Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18-10-2024 02:44
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe
-
Size
161KB
-
MD5
0ceb4c17f841ecfca9e8b2e8094af39f
-
SHA1
9bf0962ba773b026096cdab1f10fac24e8365871
-
SHA256
dd7dbc78e267a832e8ada5d70ef95158e77f720c0822f44b7de39c9a5405ba86
-
SHA512
848449875ff767fdcce8651f5f91ac3558543371a9a2df1b2372beb2a8b5c21e5359facdcbf870afc4e141db7678bcf3bad53eb2003d55b19074b309b9591f49
-
SSDEEP
3072:FgMRO0FiIaEsY22uTR+Iy4pfcFCs+wVd3YLCpqRCN8xxXECwU:FgMRz22u0Iy4pUonKdwZXx0CwU
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (80) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
jSkYYgsU.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation jSkYYgsU.exe -
Executes dropped EXE 2 IoCs
Processes:
lqcwAwQc.exejSkYYgsU.exepid process 4332 lqcwAwQc.exe 3548 jSkYYgsU.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exejSkYYgsU.exelqcwAwQc.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\jSkYYgsU.exe = "C:\\ProgramData\\LGMsMEQg\\jSkYYgsU.exe" 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\jSkYYgsU.exe = "C:\\ProgramData\\LGMsMEQg\\jSkYYgsU.exe" jSkYYgsU.exe Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lqcwAwQc.exe = "C:\\Users\\Admin\\vyUswEMY\\lqcwAwQc.exe" lqcwAwQc.exe Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lqcwAwQc.exe = "C:\\Users\\Admin\\vyUswEMY\\lqcwAwQc.exe" 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe -
Drops file in System32 directory 2 IoCs
Processes:
jSkYYgsU.exedescription ioc process File created C:\Windows\SysWOW64\shell32.dll.exe jSkYYgsU.exe File opened for modification C:\Windows\SysWOW64\shell32.dll.exe jSkYYgsU.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
cmd.exereg.execscript.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exereg.exereg.execscript.exereg.exereg.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.execmd.exereg.execmd.exereg.exereg.execscript.execscript.exereg.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.execmd.exereg.execmd.execscript.execmd.execscript.execmd.exereg.execmd.execmd.execmd.execmd.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exereg.exereg.exereg.execmd.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exereg.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exereg.exereg.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.execmd.exereg.execmd.execscript.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.execmd.exereg.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exereg.exereg.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exereg.exereg.exereg.exereg.execmd.exereg.execscript.exereg.exereg.execmd.execmd.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Modifies registry key 1 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exepid process 4148 reg.exe 4920 reg.exe 1636 reg.exe 2204 reg.exe 4348 reg.exe 4372 reg.exe 1516 reg.exe 1744 reg.exe 3288 reg.exe 2660 reg.exe 2052 reg.exe 964 reg.exe 2992 reg.exe 2960 reg.exe 1212 reg.exe 4992 reg.exe 2188 reg.exe 1028 reg.exe 4976 reg.exe 2748 reg.exe 3488 reg.exe 3852 reg.exe 5064 reg.exe 2060 reg.exe 2652 reg.exe 4948 reg.exe 4424 reg.exe 1732 reg.exe 4464 reg.exe 3624 reg.exe 1212 reg.exe 2972 reg.exe 4424 reg.exe 4568 reg.exe 4372 reg.exe 2368 reg.exe 2968 reg.exe 4036 reg.exe 4140 reg.exe 1760 reg.exe 4180 reg.exe 3424 reg.exe 4048 reg.exe 964 reg.exe 4652 reg.exe 3676 reg.exe 1976 reg.exe 4584 reg.exe 732 reg.exe 3424 reg.exe 3804 reg.exe 1636 reg.exe 624 reg.exe 2620 reg.exe 1832 reg.exe 4776 reg.exe 1800 reg.exe 4472 reg.exe 3256 reg.exe 2264 reg.exe 4940 reg.exe 1020 reg.exe 1760 reg.exe 1876 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exepid process 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 2516 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 2516 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 2516 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 2516 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 3268 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 3268 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 3268 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 3268 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 4452 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 4452 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 4452 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 4452 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 3452 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 3452 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 3452 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 3452 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1744 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1744 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1744 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1744 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1128 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1128 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1128 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1128 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 4356 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 4356 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 4356 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 4356 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 4912 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 4912 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 4912 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 4912 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1320 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1320 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1320 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1320 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1028 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1028 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1028 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1028 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 3992 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 3992 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 3992 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 3992 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1436 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1436 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1436 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1436 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1132 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1132 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1132 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe 1132 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
jSkYYgsU.exepid process 3548 jSkYYgsU.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
jSkYYgsU.exepid process 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe 3548 jSkYYgsU.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.execmd.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.execmd.execmd.execmd.exe2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.execmd.exedescription pid process target process PID 1952 wrote to memory of 4332 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe lqcwAwQc.exe PID 1952 wrote to memory of 4332 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe lqcwAwQc.exe PID 1952 wrote to memory of 4332 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe lqcwAwQc.exe PID 1952 wrote to memory of 3548 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe jSkYYgsU.exe PID 1952 wrote to memory of 3548 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe jSkYYgsU.exe PID 1952 wrote to memory of 3548 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe jSkYYgsU.exe PID 1952 wrote to memory of 3740 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 1952 wrote to memory of 3740 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 1952 wrote to memory of 3740 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 3740 wrote to memory of 2852 3740 cmd.exe 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe PID 3740 wrote to memory of 2852 3740 cmd.exe 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe PID 3740 wrote to memory of 2852 3740 cmd.exe 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe PID 1952 wrote to memory of 1352 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1952 wrote to memory of 1352 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1952 wrote to memory of 1352 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1952 wrote to memory of 4752 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1952 wrote to memory of 4752 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1952 wrote to memory of 4752 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1952 wrote to memory of 4652 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1952 wrote to memory of 4652 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1952 wrote to memory of 4652 