibility of file extensions in Explorer
PID:3084 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 294⤵PID:4128
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f94⤵
- UAC bypass
PID:1144 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZqcAwYAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""94⤵PID:1976
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs95⤵PID:1420
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 192⤵
- Modifies visibility of file extensions in Explorer
PID:1688 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 292⤵PID:4872
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f92⤵PID:4476
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\begMoYkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""92⤵PID:2624
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs93⤵PID:1376
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 190⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3708 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 290⤵PID:2148
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f90⤵PID:1572
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV191⤵PID:4684
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gaEMUEAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""90⤵PID:3620
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs91⤵PID:2464
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 188⤵PID:3668
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 288⤵PID:2652
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f88⤵PID:2900
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qYgAsUYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""88⤵PID:3676
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs89⤵PID:2020
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 186⤵
- Modifies visibility of file extensions in Explorer
PID:1912 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 286⤵PID:100
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f86⤵
- Modifies registry key
PID:3744 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YkYUwUMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""86⤵PID:4868
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV187⤵PID:3512
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs87⤵PID:1680
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 184⤵
- Modifies visibility of file extensions in Explorer
PID:3840 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 284⤵PID:4376
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f84⤵
- UAC bypass
- Modifies registry key
PID:3976 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZSgUAgkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""84⤵PID:4272
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs85⤵PID:2384
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 182⤵PID:1308
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 282⤵PID:4140
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f82⤵
- UAC bypass
PID:2796 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rmIAIkkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""82⤵PID:4492
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs83⤵PID:4128
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 180⤵PID:1008
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 280⤵PID:3032
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f80⤵
- UAC bypass
PID:1252 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JwkMcswc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""80⤵PID:4648
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs81⤵PID:5020
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 178⤵
- Modifies visibility of file extensions in Explorer
PID:2244 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 278⤵
- Modifies registry key
PID:1248 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f78⤵
- UAC bypass
PID:4512 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\akwMwkAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""78⤵PID:4684
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV179⤵PID:2280
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs79⤵PID:3040
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 176⤵
- Modifies registry key
PID:4936 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV177⤵PID:916
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 276⤵
- Modifies registry key
PID:4072 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f76⤵
- UAC bypass
PID:3364 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ooYwoQEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""76⤵PID:4776
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs77⤵PID:4292
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 174⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:652 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 274⤵PID:4908
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f74⤵PID:4600
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ImoQYksY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""74⤵PID:4764
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs75⤵PID:3512
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 172⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1200 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 272⤵PID:4128
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f72⤵PID:2312
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xeUoQwoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""72⤵PID:3928
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs73⤵PID:3292
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 170⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4980 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 270⤵PID:2744
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f70⤵
- UAC bypass
PID:3108 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BIEEAgAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""70⤵PID:2748
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs71⤵PID:3752
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 168⤵PID:3708
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 268⤵
- Modifies registry key
PID:1160 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f68⤵
- UAC bypass
PID:4524 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\basQAIYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""68⤵PID:220
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs69⤵PID:5100
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 166⤵
- Modifies visibility of file extensions in Explorer
PID:4300 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 266⤵PID:1060
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f66⤵
- UAC bypass
PID:2720 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lsgUUEwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""66⤵PID:2280
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs67⤵PID:4260
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 164⤵
- Modifies visibility of file extensions in Explorer
PID:876 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV165⤵PID:1772