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1952 wrote to memory of 592 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 1952 wrote to memory of 592 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 1952 wrote to memory of 592 1952 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 2852 wrote to memory of 2616 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 2852 wrote to memory of 2616 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 2852 wrote to memory of 2616 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 592 wrote to memory of 624 592 cmd.exe cscript.exe PID 592 wrote to memory of 624 592 cmd.exe cscript.exe PID 592 wrote to memory of 624 592 cmd.exe cscript.exe PID 2616 wrote to memory of 1304 2616 cmd.exe 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe PID 2616 wrote to memory of 1304 2616 cmd.exe 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe PID 2616 wrote to memory of 1304 2616 cmd.exe 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe PID 2852 wrote to memory of 5060 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 2852 wrote to memory of 5060 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 2852 wrote to memory of 5060 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 2852 wrote to memory of 1976 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 2852 wrote to memory of 1976 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 2852 wrote to memory of 1976 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 2852 wrote to memory of 4532 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 2852 wrote to memory of 4532 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 2852 wrote to memory of 4532 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 2852 wrote to memory of 5048 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 2852 wrote to memory of 5048 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 2852 wrote to memory of 5048 2852 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 5048 wrote to memory of 2388 5048 cmd.exe cscript.exe PID 5048 wrote to memory of 2388 5048 cmd.exe cscript.exe PID 5048 wrote to memory of 2388 5048 cmd.exe cscript.exe PID 1304 wrote to memory of 1604 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 1304 wrote to memory of 1604 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 1304 wrote to memory of 1604 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe PID 1604 wrote to memory of 2516 1604 cmd.exe 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe PID 1604 wrote to memory of 2516 1604 cmd.exe 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe PID 1604 wrote to memory of 2516 1604 cmd.exe 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe PID 1304 wrote to memory of 3332 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1304 wrote to memory of 3332 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1304 wrote to memory of 3332 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1304 wrote to memory of 4012 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1304 wrote to memory of 4012 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1304 wrote to memory of 4012 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1304 wrote to memory of 880 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1304 wrote to memory of 880 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1304 wrote to memory of 880 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe reg.exe PID 1304 wrote to memory of 4828 1304 2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1952 -
C:\Users\Admin\vyUswEMY\lqcwAwQc.exe"C:\Users\Admin\vyUswEMY\lqcwAwQc.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4332 -
C:\ProgramData\LGMsMEQg\jSkYYgsU.exe"C:\ProgramData\LGMsMEQg\jSkYYgsU.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:3548 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:3740 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2852 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:2616 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1304 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"6⤵
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:2516 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"8⤵PID:4748
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:3268 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"10⤵PID:1436
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock11⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4452 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"12⤵PID:2368
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:3452 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"14⤵PID:1036
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:1744 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"16⤵PID:4520
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:1128 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"18⤵PID:4288
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:4356 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"20⤵PID:2444
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:4912 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"22⤵PID:1976
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1320 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"24⤵PID:2616
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:1028 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"26⤵PID:512
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:3992 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"28⤵PID:4652
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:1436 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"30⤵PID:3236
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock31⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1132 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"32⤵PID:3728
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock33⤵PID:3616
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"34⤵PID:1768
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock35⤵PID:5076
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"36⤵
- System Location Discovery: System Language Discovery
PID:1352 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV137⤵PID:4180
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock37⤵PID:3212
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"38⤵PID:2620
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock39⤵PID:3224
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"40⤵PID:4512
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock41⤵PID:2516
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"42⤵PID:2588
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock43⤵PID:1028
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"44⤵PID:1020
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock45⤵
- System Location Discovery: System Language Discovery
PID:4940 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"46⤵PID:2324
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock47⤵PID:440
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"48⤵PID:1724
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock49⤵PID:3612
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"50⤵PID:376
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock51⤵PID:4792
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"52⤵
- System Location Discovery: System Language Discovery
PID:4888 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock53⤵PID:4092
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"54⤵PID:5096
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock55⤵PID:4960
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"56⤵PID:2908
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock57⤵PID:2896
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"58⤵PID:4396
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock59⤵PID:4104
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"60⤵PID:2516
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock61⤵PID:4288
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"62⤵PID:1912
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock63⤵PID:408
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"64⤵PID:3508
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock65⤵PID:4912
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"66⤵
- System Location Discovery: System Language Discovery
PID:4920 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock67⤵PID:724
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"68⤵
- System Location Discovery: System Language Discovery
PID:2584 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock69⤵PID:4540
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"70⤵PID:5108
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock71⤵
- System Location Discovery: System Language Discovery
PID:3448 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"72⤵PID:4008
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock73⤵PID:1092
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"74⤵PID:2060
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock75⤵PID:940
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"76⤵PID:2208
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock77⤵PID:468
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"78⤵PID:4588
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock79⤵PID:3916
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"80⤵PID:4888
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock81⤵PID:2536
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"82⤵
- System Location Discovery: System Language Discovery
PID:1168 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock83⤵PID:3396
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"84⤵PID:964
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock85⤵PID:732
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"86⤵PID:3620
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock87⤵PID:5076
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"88⤵PID:4452
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock89⤵PID:3892
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"90⤵PID:3044
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock91⤵PID:220
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"92⤵PID:1636
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock93⤵PID:4036
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"94⤵PID:3172
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock95⤵PID:724
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"96⤵PID:4948
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock97⤵PID:3916
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"98⤵PID:2924
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock99⤵PID:2108
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"100⤵
- System Location Discovery: System Language Discovery
PID:1468 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock101⤵
- System Location Discovery: System Language Discovery
PID:2708 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"102⤵PID:4520
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock103⤵
- System Location Discovery: System Language Discovery
PID:732 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"104⤵PID:3088
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock105⤵PID:3288
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"106⤵PID:3692
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock107⤵PID:4740
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"108⤵PID:4776
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock109⤵PID:4120
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"110⤵PID:2280
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock111⤵PID:4036
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"112⤵PID:1028
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock113⤵
- System Location Discovery: System Language Discovery
PID:1092 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"114⤵PID:4512
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock115⤵PID:540
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"116⤵PID:4356
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock117⤵PID:4940
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"118⤵PID:1152
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock119⤵PID:3780
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"120⤵
- System Location Discovery: System Language Discovery
PID:920 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock121⤵PID:3436
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"122⤵PID:636
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock123⤵PID:2320
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"124⤵PID:4560
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock125⤵PID:1744
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"126⤵PID:3452
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock127⤵PID:2432
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"128⤵PID:448
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock129⤵PID:2616
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"130⤵PID:5036
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock131⤵PID:3676
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"132⤵PID:4348
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock133⤵PID:1148
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"134⤵
- System Location Discovery: System Language Discovery
PID:964 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock135⤵PID:3148
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"136⤵PID:4572
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock137⤵PID:4072
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"138⤵PID:4076
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock139⤵PID:1340
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"140⤵PID:3684
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock141⤵PID:2988
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"142⤵
- System Location Discovery: System Language Discovery
PID:852 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock143⤵PID:2324
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"144⤵PID:4776
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock145⤵PID:5044
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"146⤵
- System Location Discovery: System Language Discovery
PID:4472 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1147⤵PID:820
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock147⤵PID:4416
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"148⤵PID:3724
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1149⤵PID:4276
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock149⤵PID:1860
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"150⤵PID:4916
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock151⤵PID:3172
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"152⤵PID:376
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock153⤵PID:540
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"154⤵PID:624
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock155⤵PID:2516
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"156⤵PID:3892
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock157⤵PID:3820
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"158⤵
- System Location Discovery: System Language Discovery
PID:2324 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock159⤵
- System Location Discovery: System Language Discovery
PID:3088 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"160⤵PID:4688
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1161⤵PID:2432
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock161⤵PID:3340
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"162⤵PID:396
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock163⤵
- System Location Discovery: System Language Discovery
PID:1464 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"164⤵PID:3992
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock165⤵PID:3692
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"166⤵PID:2324
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock167⤵PID:3048
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"168⤵PID:4460
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1169⤵PID:5060
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock169⤵PID:2784
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"170⤵PID:2652
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock171⤵PID:3344
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"172⤵PID:4616
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock173⤵PID:4104
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"174⤵PID:1888
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1175⤵PID:2280
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock175⤵PID:3284
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"176⤵PID:1576
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock177⤵PID:3668
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"178⤵PID:2708
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock179⤵PID:4064
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"180⤵PID:2928
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock181⤵PID:3236
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"182⤵PID:4104
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock183⤵PID:4068
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"184⤵PID:2880
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock185⤵PID:3888
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"186⤵PID:1508
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock187⤵PID:2316
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"188⤵PID:1860
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock189⤵PID:4664
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"190⤵PID:5064
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock191⤵PID:2928
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"192⤵
- System Location Discovery: System Language Discovery