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 264⤵PID:4936
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f64⤵
- UAC bypass
PID:3164 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV165⤵PID:4412
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wikwogoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""64⤵PID:916
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs65⤵PID:1612
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 162⤵PID:1948
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV163⤵PID:4760
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 262⤵PID:3392
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f62⤵
- UAC bypass
PID:3344 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uWUUAoYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""62⤵PID:4636
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs63⤵PID:3420
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 160⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4416 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 260⤵PID:1420
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f60⤵
- UAC bypass
PID:4708 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pqYgssEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""60⤵PID:3928
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs61⤵PID:3396
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 158⤵
- Modifies visibility of file extensions in Explorer
PID:4356 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 258⤵PID:4440
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f58⤵
- UAC bypass
PID:1648 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nicoYgMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""58⤵PID:5056
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs59⤵PID:3952
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 156⤵
- Modifies visibility of file extensions in Explorer
PID:1924 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 256⤵PID:436
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV157⤵PID:2300
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f56⤵
- UAC bypass
- Modifies registry key
PID:1632 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xcYsoowY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""56⤵PID:3228
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs57⤵PID:2368
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 154⤵PID:3772
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 254⤵PID:5072
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f54⤵
- UAC bypass
- Modifies registry key
PID:4028 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VsEMsgoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""54⤵PID:1132
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs55⤵PID:2720
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 152⤵
- Modifies visibility of file extensions in Explorer
PID:4532 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 252⤵PID:652
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f52⤵
- UAC bypass
PID:1016 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ISYowoUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""52⤵PID:4412
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs53⤵PID:1772
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 150⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:212 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 250⤵PID:1920
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f50⤵
- UAC bypass
PID:3156 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UIccYIws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""50⤵PID:1184
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs51⤵PID:4760
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 148⤵
- Modifies registry key
PID:2708 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 248⤵
- Modifies registry key
PID:2376 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f48⤵
- UAC bypass
- Modifies registry key
PID:3976 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmwMMwUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""48⤵PID:3840
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV149⤵PID:808
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs49⤵PID:4708
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 146⤵
- Modifies registry key
PID:1544 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV147⤵PID:3704
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 246⤵PID:2128
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f46⤵
- UAC bypass
PID:4608 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lgcEgQwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""46⤵PID:2144
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs47⤵PID:4188
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 144⤵
- Modifies visibility of file extensions in Explorer
PID:4024 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 244⤵PID:4928
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f44⤵
- UAC bypass
- Modifies registry key
PID:3924 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pEUkMwwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""44⤵PID:2652
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs45⤵PID:2300
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 142⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2160 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 242⤵PID:2924
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f42⤵
- UAC bypass
- Modifies registry key
PID:1576 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FWgsokcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""42⤵PID:4464
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs43⤵PID:1132
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 140⤵
- Modifies visibility of file extensions in Explorer
PID:3500 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 240⤵PID:60
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f40⤵
- UAC bypass
- Modifies registry key
PID:4612 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DWgIYMAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""40⤵PID:4072
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs41⤵PID:2296
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 138⤵
- Modifies visibility of file extensions in Explorer
PID:1688 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 238⤵
- Modifies registry key
PID:1348 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f38⤵
- UAC bypass
PID:2288 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QmsgEQYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""38⤵PID:1184
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs39⤵PID:212
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 136⤵
- Modifies visibility of file extensions in Explorer
PID:4356 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 236⤵PID:1252
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f36⤵
- UAC bypass
PID:4332 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\acsUkssE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""36⤵PID:4948
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs37⤵PID:1984
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 134⤵
- Modifies visibility of file extensions in Explorer
PID:1540 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 234⤵
- Modifies registry key
PID:4484 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f34⤵
- Modifies registry key
PID:676 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QAcQwEkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""34⤵PID:4608
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs35⤵PID:4796
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 132⤵PID:2168
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 232⤵PID:4028
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f32⤵PID:4536
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SCEsIEgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""32⤵PID:4784
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs33⤵PID:2284
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 130⤵
- Modifies visibility of file extensions in Explorer
PID:2440 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 230⤵PID:432
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f30⤵PID:3508
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PYkwQgYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""30⤵PID:100
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs31⤵PID:2764
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 128⤵
- Modifies visibility of file extensions in Explorer
PID:3308 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 228⤵PID:3304
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f28⤵PID:1912
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HOkcQMsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""28⤵PID:4376
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs29⤵PID:4492
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 126⤵PID:4884
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 226⤵PID:4116
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f26⤵
- UAC bypass
- Modifies registry key
PID:1524 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vCcUgoEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""26⤵PID:3888
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs27⤵PID:3068
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 124⤵PID:1052
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 224⤵PID:4300
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f24⤵PID:1560
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eYAsggEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""24⤵PID:3976
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs25⤵PID:4956
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4880 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵PID:1160
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵PID:5072
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\omokUAAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""22⤵PID:3708
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵PID:3964
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵PID:1384
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵PID:3116
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
- UAC bypass
PID:2084 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IucwIYcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""20⤵PID:1576
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵PID:2464
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
- Modifies registry key
PID:3740 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵PID:4900
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
- UAC bypass
PID:4868 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyYgUcMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""18⤵PID:3772
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵PID:4480
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 116⤵
- Modifies visibility of file extensions in Explorer
PID:5092 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 216⤵PID:2488
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f16⤵
- UAC bypass
PID:1848 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tGEIswMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""16⤵PID:2400
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵PID:3220
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 114⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:388 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 214⤵PID:3880
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f14⤵
- UAC bypass
PID:2020 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DYsUkQIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""14⤵PID:4736
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs15⤵PID:808
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 112⤵
- Modifies registry key
PID:1732 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 212⤵
- Modifies registry key
PID:2028 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f12⤵
- UAC bypass
PID:4520 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vykccoIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""12⤵PID:1924
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵PID:1464
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 110⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4464 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 210⤵PID:5008
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f10⤵
- Modifies registry key
PID:2296 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VOAEwQEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""10⤵PID:3224
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵PID:4408
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 18⤵PID:2440
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 28⤵PID:3336
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f8⤵
- UAC bypass
PID:4936 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GIwsYgkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""8⤵PID:2112
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵PID:3432
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
PID:4640 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵PID:5056
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵PID:3220
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\guUEMkUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""6⤵PID:5096
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵PID:4624
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
PID:4016 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵PID:3324
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
PID:4648 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmgMUkgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""4⤵
- Suspicious use of WriteProcessMemory
PID:4612 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵PID:2080
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
PID:4200 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵PID:4028
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- Modifies registry key