PID:2836 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1193⤵PID:1352
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock193⤵PID:4348
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"194⤵PID:1028
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock195⤵
- System Location Discovery: System Language Discovery
PID:852 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"196⤵PID:2620
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock197⤵PID:868
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"198⤵PID:4664
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock199⤵PID:4452
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock"200⤵PID:4100
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1201⤵PID:4180
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock201⤵PID:4036
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1202⤵
- Modifies visibility of file extensions in Explorer
PID:3628 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1203⤵PID:3344
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2202⤵
- System Location Discovery: System Language Discovery
PID:3348 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f202⤵
- UAC bypass
- Modifies registry key
PID:4424 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1200⤵PID:5048
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2200⤵PID:5064
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f200⤵
- UAC bypass
PID:2020 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1201⤵PID:3236
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pIEAEEEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""200⤵PID:2428
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs201⤵
- System Location Discovery: System Language Discovery
PID:864 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1198⤵
- Modifies visibility of file extensions in Explorer
PID:2800 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2198⤵PID:592
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1199⤵PID:624
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f198⤵
- UAC bypass
PID:556 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QIEYokQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""198⤵PID:1860
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs199⤵
- System Location Discovery: System Language Discovery
PID:4104 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1196⤵
- Modifies registry key
PID:1020 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2196⤵
- Modifies registry key
PID:1760 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1197⤵PID:3472
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f196⤵
- Modifies registry key
PID:4372 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1197⤵PID:1640
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AuEAoksg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""196⤵PID:2616
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs197⤵PID:2324
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1194⤵
- Modifies visibility of file extensions in Explorer
PID:1568 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2194⤵PID:4544
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1195⤵PID:3424
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f194⤵
- UAC bypass
- Modifies registry key
PID:2660 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1195⤵PID:3288
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yssocMUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""194⤵PID:1608
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs195⤵PID:2172
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1192⤵
- Modifies visibility of file extensions in Explorer
PID:4428 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2192⤵PID:4032
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1193⤵PID:3560
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f192⤵
- UAC bypass
PID:2072 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vwkQEwkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""192⤵PID:4092
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1193⤵PID:3256
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs193⤵PID:1036
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1190⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1636 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2190⤵PID:3848
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1191⤵PID:4616
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f190⤵
- UAC bypass
PID:3992 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VUEIggYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""190⤵PID:3048
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs191⤵PID:4588
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1188⤵PID:3472
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2188⤵PID:3828
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f188⤵
- UAC bypass
PID:2708 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1189⤵PID:2524
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vskQkswc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""188⤵PID:3612
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs189⤵PID:3960
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1186⤵
- Modifies visibility of file extensions in Explorer
PID:380 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2186⤵PID:4580
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f186⤵
- System Location Discovery: System Language Discovery
PID:1708 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nuUUUUAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""186⤵PID:4548
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1187⤵PID:4072
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs187⤵PID:1828
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1184⤵
- Modifies registry key
PID:4940 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2184⤵PID:4180
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f184⤵
- UAC bypass
PID:2968 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OqEQwwgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""184⤵PID:2828
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs185⤵PID:2296
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1182⤵PID:3048
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:2436
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2182⤵
- Modifies registry key
PID:4948 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f182⤵
- Modifies registry key
PID:3676 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wmMEUoYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""182⤵PID:4588
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1183⤵PID:4652
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs183⤵PID:512
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1180⤵PID:3932
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2180⤵PID:1640
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f180⤵
- UAC bypass
PID:2044 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YMwQcwMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""180⤵PID:3804
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs181⤵PID:4120
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1178⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3288 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1179⤵PID:2904
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2178⤵PID:2664
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f178⤵PID:2388
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IaAEwgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""178⤵PID:1608
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1179⤵PID:920
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs179⤵PID:1992
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1176⤵
- Modifies visibility of file extensions in Explorer
PID:4348 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2176⤵PID:1564
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f176⤵
- UAC bypass
PID:3560 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1177⤵PID:3684
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NSkAoIgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""176⤵PID:1704
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs177⤵
- System Location Discovery: System Language Discovery
PID:3488 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1174⤵PID:224
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2174⤵PID:3848
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f174⤵
- UAC bypass
PID:1844 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FmAkMgIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""174⤵PID:2780
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs175⤵PID:1368
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1172⤵PID:3620
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2172⤵PID:1540
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f172⤵
- UAC bypass
PID:4608 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NigcUgII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""172⤵PID:3448