PID:3924 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EOgAoIIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""2⤵
- Suspicious use of WriteProcessMemory
PID:4956 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵PID:4272
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
154KB
MD5ad505bb5ec1606317f2faba08a1ca519
SHA1086eb6006236d85531ada6256475a7ca54e817fc
SHA256891923108877a9c1e6312e20eccfea7998e346cc9f8f857a197218f4249866f7
SHA512d9841081aea390c4a6793ed405fc24843338da7e1d8fe6feb8e5faa80360c352866f19e35b91f301704b21cffc2f065f3f6bf7ed101a7b4693a68278f777015d
-
Filesize
155KB
MD57ebded6dee83fc81bfc38b64a5d4e402
SHA1918874d020c2bc6f4783feb5926de736625a3fae
SHA256f05692d4d3df7f57560d7d8d1d4e182b0b62d578ca23a0d182ddc00096b4148e
SHA5123d4bc1167260e1f5eb300ee1ae47915f681218ce803eee4d2ff712c3d8e70cb2087ed76a889797dcf69f50dd2691fbdf1433c7a1e32d1604740fc119ab30bb03
-
Filesize
117KB
MD5db2cc9c009f88631c9dffbb7a4db8489
SHA1ad8807e87017d3de1ce94749cbd8e1b239c15750
SHA2564ba20d4f1256501ed3f2e61484157e68c5569f5cc0b4ff5e47f3fdbb0323199b
SHA5129873cf39b3d161c19ca71bb8b6e5b6891e58b5ad937bd1c4b96bd597b647ce559abbeddc59e958f248c8dffeef41c65dc0242bb0753f888b7637bc0cbce0a7dc
-
Filesize
111KB
MD500e9cf63d1aefe3ba4920bd50affcd07
SHA19e336ec79ddfaff8ac1b410bef20b84c658510ef
SHA256128d19bf619b7faa9e6ece208bc333756c7aae7101f63574ebc526fe161935b6
SHA51213f487bfb427d9eaaad76c6cbef1feda8581e12a4259b35938761670df8393b0d401d5fd105c2f05f49fba6830e6b45fd8ee8210c5d233015766ef0b58eaab1f
-
Filesize
118KB
MD5a300b6862768e163c15c08936fb3bb4f
SHA176bedeed54ed6f88ccd2bc5b32dac5e12355c43b
SHA25621944492385160e4603fc2f73e022ccf9a66ca861dfccfb81ffe61e419b920c3
SHA51297935836f07245e657b86f710338e24cd8d5b6965b395771543d383889cbf72697e0638f8a42d7e73903c3809786d57c7578195a0752f4d1bd209e70490f5fd3
-
Filesize
118KB
MD5e8bbeb8b16d18f4653fe09083e9bd85f
SHA1e5979cce13a52d7588a121b97b88fd7179d22a10
SHA25605674a1231b34e0a1fce7bbd1b1b5491d2a2702075d4ea0cb027e0c477d6340e
SHA5126853ad2583d34ed5b472615266acacb65af9182a7fcd3aca521152d12c7e75d1c64ad0fe237fb9125a07892a1efc45049668664d40b7b9ae874b5effb717ed86
-
Filesize
117KB
MD51fbe1c6e81f84a1e7bb27f9e7c45c36f
SHA1e9e0c71602bee1b2a9be478f137af9143657876d
SHA256d7c78b8b5600ebe0365f2702a8d0013388f2490e0406342548d398a091278bd2
SHA512f6171096c3d269beb7a7f7d7c87bbcc124082f3136b6ce4d38e2281604496d2c7df421bf611c4729cde2ff3909634d92ddbc8176a2b57fa184a0edb4b832bb0c
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-100.png.exe
Filesize113KB
MD5cb63170ec0bbb01287b274c8e6a887d7
SHA184b4929636badaedc1251637d1f4e83f6276f1f4
SHA256c33d1195055664734f7204c9739417bb0102c6edb327eef4ca0a57ea811ead3b
SHA5128b0c53daf524ad80a0b3740b470794822fb4b91b902710f2f23a4bc80674ee9ab991fc34d1e039d76e21e9444bb61791c08a6973d1f556e93b20fd4dbd14cb92
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png.exe
Filesize112KB
MD50a5fec02f8c5c67d9fa0b02ebe19d285
SHA1e94dd1562ffd122a4189d3436a185498d4573212
SHA256aafa1935a65f47a34f7307209796cb661bd8b9f50569dd5934b20dd2ef74b570
SHA512119166bae7d196d901571bcae70c1dd317a60fa6d7397182a26232c26ea67e5a59d83a39345aafeb02d3aa073922acd228284998732cf6d20219848c4ec32d0e
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png.exe
Filesize112KB
MD5f457d30f63cb03e0941120bb1d09674f
SHA10b641d202f69a805baa5d749d0b98abb183f72e5
SHA256cc3da10cca3fe5d7d336be11844dce93ac5305bb6d622c864e13150c31eb2baf
SHA512eb0527d88888645880291f34c0011c1af9e8e832daf5d78148e75aa774c553880195d544ae59ab865a9af8cf73a949e2f49f9ad905cc7c87d897b54bc3aebd79
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png.exe
Filesize110KB
MD51e5c68331625baaf183b7b4bc1922eb3
SHA1e4cfe5c34c93a135c9472bd6bcdd4bd63cea8aa1
SHA256b9562c107e17f8cef50a1906b0bbcc7f71693136a9e0a9867fd0cd120c67e8f4
SHA5121e14bb7573eea27b5d7c9164faf26479f6f6b09ec0724d78678e2e73a92b8374a9d78103dbd2804eaa900557df465722d185d4bb8d618d2dd247af0a149e22bd
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-100.png.exe
Filesize111KB
MD58975ccef480f3579eec4a05125587285
SHA1a6a3f4c6b3ef90553dbc1cf55e0f309310b5dd1b
SHA25651c072e234a0d0700b13869d66ac82d7e4d4da6055c6477bfe6c473817438d21
SHA51234032d4ca287de076217783e9d6220d3ae6f78f3ef7a20574f101a8f91b879cd6950bf05c7820e138411205bc33cddb0ac5cd41c6fad36d4010edd55fe048be0
-
Filesize
111KB
MD5ebc7572bc7ee4f2cffb75444f2605523
SHA1bf565a250fac8450473d6ab86824a7b76037a15a
SHA2566382157280f9dbaff8ea9f9c6647d8c1aae73f0c0c5d2a72623bd986342555bc
SHA512246ead31c008089ac91ec3afb0257e1962211025912d378e160177370a44b80600906526b972c83b29cd08709e1e5f12f5af2e832c41becec1f173367fce60e1
-
Filesize
113KB
MD5386ab52268282489ecb73177bcfd43fe
SHA1040be325dfa1fcef76a021fb491ef364a4829270
SHA256150982eca85fa373460b1302a3b9cef217ae52c9f432427a45bcaf02c92a755d
SHA512608a244735fe41b9dbe5c7a42b1e92f8340b7a1dfd501a034888a5baee306f06ba53a8b99ea05dd4697cbab3b2f8f2a39100e92a166637b483278ecb5a57f1ce
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\squaretile.png.exe
Filesize113KB
MD577e50549c768ced972c3eb5c6f6f9a1b
SHA1baf4022d97c10d3133c97f1be0edfe54fe10e74c
SHA256bc57defcbc2a408c25a87ebcfc6c1f91a143b3b84a3bdb9fddd9f6c7b79cf7ce
SHA5127aacab67100c441e29c1643574018b2467e2256a5d5bdb6cbe4aed9ff101955a1c36a56c73cb5efa93d626872c4c2700c566a57c0ea7a09f56d630434cd7fd8c
-
Filesize
4KB
MD53ec5c3e607f34cc9d912e6025ef19268
SHA1f0311c3dff7cfaebc9ee927477b2c8b97465e6f1
SHA2567e51a0181f0a07085aefb09c3131cb9d98b9cef7b33f471345ba5917c5619f71
SHA5129ad55ea85ca9fe3eebdd14f09147016c58bffb31c99421cfac13e93b6ddf8b28991298ac417fac663075f934884c6fd982ac28c3df85d327c97a11d45a42cffe
-
Filesize
239KB
MD5621e95ccf95de241ab0161b6ddefc923
SHA192a8890b1e9cf91f0534b3567962ad2f185e5ad0
SHA256e1f50f409a0d5198e71c061c41c374608ab64d3225da7401b83c38ae22c1109f
SHA51264c279f767aa9862d7faa3da274364d18f83f79e8753b9e09f4f3ace9dceab1a45eeee0f6783019b38d3db207362eb08df3c23577a1b307c1de003cfee0904b1
-
Filesize
5.8MB
MD58134a625712376eab6d675555e861df9
SHA1ae7e3f9515b112059102a796d554bcdb147a45f8
SHA256d1889e5cb7f0a07471dd726e08629c61fd55807f294b1efab4be130959c2d604
SHA512d529f47147bbedf186049a7892f491418705f1ee09cf133401da94d1cfbc0f2dd6f74ab9de6bc39faaa012392ac56dcd5a896e1c539151ee749bf07964245676
-
Filesize
137KB
MD573002e8e68a14de115c409f5798d39fb
SHA14b1f12f6d6f7ac29bc1464705d1f58b9b8900355
SHA2562565d8e652904e0c55c5291d4e1f9ad1a55c58c4d73216668cad6e70ccd60761
SHA512fd53e686bbdd6e8b49bec3558c0a8c476e6c95124ff4124ba4f894853ecbb95e0bad23b00191f456f633ece054505c259fb271fb3215b46ab70f07afad9793bc
-
Filesize
111KB
MD5dee70c34a1de30f7cd36678bb0ffce08
SHA14d4a860646230182363b7a5102d620b70f70b334
SHA256c0d7d94c6ad014abfaea797da2d45f4007a228c01525984c3b7df06c27f3f9cc
SHA512017c46c523165894cb44c00b0a92efaf83d2eb02d55d82c2e4e541361244a8be5aede03e4565fff2d0b4750f7c40253b43b6a5d2aa3c62bc0fec67ddea7e8394
-
Filesize
114KB
MD5482c9e06eb689e3a3844bdf1b2b18f78
SHA1a64bf76efd92b0523995995ba514228e8bab0490
SHA256f3d426e532206ae48bb72de8ed3417543875b6d20ded1becdf83f9a26a80ef24
SHA512dbffe04fcf7357e472ca13e002263ca644d8e9bb61aecf102d52a0ae22cd220acb8c718d90da68413534da2f9eded91ea1f49c0ac51fd79ab29b483b90d4a539
-
Filesize
323KB
MD5d3e386053b51b718a073390b560802d9