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs173⤵PID:4976
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1170⤵PID:2660
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2170⤵PID:3380
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1171⤵PID:4920
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f170⤵
- UAC bypass
- System Location Discovery: System Language Discovery
PID:4072 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1171⤵PID:1860
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PiMEkckk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""170⤵PID:1400
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs171⤵PID:3424
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1168⤵PID:1564
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2168⤵
- Modifies registry key
PID:2748 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1169⤵PID:3844
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f168⤵
- UAC bypass
- Modifies registry key
PID:964 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CeMYMokQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""168⤵PID:1028
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs169⤵PID:4752
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1166⤵
- Modifies registry key
PID:2264 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2166⤵PID:3996
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f166⤵PID:4080
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iYMYssck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""166⤵PID:2780
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1167⤵PID:2288
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs167⤵PID:4160
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1164⤵PID:3828
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2164⤵PID:2524
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1165⤵PID:1528
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f164⤵
- UAC bypass
PID:920 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1165⤵PID:2060
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GOsEgMMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""164⤵PID:5084
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs165⤵PID:4872
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1162⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:964 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2162⤵
- System Location Discovery: System Language Discovery
PID:1508 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f162⤵
- Modifies registry key
PID:4652 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1163⤵PID:4148
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jyEoMEYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""162⤵PID:728
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs163⤵PID:4520
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1160⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:1832 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2160⤵PID:2780
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f160⤵
- Modifies registry key
PID:4976 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dSUAsUIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""160⤵PID:4288
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs161⤵PID:2452
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1158⤵
- Modifies registry key
PID:3256 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2158⤵PID:1352
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f158⤵
- UAC bypass
- Modifies registry key
PID:4048 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZSgssoIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""158⤵PID:1568
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1159⤵PID:3568
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs159⤵PID:1828
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1156⤵PID:864
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵PID:3172
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2156⤵PID:2828
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f156⤵PID:556
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1157⤵PID:5048
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dCkogQwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""156⤵PID:5112
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs157⤵
- System Location Discovery: System Language Discovery
PID:1704 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1154⤵
- System Location Discovery: System Language Discovery
PID:4920 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2154⤵PID:3452
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵PID:2720
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f154⤵PID:5096
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SCIMQgMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""154⤵PID:4452
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs155⤵PID:3048
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1152⤵
- Modifies visibility of file extensions in Explorer
PID:2968 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2152⤵
- Modifies registry key
PID:2052 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f152⤵
- UAC bypass
PID:3844 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1153⤵PID:4928
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\quEwQggI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""152⤵PID:2044
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs153⤵
- System Location Discovery: System Language Discovery
PID:4064 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1150⤵PID:2780
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2150⤵
- System Location Discovery: System Language Discovery
PID:5048 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1151⤵PID:5044
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f150⤵
- UAC bypass
- Modifies registry key
PID:2652 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\goAoEgMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""150⤵PID:4192
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs151⤵PID:1704
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1148⤵
- Modifies visibility of file extensions in Explorer
PID:2904 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2148⤵PID:3568
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f148⤵PID:4936
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pGsgkMMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""148⤵PID:4748
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs149⤵PID:1552
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1146⤵
- Modifies visibility of file extensions in Explorer
PID:4280 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2146⤵
- Modifies registry key
PID:4140 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f146⤵
- UAC bypass
PID:1252 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pIsQEggs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""146⤵PID:1508
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs147⤵PID:2436
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1144⤵
- Modifies visibility of file extensions in Explorer
PID:3088 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2144⤵PID:3436
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f144⤵
- UAC bypass
PID:3452 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FWUEMsUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""144⤵
- System Location Discovery: System Language Discovery
PID:2928 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs145⤵PID:1100
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1142⤵
- System Location Discovery: System Language Discovery
PID:412 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2142⤵
- Modifies registry key
PID:2968 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f142⤵PID:2316
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yuAUUgwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""142⤵PID:1860
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs143⤵PID:4104
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1140⤵PID:3960
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2140⤵
- Modifies registry key
PID:4472 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1141⤵PID:5100
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f140⤵
- UAC bypass
PID:5040 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUsMoQEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""140⤵PID:2280
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs141⤵PID:1952
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1138⤵
- Modifies visibility of file extensions in Explorer
PID:3544 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2138⤵PID:4776
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f138⤵PID:2904
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sgkscEkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""138⤵PID:728
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs139⤵PID:2720
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1136⤵
- Modifies visibility of file extensions in Explorer