SHA19c7f72d92ab4564a775aadc94dda9b5c7bddf9fb
SHA2560a27b69c78170ce752d6c4ecb704f6bfc6e02196ab4b0373ea2442bb1bb841be
SHA512cab6187df90c5ee81969c9018f0843ec6243c614163874b15e57c8d39dff68ad34bc01236ef96fe60b241258e2b39ddd3c4ac2b6001a3ae3df80bf66253380c2
-
Filesize
4KB
MD5ee421bd295eb1a0d8c54f8586ccb18fa
SHA1bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA25657e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897
-
Filesize
111KB
MD51099b25d1d418da8d655f2e455aab7ea
SHA16712529813e7a9580ca915ac9723897b8e1836b6
SHA256715cb8f920a0a5b247232c2c449a5904d696c95860279e46c7e15389f716db62
SHA512977b572b6555ee5828b113c7b268d392eb5b051973a038f6255a1e093139fd35047fc3d95c2d75ca0265bebe841c29abb933f994803f0d95830af040a0aaab0e
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
111KB
MD5223d5f31f460e470954d2b84b96bf391
SHA1e1e59502c88b6d2359754bc6bbdbb286464b9e20
SHA256453e9e0b0ef05517d4484bfec90873b9c4f8e19899628be975627494b4d7e515
SHA512a8e77d12e5d63142738070f7ba6cd5c1e6845467a96d0afbcd9a2f984fc05f058e3c32a9c65ceacd27b7b645ef456fcdb973fdf913e2471ecaac46c28a94657f
-
Filesize
112KB
MD5ce49999b6d87b8210da0d35349fa3be5
SHA147acb495cc8e7c95679437099116ff31ca519634
SHA256a8e1a4478d4d391e55f83ca02e2cfae838f57cf4d34e1c0714435bda73461efc
SHA512a767144ff8c1994d82d146653bffb8944ba4abf3532af598a9e60979b6483b5c0148df089c9cd3f75009a4db2d7396b0aa03370299a164149cc1381492e49113
-
Filesize
112KB
MD59df68a6a44bfd2393b6c789572023263
SHA17ba06e98886b6f5a749ff03816e8e93c36e214a0
SHA256e22a66c3723e5e9e13dd1bdc3441bdf476340b778c9e3391680893816d24b5a8
SHA5120aec27a38316307315f0f48e07aa0388e446b2de28abce414a90145a7410eb3aaff51ee9ba5ed415fa1888bbb65abbed26a546a5baf7bca12beb5252b1619f72
-
Filesize
111KB
MD5a9c7cfb784668b328c0f881f10690dde
SHA1b089eb1100a09862fbe4a69bd68dc2b01216c5c0
SHA2567bb8897a1541d33bed64bf9bff81c126a66650812190ff7050304734ce1b064d
SHA512c4f7b930dfd1ba4326be5cd4b157a59bc0f12e3034d6741a8a1eae9ae6a33a2ae98cb09505043b9e5f8bc1ca75edf3f7386e980df3bab45118fd749b85ac085d
-
Filesize
486KB
MD50cabb83e56aa2477f27481bedb70bf55
SHA16da56d661a31e98d3e837dd8986d81f1aba33ebd
SHA2567fa15e9df766c57fd28dee1a6cdf0f16d324a58325cde1b45cbc38d8948e742f
SHA5125ae0295c8752a777e7c9e2fb1f1c933a05eaa86bd0e600a737ead776f55281854184b098be41d27df6729f4f408f39c803edc4b0fb7e159b58d592ba0b8e107c
-
Filesize
555KB
MD5203d03edad236c3c8180ebc74bf9e12c
SHA1f9406d7c51f789b323bfb4ab43ab2b3589dfa12e
SHA256ae68638e838a46e421e6814190fdd9e5fa80f5d52d4cda4c3ddfed081ff7942a
SHA5124c5d3b0dad6aa4334c9d58ed6316f3af552b6b2a45477f13aa018870c46fa5875c0775311d19f6f59934132d5ffaf125a59e6e93486f9a2d9c151e38457b6099
-
Filesize
595KB
MD543916eb776df346d7e06c59e89c424e3
SHA13aac50ba1ab85564b3f3237b9cfd780d5f1424c1
SHA2560e53ac3ce106ed7f20e04778221aebde6a3c0a51190d2d13c84e7d450abe753a
SHA5126e7eca237aeff419e9f328925e8e084c7d15b676bae13bd42ccdbeab96b53701747d29b17ae7d2ee1db9f94ffd86cc348d4a4b27b190d51d3fea03f778da5d48
-
Filesize
719KB
MD5ea8957c51da130d2785f40dce228141d
SHA1cefbb7eca7b9bfa2bf22ee73dcc58fc197f7a7db
SHA2569b2154dc0ea318d8b35172eb6204db857bf0da266d4efd4a5b19003cd6867468
SHA512e8e28dc19ccd5f36c2e0964a2c36623e83244e51b571ec5ec8d691aba34cdf0bebde35f67681fbcbbff992844a0dd7b858dcb7218470db6f30d8a98080439719
-
Filesize
112KB
MD5d38c3e41d9aeb98b1f095d4d7569436a
SHA109390345e10f08445edda62857959676a12d4478
SHA25658a919035500a05ff305764cb6557033ead005614dda42dde79e794a4b3da24c
SHA5128665f155d3b6de8b8862729b7939058f61eb1dfd348374d189f398450367abaaa00f73e324089c05ff4004aa6a2d9599c285c8674d14c03a091875ee7ec10682
-
Filesize
111KB
MD5dd4e3d18f6f84db51142d8cc1e1a83ca
SHA1469f02ca27222344ef0105318ad501412a8e8d27
SHA25649e81127da7b18c77e71903c6e2e7b567f182989199980886f6eeb67bd96678c
SHA51218bbdd31bc6a410a9ebc628fe34cc9cff8503b4bc3a9a9259acd03b9558f9afaca77201e184dcfca428cc369e7651548be257ffa680b379faa7c0912c13147f2
-
Filesize
470KB
MD5d441db612ca62a273d170aed434e3934
SHA1689db552d210c3ccbf583b48101ad4cdc151b072
SHA256f75ca91082f8a35301d7b3286045215e950a27b7e736369dae9de3a7ae7506b9
SHA512c1e4ac67281931a579cf21a874451be4a024f69ec40518ff9bcf69ccfb6a1cb753956a725bc539bd4c909765e98dcdedbf065b2e8ea25abc66c21d365a166831
-
Filesize
113KB
MD5dfdeeea9a479df0cdd34183bf49c5400
SHA16e833f7638960f86e24333c0a45ee50b569840c0
SHA2561439d66a664ee90743064702c2b1043901c3e9be81442c951f374a58eecb3091
SHA5121e5ebf8e2a2d9dc507ad47ff1ce429dd2d5bf19b574d062e39cec945804cc84a8cc48a4b25f9baf01617c504326ca1a0fb6dd8260bd06d2480809bb8043dfbd0
-
Filesize
139KB
MD5ebde16ac567bf2ec45593c71d19e8a69
SHA19f3b05c9673dc58189fb4e482b39fcd45bd13c20
SHA2565f83ebf4bde274e6bca9fe2e5374708f08ac662978cbf6f71e9193dc210373da
SHA5124ffc69ec468555c69c0b6c8127067eb9d9c8b866f4469419f2ca8ae663b7936dcecb449e22add280c7a2cd46b01fe071b3ea40d6855da41626edd07f7be5a6ba
-
Filesize
121KB
MD5877b51ebaf00cd22e804d7669ef66894
SHA1f2627490401a9a4780e61b03b630343136d4a3b8
SHA256be4556da6b0c343f4696b77cf1b81be2c4825b9baaca15856bd16d757b9243ba
SHA512698c8f455ed99c4b7f66a3c9bd08874282ce5240e23b32a0ff511b9bfc9cd5c6ee142ee152116cdaad6b3edcef87cf7f3366b123840abe6a59855b44ba52417e
-
Filesize
119KB
MD5ca1638116877c12bd4d8e5811a9e027b
SHA19d893134c9f6f38e7278e3db496a4f7a88a9bfc6
SHA2567718af1761344b65ce6914ad28bc99a9fcd390b67accdb0a19e6a9e6123f8f53
SHA5125899b032d7550b28a0dfc21231af93236b43a3a421f0ebccba5020ad60f8c34aa80e03464ebf0bd9913040550b4e14602a77a86e941f6a76ccd4930464c480f1
-
Filesize
112KB
MD5fff9e3b07a381083b02f52f8be5355e1
SHA1cf8e5375e01c4a2182d2d9e2501d3b800790fd1d
SHA25680e2b4b3e86bc51c5200f56cb3d12b51c8246610cbdc3175f768e7d7b7a47385
SHA512877a65d1bec2f118b701f1ad8145c373f491915b709e05e7a2c7f441e9fab792227c49d6bd0375f00e9f0c4bba7359d6b9dccb5150004f575a8f177fb05f4a32
-
Filesize
110KB
MD51d360b896f1c399c7a1f58318b23cde6
SHA1a255fc20c8534668076e49bdb0c6e8f9b5af1694
SHA256d4a7a52063c0fbaaeb4a8af3dc2988213e3cef6f3b900693aa67a9c3e4780fd0
SHA512462abade23cffde16a4e3b6b9bf8c92b5abf3c917b1947b44af70a8e68c0986441773e35a3e1d55df614942dd7151fb935ace5a1aad3591a08457b90113b91b1
-
Filesize
112KB
MD51dd071af533dd57c1fcfce1d7a250245
SHA1afebe94dd4c03cc9d5974903b631e461c2a73449
SHA25611f6b056f9c3698d090e282e2cb4b487570763244d8d8c8a5b6171ba00dd1225
SHA512c31e8c8477fa53d9a37a45c53826a30cf667b35291555d2ffd4c78ea585ee6b94ac86cd0b864139da42ca0467d6688791501cc326b50154e1a84ff3d3c8a94ac
-
Filesize
425KB
MD5db0f7e48a7d13583dfd0a8787a3247db
SHA1d8cb9a7d9400c4a3a8915eb524c3a92a2e6016e1
SHA25658b664f641de40e5bcd932e6c317fad4738f138fdb83a078e80982c0c109e350
SHA5124dd48b7d12ce6d37118d0f638bb8923e646714e28c49410149be7e299d57c9c9b05e5b21ceda496e2af2c29444ab1cb95e1822151e9b91b919b5bb5f628044a2
-
Filesize
5.8MB
MD5d2556a0719bf37fa4029cbd146fce695
SHA1924be97367a4e1cae03c8ba280819ff9ced4e67d
SHA256a148c125769ccd239a86be52b4697afa6e812a57aefc0cfcb258da1acfc4850f
SHA512d2d3396f1f8bfa65f97a8874911ff38160669c1bd88468bb3191f8ba5b40e311af0f5be6c913a80344299eb0338c0310046952215ceedf43f4254eefe0e78e6c
-
Filesize
118KB
MD5405d9a395e074cabebeeb01e66a05007
SHA13a64297d13d8ea05c37a3e4a46b8d4c80c817a05
SHA256089cde2361a6c6e78104ed10f1701fafbf2d0265257270960b4f963ea9a30610
SHA5121511b5d17f2defd99a81ec822576aecf90d081d008e6dfe9d433f9cbb7014eacc310ba57f8cb5978af104b4981b3f6760c2a4d131474537ec12f2b959f50d59d