PID:2972 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2136⤵
- Modifies registry key
PID:2060 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f136⤵
- UAC bypass
- System Location Discovery: System Language Discovery
PID:4928 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MwUQkIQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""136⤵PID:1528
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs137⤵PID:4608
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1134⤵
- Modifies visibility of file extensions in Explorer
PID:4064 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2134⤵
- Modifies registry key
PID:3424 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f134⤵
- UAC bypass
PID:2288 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\heEEAkAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""134⤵PID:2280
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs135⤵PID:4688
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1132⤵
- Modifies visibility of file extensions in Explorer
PID:1516 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2132⤵PID:2436
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f132⤵
- UAC bypass
PID:408 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vkkQkYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""132⤵PID:2652
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs133⤵PID:728
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1130⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4148 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2130⤵PID:2024
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f130⤵
- UAC bypass
- System Location Discovery: System Language Discovery
PID:5060 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1131⤵PID:1152
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NGwIocks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""130⤵PID:3888
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs131⤵
- System Location Discovery: System Language Discovery
PID:4800 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1128⤵
- Modifies visibility of file extensions in Explorer
PID:216 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1129⤵PID:1952
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2128⤵
- Modifies registry key
PID:732 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f128⤵PID:4776
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TAIcQUAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""128⤵PID:3568
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs129⤵PID:2288
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1126⤵PID:1528
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1127⤵PID:1468
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2126⤵PID:2848
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f126⤵
- Modifies registry key
PID:4348 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EucsUIoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""126⤵PID:4080
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs127⤵PID:4608
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1124⤵PID:4276
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2124⤵
- System Location Discovery: System Language Discovery
PID:1080 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1125⤵PID:684
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f124⤵PID:2832
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sckIYEEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""124⤵PID:1304
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs125⤵PID:4572
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1122⤵
- Modifies visibility of file extensions in Explorer
PID:3844 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1123⤵PID:4776
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2122⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:4036 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f122⤵
- UAC bypass
PID:1212 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1123⤵PID:4940
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\USQEwcsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""122⤵PID:2288
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs123⤵PID:5100
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1120⤵
- Modifies visibility of file extensions in Explorer
PID:832 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2120⤵PID:2988
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f120⤵
- UAC bypass
PID:440 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XyYgQUkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""120⤵PID:4160
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs121⤵PID:408
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1118⤵
- Modifies visibility of file extensions in Explorer
PID:396 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2118⤵PID:3380
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f118⤵
- UAC bypass
PID:964 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xMUIwcAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""118⤵PID:4752
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs119⤵PID:820
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1116⤵
- Modifies registry key
PID:1744 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2116⤵PID:1436
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f116⤵
- UAC bypass
PID:3448 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VaooMkos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""116⤵PID:4036
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs117⤵PID:4800
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1114⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:5064 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2114⤵
- Modifies registry key
PID:3852 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f114⤵
- UAC bypass
PID:368 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jwAsEEEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""114⤵PID:388
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs115⤵PID:2352
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1112⤵
- Modifies visibility of file extensions in Explorer
PID:228 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2112⤵PID:3844
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f112⤵
- UAC bypass
- Modifies registry key
PID:2620 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KMcwcgIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""112⤵PID:4584
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs113⤵PID:4616
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1110⤵
- Modifies visibility of file extensions in Explorer
PID:684 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2110⤵PID:4520
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f110⤵
- UAC bypass
PID:4652 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AIcQkAUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""110⤵
- System Location Discovery: System Language Discovery
PID:1552 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs111⤵PID:1952
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1108⤵
- Modifies registry key
PID:3424 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2108⤵PID:3664
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f108⤵
- UAC bypass
- Modifies registry key
PID:4180 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EGcIMsgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""108⤵PID:4512
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs109⤵PID:1468
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1106⤵PID:4288
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2106⤵
- System Location Discovery: System Language Discovery
PID:3892 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f106⤵PID:1296
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OokgkwEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""106⤵PID:4584
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs107⤵PID:2968
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1104⤵
- Modifies visibility of file extensions in Explorer
PID:412 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2104⤵
- System Location Discovery: System Language Discovery
PID:2072 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f104⤵
- UAC bypass
PID:864 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LSooYoUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""104⤵PID:1304
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs105⤵PID:696
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1102⤵
- Modifies visibility of file extensions in Explorer
PID:5028 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2102⤵
- Modifies registry key
PID:2368 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f102⤵
- UAC bypass
PID:592 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LOEQYUIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""102⤵PID:3380
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs103⤵PID:2988
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1100⤵