-
Filesize
118KB
MD593849ccd65e84d619b8b2f710fc3fd8d
SHA1b48e570fb6aad4c902e0b8f0beab85ebeedcd7a5
SHA256178435fbff1dccec4158e9039a793221344cb8bba9bfbe0428de87a68adb6b07
SHA512097d92d917a8e6bf61c70a58e93aa2dd714e465742656a4e79d10ae7db52e9947be2e6b0704d52aac8ce5e11a1f31659f5c16bf8e4b9f0f4165a503d193f5289
-
Filesize
4KB
MD56edd371bd7a23ec01c6a00d53f8723d1
SHA17b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA2560b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA51265ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8
-
Filesize
742KB
MD576e9d64b63cb4890f3138efbe11d0d11
SHA1497bf6702f676041adbc3cac870bedbb896c8635
SHA25608ba6db6c12345464c6a3122ef22420112589a62e77b1f37781c7b0835aaf9ed
SHA512e0cab36d226a7ed1d2335fc564309ef38b8f17f29bc414d1ed7b8cdb636411a045a0f334046187eac3d078f5ff90c5a63496d12cc45dfa598c3432ce4a6f9ff2
-
Filesize
121KB
MD5f0ab270f5ac6f1c854e7a9cd24702cb5
SHA199ba6fa17afd58ce6df1646f517331de7672c6b7
SHA25615184de23802a9f8bfddbebbd13b6fe158e66f8c99fdf02e56a1033e1aa8b2f4
SHA512c6c797729da732291141df04a75dfdd48339ca265417b9a6fe9ae4470516a58807d8354d4c0e1b3d2aa2972eb802cfcd2cfaf61797b9c132b2de082a8c857671
-
Filesize
110KB
MD50be896feffc2a80ffb50bb0b3ef8400e
SHA1a39b91adbcec9b90c1c28859d3058927646deade
SHA2564dd6bcf859fa21d94cd4f570a2c8dfc3d9c9beb4747596763e72e630482ac305
SHA5127b51e25f1d17f7164bec66bceedd1f8940aef18f2b59800b42ba1913353ad3b55907b2ba876a3cb6db7cff5191026f6c27b2d085be356cf70085c3b87249a5c7
-
Filesize
116KB
MD50cbb96bc1441cce4edb681d8596a43e5
SHA12160d67a92c53430fb3fdbc3bdb18ab616dcb3bf
SHA25677fb2d4176c9710d70354429d6b64e006597ae48aaee680cee1bb7b0ef27c422
SHA512477e3cd98d10f96d716eab2ac78b80e1b5341234438d214ff5555ac910f7388c778930cd76ec3a55bd3e60844cfeb0d887cac793a354805c83227a3aaaff9429
-
Filesize
110KB
MD5b46c49c32aae99cc0a8ae3619298b198
SHA13ce222a80c1297612f0ca72209b2705283c40264
SHA25620df29ff69bb2f5b431dda0dea9496abb487883de91c3ddb42dbb6725e6bfcd4
SHA512fdaa3ab3d0923ca9827a810623aff2cbcb966f9400702c18600e61f5bb323e03eb0388c23993cc3ce0e2100a2b12d0f91dab3ce189b508b0ce8f522483eabeb4
-
Filesize
149KB
MD56ad7bec21ac35a5711057e98a09eedcb
SHA105f1e5a481076080cd83521cf099114100068b2c
SHA256688ce929d983e6681bf2513012226bb1b1bf7de5ba6e5250e3de51425b44807e
SHA512c4169abf3aec59e022966945ec4ec76e116faf82588f7c7f7f48db3c4adaa8641bb040317ef6bc3c906aa2a621b750df22457ec485080e37a9502fa3e9cf9c42
-
Filesize
721KB
MD53a02c8670771fd3ba586c377d79dbfff
SHA192dc980bc7e2d43e7ada89db5915d851b98e41e3
SHA256335b6f7c267d50734b06ee2890eb3640ad93d0e756c87abb2941b112e6bbe07b
SHA51279fd398fbd9fbf5d44c2d2b23b7342620166e8d88fb4f72cea90127480c66ae331731daba358aa3d5292582920f122b32c3c8da850a67d361f8bdfbfdd2823b7
-
Filesize
565KB
MD534a55ced10fc294d7d2b9a92be71363c
SHA1e4a62257ee06d9fc3a787fb1085d362cc436442e
SHA256af89c17d6089331f2603b838bbd458b0a02a6bee4f2bb005a197e87868df201f
SHA5129c968694833f74608e74c467b8fc018d0ff06c1b0b44ff3eb36de86a2963bfeb85ef2c087a6f5cb2881b57a3d106511e99329a42e19a7ab65f14c876c6114a75
-
Filesize
4KB
MD5ac4b56cc5c5e71c3bb226181418fd891
SHA1e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998
-
Filesize
109KB
MD585c73f58f173d8dfa2004d2d4427f4eb
SHA1e78ade482e94558b175eb99b900f45f9f8472c7e
SHA256ee146849cb93db2ebac9048b631f6473750c7c5ea808fcdc7b442a90fe3fec7a
SHA512285e8d84dafa078f4a350675ad3110cda73db313a2f5c5317b6222688e4e1f8333b52d4bae8ee86c50ca923304acf88efb1ed9d762147e115f3925e4be49388a
-
Filesize
112KB
MD5ad3d91d95ff5430a04486043d6aa4789
SHA11758cf69a8a8b73f748764440f452780d5d2486e
SHA2568811afef30d167cd85a29f30ffd0ba15c23f19973126923a9a1f028eed9fe3f1
SHA5126d1f414da47c231c68c08d2f6c6d11ad517310bfebf5c42bcdc8892218b841651a4d4731ff35b054cdf894e6793cd7ccb6072391d93a63ff103cb0f764765556
-
Filesize
112KB
MD5fc3c039cd4dc2b0f3730246a88d144d5
SHA13bd13fdec4b6c50d7d69b3bec8e48ee81d60c290
SHA2562b56e2512f8d2659f09a46da4cab1a13205926fb930272ff075f138804e04038
SHA5120f82c2d3a21837787c2cdf0cfeb6944e30098bd302fd688e725772e9f4233f9b3401b2da581d0e8acb0c1eb0c49891c2c000f76e7ac174ce61798f62f048e5c9
-
Filesize
1.7MB
MD5d16856cdd68da719dd29e638e4d047e1
SHA16f329bc6721cfa490dc9e7f1ba212562d294fcf6
SHA256c87d509428b362349c2f8863c8cca621386c19f260d2fd7ffb6f15c50bc2aea2
SHA512e7f1ee3c97dead2b3119243cd354ee044cfe9a8b107ec7c6e8776dd2511ad897bd28d90dd3a89394f0928b5a30dfbe4cd6ce7f472e9550f956bc172a07799bd7
-
Filesize
110KB
MD552c51a27ad417f426bb1fd3b698e1f4b
SHA1cc38331f74d6e57ae485bffd9a4189d98b7c6432
SHA256aa4b23f08f5d7205d83e6d66cfe613330ff41587a5fc8e6d6d7001314394c268
SHA512fe64185711af8e5bd6754672c97ea319f7e3cd703e50a598b40836c1b9581dc8cc6b63cee3962b9c72f0a952d901a9a9be97c96a67cf153fbfee90af7ec1e536
-
Filesize
112KB
MD5e559883f29461e806dd37b80524a486f
SHA1848a8b9a96e1d4e8e6f810302a1d179837e906bf
SHA256f9287196add73772a40c2c801959b94d93d82e3fef614d544e2a3120c34dab5e
SHA512a8f1692e1b4a97f038b0b52fe5d0f3ceadea809fec3b73fab9969433bb141771ff2865a395037ff16aacd6005d0adc4652c269bf3b5ce4dab89aa29c40171671
-
Filesize
113KB
MD5aead16176fa311a7049df26445791b39
SHA120b2cf168ab3c2acf60e0a4ee860137746c18264
SHA256fb5e8ef8f6c6f39444b276d0750d876b94eaa7ac186b0e99ed886b671019891e
SHA512737749edc83d052deb8000942ba49c2acc37544ef118632c59b7fadb6e2cf0c2bdcc4517e342b18e204f69fb67493039bc49e209fb6c53f8ba594e5afd9825bf
-
Filesize
4KB
MD5ace522945d3d0ff3b6d96abef56e1427
SHA1d71140c9657fd1b0d6e4ab8484b6cfe544616201
SHA256daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd
SHA5128e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e
-
Filesize
148KB
MD540bddfe69fce7faf9234ea1e5e3d260c
SHA1c757ca4f4cf3ea343bc55fcb57717d6890b235ce
SHA2567ceb67c0c2d80a6d4f5db631a6b9733b5bf591f5502d9b27a06447e278af195f
SHA512b0e3e209f772f71e910e57828158e1caf142ee6568fda38bf08174d89aef74f0ee4dbe925173c79604801d39e6bacd40ae1fbd46f5dbe2e067258ff026766374
-
Filesize
116KB
MD5b4b5b2053ce85bbb0ecfeb65e16fa77b
SHA113d4ee7d94b2c35154ddb66dac47aa2fefee9215
SHA256d5427d879a3b1b033c7c0499d5bb2594b4e3585ba8c3de0b83a03405272f639c
SHA5129682e4585ee57db8c50ffb3be4a0330ee9171a6e7059221f0aa1123486ccaf161d4a8556a6baad7f43370acd75d9373e1d6176454670b52c9692495c2a16292c
-
Filesize
110KB
MD5b363270cf669f6b41ff237b3614752ec
SHA18c26b460085f2a7be403920f187752c6be2f50a2
SHA2568331fff756acf483e368c04b6dabdfee6d8ccbd4cc31d943c19a60c09acd30b0
SHA5127239ccb355ad1fcb7e8d6357a5068fc1190415b73667099171d769a6469028d775c8ab17c5b9c28aebc6f74facf0860e5b8c20cd48537859e66588ac63d2bc25
-
Filesize
555KB
MD5913544c1af4f67447f2e74d3a1730ea1
SHA1228cdb2e6a08a31434033564cbcab05afb6e8d11
SHA256cd97d9aed6907cdd33546ce70bf791a617a1fd7c80344ff134120376dc7cde68
SHA5128cf1fc9f5de3891e26670958f00d3572a25ef82419dec3505d12e57ca0308984a2d93385c4f6aa63457e22c5d89ac3b30880abac7b8f22b56a98964847499c20
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
112KB
MD5edd75d736f99bfadbcfb5ea8315887e5
SHA157d1e68402d80380df6ce9ec4d41b4828ab27c62
SHA256a38de6517e116d9411f518d5b7bca38f1abdd66da3254c54ecfb74193def359b
SHA512227635ecf993285495d7e74d77b090a0397ed15733acc58337bfeb2d9769a7b654643be40d708af8c68dffc578e76d6f62caa9c4ab392d35efe441b7b25957fc
-
Filesize
110KB
MD5a53589d85bcc4830752187fe77255897
SHA1fe9c24eb71a6a60377da147233ed21ad72ee2b4f
SHA2564f24ef484b6c6339d38dcf6b802c4aa95e1db045a0a8ce6713eb3fae16bf191e
SHA512743b6cd7e3b2ff99eddb12862721357b6d968652f8ce68fe0777a430b869027582296642836eeea79f254f7189aea5761aa5699b2455a2db2fb2c064e9b7cec9
-
Filesize
348KB
MD58d0db356bc338bca13705012a4917b41
SHA1763442ccb4651999af447084f383d2967fbbab21
SHA256696211246f460c2458bce97c3896218b5bfb1f2ad241059a6e5f5972b98a00a5
SHA512fc98ba6794d2394dcfbb44b5ae6a189a134d77c42e001c8944332e5d8fb106ef9521fe9ba9a51c8dde215d3a69622ac62a45dc6286d20e0c2dd054f96de6a0c1
-
Filesize
114KB
MD5ee7fd2992248aa52d5422eec021f0af9
SHA11bd7a4b4c8f87de33e79ef65191b6bf0bef64cd1
SHA256c3f35fa764fdf3547d4f61b0b57442b7e6739e1eb5c5dad8264e6f451797b016
SHA5123f0ef136b22b4bf6b7c11041ccfab9b1492f79f7a612471cccf61185c470f6d9d6db26d2428e3341b321123f82c4cd31eab1c197fa27365f3374b8ab2d3dca87
-
Filesize
114KB
MD5c4aa9b37df1283a329229894298c7783
SHA109efc3da663843c292534354b40af4d2f4682f00
SHA256794e5c99ef903126edd2720500f3f0c1f324ba8f31fe0ae6e019dbf34f8b968b
SHA5128fdf6bffa4cfd32303defb6dfbffe95ecedcfa71f8f57ad36bbe8f43325a8f27994daf1bec6eaf7c1c402fc2338563ad8db6be54464c0f51e8a87b58356f7ddb
-
Filesize
236KB
MD56988ea112ad28edce900036cb35b26d0
SHA111d626ff21792fddda2587cfb7c7bf6cf5c70ab1
SHA25656366f263366318999f45d5414de9b3d95f965398079ce507d704aa7a50b73f4
SHA512e8effa9d563edd6df8035520bc768703ce31442f489159394cdb392a9f48898d9e112873025280e6b189fb0e18aed206b04039e2c762c29afb91a92e1a30e4de
-
Filesize
236KB
MD5dcf64ef259c6a26e8275ac40f2a18a4d
SHA16faee1e2906f6c6bda2538a53221c24f5cf36c35
SHA2566d3841d5dea85a37a8fdeb15e48371e9f8b61ed244ef37fdf272552f18711c47
SHA512b358ca463b76c2077eb1004d11751904d5af7545e5ed18aba52ba00e1b5a299397b746fa6353d774faebf49933ca3ce234762869702e3537ba480c89fee7e1b2
-
Filesize
138KB
MD5ad43dfd4346cbaae3678e8448175a558
SHA19b13da012ab058f0a7ac0523a2781a97dd6ed469
SHA256cb69fe634112279db5645146e399130887424379412483c49c4c5afeefc00311
SHA512dc1becd7d9087855f6dd1a5b52b57870c5e49da7ca7bfe8ba7f4fb579fb60c0ef064547261d007ffeca6bc4b63b16c014fb7d26fd5354010c3720e9b363c7987
-
Filesize
111KB
MD584311f2f8a634cff02f6bd966b510882
SHA1b2979d224eda9808713b5ad7e9fcff953e4e6cb0
SHA256d9460401dce887288d6bd02f7ba8822edf57e018fc50e54a61f9ea3dc197a313
SHA5120aed8626747660a3f3cc667768e2d4a2844441ec820a7e0d36f0f6e9f7c03806cf0d60522e5bbae8b74962f04e91473a779a4d36b7c33f3980ad707abc78b523
-
Filesize
117KB
MD5ae036cae2307e7c3b815dba8735996b2
SHA1a21e116fc3f6878d7fef91fa3564cfe40813da7d
SHA25692455d6b39651da3153c70dcbdd8233e64ac95f91708ab622f09dc68789ecb57
SHA512545f5b2eea6814ad4f5ec0454eca1df0f27bcafdf75fc7d789fef224896f415a7a64f3277a6ca409336a715c3fab2f6b3b130301cfcbe07b1d7e03952f99ff63
-
Filesize
699KB
MD54fa30d8bdf882408763c191b8f4e64b3
SHA14f7d0e15711d7bf6c7267b60ced13313bb99981a
SHA256cc33106f277baf43e14849ee2fa77d260822dcd068ba59be99d61ecec3f15a95
SHA512144a7ae98a386d0f86acc31597adfea6f38dc9ff2ce3d4864ce830833a1df9e0b3ab21e7ad93791bc672b8adc581a98de2ce50527368f35f74ae7922785f4931
-
Filesize
113KB
MD5654c59dd3f7f45f8e7563e750582ff91
SHA190596cf877bfedb609fa513bc6f5ca47321bd229
SHA256359947cd43d611011f6e999e13184203ca18ced78b94fa0373bf70aa0646b619
SHA5120ee237625adf165220caef48d2edfa150e2661b6aba7887eaddfd8733edeb6c1fd92021c068e637716b5844c150cd74fcb600929a0f7800df2272501c895997f
-
Filesize
111KB
MD51beb0d7445ab5b20d93e5c09192252e4
SHA1af3f9941003964d0906d3fa561b03cbcc6a6320e
SHA25682c86c2d2739a77ec5087df05c65b834e0bb2d505e700ce4fffd9624238d974c
SHA5125dec2fac56c3135e06b595ed333c1f8a242570c5b95515023bd9df566ba9ba53d5a1b9b3310af4a5a27fee9c5d4bdd012ab022aab2c6557320eb0ff5d66f5fd7
-
Filesize
420KB
MD5e9510273a53e70f262bf3974c73b8784
SHA1cc6ef519afeac54fcad9ca24b6070acb520493cd
SHA2563d7cf5b15b3765ce97d74511d611d68d47e6c8d446c648181a03a43c5d2463f7
SHA512904cca494a9eb0ec227b1152e4e94c4390fb7b3b4e32baa09197a3d03c395049fbf783f0056066d01a8482360699feb21cf3ab5710c68a0d92a621177edfd5b1
-
Filesize
506KB
MD5abf4f3a2255d7d56120f40266581aa56
SHA1672b8a265a7e21d96623c7b60d305b2526a46a78
SHA2565ec3cb2f4c87458d6c97ff195a345f8fa8f8e7fd77ca11e3ba28c8eaff106be8
SHA5125c717d6fa7f3edd3163b80c137a389942263b36c78dbfeff1dbaf6ea7377b95fdb262c63d1a2b0e271a6462c5283ded51564eead9a52ae21a3b244a6d67d71b8
-
Filesize
237KB
MD5ef5ff0303664051b9672a41198ec2076
SHA1ffc7e8cf02985682986febcd6cd45ec1a5c89f8d
SHA256c0bf52cf062feb9030bb2a4fc2d4bebf672ff3572d53b698b8aad55c5c9b2f77
SHA5122eb90c011974ed44edcbb0d3042936da8db37d3aefcd53c85f6e9a317da12e27cc24c28f45b7d847d1e3952ababfeb1a461651cce39b498fcbd8066c26d66412
-
Filesize
114KB
MD5866495ce5461ecff855ad917c34bb666
SHA118bc4eb6fe3fbb4ec5fb91cae1660e89ee374ea2
SHA256dfd2e33c8838e5b7d8f4cc38d04b4f62c26d0a09069c6eeb2595d7bd6a10ea2a
SHA5123a4104cea735ac10eacdcf77479caab818402ef224ac92acf36819e12da4cda0507ade9ba7a354da8a2d07175153c96859cb92c74868e3dd5b420f7de91ef424
-
Filesize
4KB
MD5d07076334c046eb9c4fdf5ec067b2f99
SHA15d411403fed6aec47f892c4eaa1bafcde56c4ea9
SHA256a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86
SHA5122315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd
-
Filesize
111KB
MD5801763a700f992298d5d08c20f1618ca
SHA12ea5ca7a38db4267baae77676fd8fe96303858ad
SHA256576ae07ffdc85ddeddd6ef17e8c1496e43d99807bc3ec64d9b0844437949b875
SHA51267d6916702507682d3d052dd9109fd76c6807b220596d8f8bf065cad903c38d160951411423c62fc1d7dbd8172170e7f2a0931ce54ed28c32ca2f8e22af602bb
-
Filesize
745KB
MD5692605baba3b6b02daa15671f30c6596
SHA1326dbea5025f4675cbb55f2a24d216d9f99b2870
SHA2569958e066dcf1609697eaf0f7465db49ca5c7df39a3dd08ae6fe646063451c237
SHA512a9b5ef2a30b8b7edee4ff4fdd5d815b59b93d8342f12292dc81f44b9fe34d2f0eb3657020540092fb804dda86d9b548a89e1d0e16959c256f891450ebd8051b4
-
Filesize
114KB
MD5c1b738f0124c0bcc1892b2b05b3e2570
SHA110bd94856ad052d791f93a054bbd4c433a4dc12b
SHA2566becf877527c251746e3ffe2a2441d978f6e30e5d0b4fec79c2d7178332bcf33
SHA512b9dc255d8818b79fd87c1f3021c64aa6a3caa2850cc1fe2d5fa40f016b26e60d9e6d4028bc2fee1acea1122ba50388ff92f96a570e2d1a996117db407b078481
-
Filesize
109KB
MD52a7acb7694df9af824076dce89012a79
SHA1f4c517d27235446db5f3af5631914c534f16988c
SHA256bc0835334911eeda092bf934e315a3c0398c0071485c2ec130fea73241ee5f8c
SHA512f9fc539c1d33c7e915b6c09f3c5be34ed8369c7007a7ab8c440de0eeccb0ea1a91060978961867f99ebcfab2c0e33b49d23837c0b5c26334fcf60569826c9621
-
Filesize
112KB
MD5953c978beee935c30ba67317ea95068e
SHA1ebaed1c6ef62b0d9651548ea10b00950ce500683
SHA25603c1e0c24d05bd50d08f9b7ee6705f0e287673d66d2ee3c60e881abfea414fdc
SHA512c21c4c15dfdaf80a33a92f97c120af6fb4360d0690ada30ebe90b99c828eb7e021cdeb660fd48b0543fba4c8dd7c679a936a70ae52990c7c947d3fd39dd5ede6
-
Filesize
135KB
MD570c5fce0e35080e51c42e07e116c22d3
SHA1d252d0840f67a385bc54a4a87f5cd2220bc09965
SHA25692e642683bebe8793f1ec3722293837329d79d8d87ea2b6709b8d769c22a8a83
SHA512bb4296ba32d87390a5577bc649f989580a6f1492b2512a84752854820821e062f2ab61b1cf9837e00326e049eee0fa2d954db557c92e90433407a79f6084bd05
-
Filesize
5.8MB
MD538e4c063316e9367f75e762405a14d01
SHA11ce5e3f30510cedef6f47467f2a73658c69fd375
SHA25631c23889f6dd0dbcbc98967bbb26df544c63a18542785ab15ddde963d7a8db1b