- Modifies visibility of file extensions in Explorer
PID:2664 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2100⤵
- System Location Discovery: System Language Discovery
PID:2024 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f100⤵
- System Location Discovery: System Language Discovery
PID:4120 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JWwkIIIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""100⤵PID:3676
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs101⤵PID:1036
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 198⤵
- Modifies visibility of file extensions in Explorer
PID:2272 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 298⤵
- Modifies registry key
PID:1028 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f98⤵
- UAC bypass
- Modifies registry key
PID:4992 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JqocosEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""98⤵PID:3672
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs99⤵PID:2968
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 196⤵
- Modifies visibility of file extensions in Explorer
- System Location Discovery: System Language Discovery
PID:1316 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 296⤵PID:4276
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f96⤵
- UAC bypass
PID:2388 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CUokgYMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""96⤵PID:4740
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs97⤵PID:912
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 194⤵
- Modifies visibility of file extensions in Explorer
PID:2972 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 294⤵PID:4372
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f94⤵
- UAC bypass
PID:2400 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yWsEgoUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""94⤵PID:428
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs95⤵PID:3560
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 192⤵
- Modifies visibility of file extensions in Explorer
PID:3508 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 292⤵PID:1888
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f92⤵
- UAC bypass
- Modifies registry key
PID:1212 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IMssYQYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""92⤵PID:2052
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs93⤵PID:5044
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 190⤵PID:3996
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 290⤵PID:5084
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f90⤵
- UAC bypass
PID:5100 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WkYAwUUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""90⤵PID:2024
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs91⤵
- System Location Discovery: System Language Discovery
PID:3744 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 188⤵
- System Location Discovery: System Language Discovery
PID:3668 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 288⤵PID:5056
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f88⤵
- Modifies registry key
PID:2960 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pmcEsEEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""88⤵
- System Location Discovery: System Language Discovery
PID:3612 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs89⤵PID:2108
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 186⤵
- Modifies visibility of file extensions in Explorer
- System Location Discovery: System Language Discovery
PID:3472 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 286⤵PID:1640
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f86⤵
- UAC bypass
- System Location Discovery: System Language Discovery
PID:448 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JOAAkUkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""86⤵PID:2208
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs87⤵PID:4068
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 184⤵
- Modifies visibility of file extensions in Explorer
PID:5044 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 284⤵PID:4520
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f84⤵
- UAC bypass
- System Location Discovery: System Language Discovery
PID:4616 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HiAsQgYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""84⤵PID:3820
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs85⤵PID:4988
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 182⤵PID:2664
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 282⤵PID:4356
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f82⤵
- Modifies registry key
PID:1800 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YmgEEcso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""82⤵PID:1152
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs83⤵PID:2836
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 180⤵
- Modifies visibility of file extensions in Explorer
PID:208 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 280⤵PID:2832
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f80⤵PID:912
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iuYAUAwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""80⤵PID:4684
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs81⤵PID:220
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 178⤵
- Modifies visibility of file extensions in Explorer
PID:2072 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 278⤵PID:4396
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f78⤵PID:4948
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GmcMIcME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""78⤵PID:3928
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs79⤵PID:2080
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 176⤵
- Modifies visibility of file extensions in Explorer
PID:2828 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 276⤵
- Modifies registry key
PID:4372 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f76⤵PID:540
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GiYwskIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""76⤵PID:3620
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs77⤵PID:3424
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 174⤵
- Modifies visibility of file extensions in Explorer
PID:3996 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 274⤵
- System Location Discovery: System Language Discovery
PID:3688 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f74⤵
- UAC bypass
- Modifies registry key
PID:1876 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PsgQIogQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""74⤵PID:964
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs75⤵PID:4012
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 172⤵
- Modifies visibility of file extensions in Explorer
PID:512 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 272⤵PID:4148
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f72⤵PID:4544
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VmAskkYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""72⤵PID:4940
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs73⤵PID:3828
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 170⤵
- Modifies visibility of file extensions in Explorer
PID:2276 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 270⤵PID:3976
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f70⤵PID:2428
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zQssIEAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""70⤵PID:4288
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs71⤵PID:1760
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 168⤵
- Modifies visibility of file extensions in Explorer
PID:752 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 268⤵
- Modifies registry key
PID:4464 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f68⤵
- UAC bypass
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:3624 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lAogMkkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""68⤵PID:3088
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs69⤵PID:3560
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 166⤵
- Modifies visibility of file extensions in Explorer
- System Location Discovery: System Language Discovery
PID:2432 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 266⤵PID:2608
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f66⤵PID:3264
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\asUEIggg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""66⤵PID:2756
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs67⤵PID:3620
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 164⤵
- Modifies visibility of file extensions in Explorer
PID:5036 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 264⤵PID:4192
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f64⤵
- UAC bypass