SHA512f09a8a2b5126817c9a9c796495f4938d432fc95cf4a4e6a48bf88ef71e793b9568630818656a9930163bf35c870e8cdeef7ac677ba5551a52e53585b79e99622
-
Filesize
114KB
MD55909f9550e51d4dcdb5b2666b29783a5
SHA11b7bd5a65c3cedb13a68cf700de999d3310208f6
SHA25603671375d546171d60aac0742b2e6790ad480301b34a0bb7a2586e7d6aa91ff5
SHA5126d50efdabac9ef747841d8af0f0c56687a7877b9705e3720bf4c728903b18d2ed4f5bb2036ddf97f935eeb4513109d69fbfdd3b9e41f12a6ebaed29d977349cd
-
Filesize
580KB
MD596cfa77c411b12ec162adffc435ab6a5
SHA1c919dbf958273020742215c35712f6e81528e78b
SHA25663ec52805818a7519da327241cf3afb2c9514ad0fc1d4e7ffdee47a929f41fd2
SHA512cc3b9607a5eca6aae693d34d67b41d97e682796bca9bd8b459386753199e31c02d5dff235a309968e055733b0c5bdbf16b63a708d01933916e367885d2ce075f
-
Filesize
112KB
MD58d52e6f97fe31cfc3dc0bb1b235c793f
SHA13ec3947f69e01c1ad2a8fce8020b8b1fc3424bc0
SHA256f1f889d3e86a9c9d7bc54863993adde2129f29a243f770ac841cf26b600226f7
SHA5123652f64ee6ad3aedbfc083db02241be726f8e8002db0460317c8a98f216cd6ccf946d33c9369cbe9f2c3988976a2629ae233d677fc04c6c9643c21d589e76317
-
Filesize
377KB
MD5b72f040f25399f415bc05a4fc35e201e
SHA1bd436d18a7b47ab4b974d1d969fe6ffd905384a8
SHA256e08144e0be7eb28ca0951e7ab0b51df2e2eea4cfc510faf9eee9b169ec3128d6
SHA51218e2b830d111cdf5b990a02ad2e1d0de7c3ed6fb945e5ff6f1807de0d340c21770303c1aee069c72e41b30bfef4194d92c603252f23217b60de11a82e2ecc99c
-
Filesize
325KB
MD535a369c98d512958d6e765cc411cdeab
SHA16aa86d50ae59fead57a6ab3eb198f9808e3e8fee
SHA2568b99d5d1740fad2a7603b201c864eef99b075efe0bd2c342085d0876e48ca855
SHA512a9c819530bd8fdddab48920b26a0b645fe9ea4e9ecd6ae3c84f476736c00955856b7e075fd98fbe0fce474a2f170f2f3111bbcf52bc87122ccbd9f48710f7c16
-
Filesize
562KB
MD5c74d82745cde98a0cf065ea4997adf09
SHA1cd1a9bee08766907bc10abfb8e4657b45e459911
SHA25665fa8125d719ade19814714a409eefbe47dbb6afbed4b7f12fe52b9304026dbb
SHA51264ad064e78f58b0b9219e1220aed0a2831a3553c81f58d8f03a4d7a8255914714923769517bd6ae575d6498a9e2c93d187b60d629005ed5206a0596f0ae8ccfb
-
Filesize
139KB
MD529e184a31629de7e519a5b9614b311ee
SHA11a9f74f076d444cb1653f7312d41a6b4226dfdf9
SHA25604ef35cfc859cb6283d8cb6faceae5890c32c42cfeee87bf37add3633433cc8c
SHA5127326e6e9ca37bde7de15133fb7feca772a051165e2876d32809f5031b019705ac6071f2a11ee01c2cb9861ba8f45d18bdd541549dc5b255fa60f16b82f99078a
-
Filesize
700KB
MD54f37ce928005d1dcea3aa0f70a3454de
SHA125e3afaf519f6498526a148bef344f435bbf6798
SHA256b4547c9fe8062c51a26aaefd90a7623f589d5f4d9a90f6bc83b3b97cf032e20f
SHA512e86e68b2eb68c68ae6e98cbfa594606765880afedc836d0b9a93ddd536ed1a358611f2921d59c2266f56d28579261ffdc690362a9d89ef1a65051b23726fc743
-
Filesize
113KB
MD5e32a9916435090fcb3a49d56c0c8ef7a
SHA14c61246f769234639be5d90bd0d5637007f5f64c
SHA256a0bdbe29ba3a430dcba14fd14a204c0f49119315cff1fcc15912d98cb918a4bc
SHA512b0d28836fafe57b064e13a182153cf8e15d5b3913a01277f3525afd5250000412fa064309a01ff1fb6a590fae049aa5495aae70c4890b534179b2f29bdbf6030
-
Filesize
367KB
MD53043be250492ac8206106c873e2e7b0e
SHA1be5ddb0e2769a16f7a5b7fd8c8e8dfd4690a0cc1
SHA256a9ee20e6834646c00975343611ec16e6f2629b14d174032c7735718587e76107
SHA512eb4f687d04f197397e8df0923e0a7fc6eebc32dab1c425f6571f45f87f53964d009c86646dd09c2b16bb36a3bca98c147e20f1f1ceda58d8cd03c39f4976a95e
-
Filesize
721KB
MD50deaf7d8bbac83cb37bce03293efbd9c
SHA168cde6980b44c6346e60367e2d0d26b37ccb1b05
SHA25610e1f0b9f659c452e4456592de2c11555abf3f7c7476a78d98fa4950128dd15d
SHA512f3287b1806b950cc022b9299042cc839283cdcda65f2d49da0ddce7c2df8fc89222f963475f7159ec503c097902bd6ac0e46a190f7541e26ffb141ca09e5bb0b
-
Filesize
109KB
MD569ea555ec610f3d895c5bf216b3a3a24
SHA1009b811e154d2f52e87af3172cfbf22e8d49bffc
SHA2566a5c3d3fce83d0069b99c636c1c2c3b2ae6c82de2456ee662e839cf2aed38d69
SHA5126425f270acd5ea91cc80562689c2ce6f7baa85835c806833cc10b6c49a32a31f62aee11799a995a9de3df09a38af5cc8184d9653ef8cc0a12fbfd3701873a9af
-
Filesize
746KB
MD54d968872419df173460d50555de8c3b4
SHA1e5976b32deeb1ae93187a2e06aa2d26902ebe156
SHA2562a0dd08149b0f93335941b5814843397cde4824600885a80af6d90c1508b11d5
SHA512a4e31589356c5632a4396827436faaafd6237a398997ad3e7af2ddfdd7e70e3ebd162ce29d4c0e3c40d4d48525e6bd9aa3f3fcb3cea4cdc5d7db51a1a5a5fdb3
-
Filesize
111KB
MD54aca465bfe9f521ba40e373969a0fd15
SHA11589344420e1d3b7b1c624eceb9ae156d4b53461
SHA2569c749d0ba8bcb23ba640585b23cc0396921488c9cc0470a75589999d5d978e47
SHA512e07dab6e61eb1245dcc96ccd11dad30daa9ad00333300e15a4450452aab507d4ba0840d4158c1816fdb54ee164af2b12e98c4af94f2f0a915e2ee7d8e147b839
-
Filesize
115KB
MD55be03cd9e5ad4d16c00da3753c263237
SHA16f785b93c24d2d2890cba63341e706e8c9b44543
SHA256bba46851c6d72928531296727357ce035b1c2ab7bef8c0b3fd803591be43b636
SHA5124204876f2ee301c18de38aece12b6a87ec7d0df86eb589c51818d7147d86a8794058808994d39670a93c20fb5c165fa5c3df1f29746ea0bf64d8152f6fc53b71
-
Filesize
112KB
MD5cdf839b633ac6ff7dfe8916fbe0cd730
SHA1d6843e6034f8e0cef797229373978995cf17d64e
SHA2569be131be26cfdbc585f136e0a6ea10f07acfe4d96abe1d899b04c199213f33ec
SHA51208243b5ef9312b5a45ebf62489e8117473b9706bbf5d33abafd5c13f28a714c8bcc761096ec4469d986be616af6f61fb06ee7de3db3791506b637c01bc9f7f6a
-
Filesize
122KB
MD58694cf4deefcbe2f66ecc596d337c849
SHA16a7d4ba77f3afe2e69c2ea61b031f2281a736676
SHA256410f80426f7e24e4b40f25e42df145faa77e22979b0f16a4bd539a3964335a50
SHA5120356c439fce9906f9b45fa91b99c82f68c02289a4bd8da9b3955b56316ca07f1bd04f3c7ad6f94a70436cba08428ee3cbdc5a24bd6c92f5bb1296abe2625ee8d
-
Filesize
126KB
MD56c186362bd4908339253d4cfeb6cd23f
SHA1c124dbfe1aa4e6958de5a220918bb4db5034af94
SHA256894ad84236897c356786aab28a2f91516db67fb444432ef556e9a7bb108ed9a9
SHA5126f719503ec5f8bccbd74b65fdeb80bcffea1f58a41e115523c4482e022acbe55dbe833fe1b82bd227e1110a7cc5a5868fb9d19b01299746eaa2f0ddf69a6e785
-
Filesize
566KB
MD5f9f4e00ef661d4f6bab0459b522d3716
SHA19320c95a2674783dd1fcc4ad72f3324b26892a4a
SHA256cc393206828fb113a6bfcf5f8ba8f95f6f0720440d54db2360eb53995133433c
SHA512a007a1dd83c542b2b5e2d819e4a0af61a774e7b871dea61b741d0a9297d6b508ae66f40484a881f57ebd046fc6d43eb3fb13211bb4a42df0f3b0fcccf64b523b
-
Filesize
440KB
MD50cb3772866ec3a32818f5aa454844f98
SHA112d6ec4d6cee3cb750d11ef9589d4b0bc9d74726
SHA25674486e09fcc786416a776ac29da0498914c9d1b9e6bf8865c397f6734a185c91
SHA512acd1d93cfc5e2387585dbc629e14bd6abc9d1763fac2e147370d8ef45d660e11f44cc1af4716215dae607f8fa2eed6b23213e10d4414ec8109b1d78cc2426ad6
-
Filesize
436KB
MD5b681da55409ed4c5949e5377e849fc66
SHA1654a70a5919997394ed4524e366e50dccef53af7
SHA25651e6c7b04e280f2e3b07ed8b86d69ff8b4d563a7e6d71731c3684592a44ec9c5
SHA512ecaa2c3495baffaa546c422e26973a7627648bccb1e95c6e598578826b4c8852aed1e12f1d8ecc8138f1cc2b1cabec89f02ac7992832838a181e1f9d2d44418b
-
Filesize
311KB
MD54b2eee6d19cf1d40af336f1491c61cca
SHA1f792bf4620c3b80ea73631126ec496d5aaeffcd3
SHA2561d838c0bace7e0a362aa37a6de5f94a4a8abcf033b9c0a17bfa8fbf94a85f4be
SHA51235debfad5f2f148623403f9a8af3ee0dd66847660bc475cf2dd70683cbab849c47cf32940c9e319506e946311c9f9df02d6715b6a0bf9c7ede2b111d7087df6e
-
Filesize
108KB
MD56587d3f78238b996ddd6a1f4c3c670d8
SHA19be2f6ba0176b86292af82864fa12bcbe4585309
SHA25686bb707d8d3f88fdd11c7f5851af21152ec23f160d96674f7c55a45f3c6e6826
SHA5129a4fdce8a8bf0d5e447ddbc3c6440e9c9f0687c1c864d330a2a58ef8950ea3cccf5a4a3824f3113e3e3ad6bb8cbea91037c8ff5387685354a6db4237b21054ee