PID:4960 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ksIQMUcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""64⤵PID:4688
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs65⤵PID:4872
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 162⤵
- Modifies visibility of file extensions in Explorer
PID:912 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 262⤵PID:1316
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f62⤵
- UAC bypass
- Modifies registry key
PID:1732 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\saMUcAgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""62⤵PID:3212
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs63⤵PID:4236
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 160⤵
- Modifies visibility of file extensions in Explorer
PID:4064 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 260⤵PID:3560
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f60⤵
- UAC bypass
PID:1036 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV161⤵PID:376
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HukkwEMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""60⤵PID:3448
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs61⤵PID:4992
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 158⤵
- Modifies visibility of file extensions in Explorer
PID:3664 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 258⤵PID:5028
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f58⤵
- UAC bypass
PID:2020 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\noQUIwYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""58⤵PID:3556
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs59⤵PID:1408
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 156⤵
- Modifies visibility of file extensions in Explorer
PID:4156 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 256⤵PID:4180
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f56⤵PID:3068
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV157⤵PID:2324
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DGcoQckY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""56⤵PID:1032
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs57⤵PID:1344
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 154⤵PID:408
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 254⤵PID:4940
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f54⤵PID:896
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oesQYsEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""54⤵
- System Location Discovery: System Language Discovery
PID:4872 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs55⤵PID:4356
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 152⤵PID:2476
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 252⤵
- Modifies registry key
PID:4776 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f52⤵
- Modifies registry key
PID:2972 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ouEYAkEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""52⤵PID:1740
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs53⤵PID:636
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 150⤵
- Modifies registry key
PID:2204 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 250⤵PID:4520
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV151⤵PID:4512
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f50⤵
- UAC bypass
- Modifies registry key
PID:1516 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EMQkEUsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""50⤵PID:3088
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs51⤵PID:3628
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 148⤵
- Modifies visibility of file extensions in Explorer
PID:4204 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 248⤵PID:2432
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f48⤵
- UAC bypass
PID:4480 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYgcwAQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""48⤵PID:1636
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs49⤵PID:4396
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 146⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:4568 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 246⤵PID:4088
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f46⤵PID:5056
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hKQcwoIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""46⤵PID:1608
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV147⤵PID:2188
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs47⤵PID:2908
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 144⤵
- Modifies visibility of file extensions in Explorer
PID:3288 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 244⤵
- Modifies registry key
PID:624 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f44⤵PID:1296
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dygYQsAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""44⤵PID:2076
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs45⤵PID:3828
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 142⤵
- Modifies visibility of file extensions in Explorer
PID:2248 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 242⤵PID:3620
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f42⤵PID:4464
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RSkYkoMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""42⤵PID:4856
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs43⤵PID:3048
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 140⤵PID:1564
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 240⤵PID:2272
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f40⤵
- UAC bypass
- Modifies registry key
PID:3488 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MMkgEwkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""40⤵PID:3424
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs41⤵PID:1580
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 138⤵
- Modifies visibility of file extensions in Explorer
PID:1436 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 238⤵PID:4088
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f38⤵
- UAC bypass
- Modifies registry key
PID:2188 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MAYwsMcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""38⤵PID:2760
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs39⤵PID:4192
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 136⤵
- Modifies registry key
PID:1760 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 236⤵PID:3116
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f36⤵
- UAC bypass
PID:2904 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KcoIcwwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""36⤵PID:2880
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs37⤵PID:5096
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 134⤵PID:2524
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 234⤵PID:1992
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV135⤵PID:4976
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f34⤵
- UAC bypass
- System Location Discovery: System Language Discovery
PID:4752 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KMAAgEMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""34⤵PID:4196
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs35⤵PID:2940
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 132⤵
- Modifies registry key
PID:4584 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 232⤵PID:5032
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f32⤵PID:1148
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rAMoUkMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""32⤵PID:2632
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs33⤵PID:3492
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 130⤵
- Modifies visibility of file extensions in Explorer
PID:2720 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 230⤵PID:3844
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f30⤵
- UAC bypass
PID:3996 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VQYcwwAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""30⤵PID:2072
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs31⤵PID:3488
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 128⤵
- Modifies visibility of file extensions in Explorer
PID:3476 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 228⤵PID:3268
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f28⤵
- UAC bypass
PID:4288 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NOMEkQQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""28⤵PID:4348
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs29⤵PID:1608
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 126⤵
- Modifies visibility of file extensions in Explorer
PID:2992 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 226⤵PID:4976
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f26⤵PID:4104
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xUQQssUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""26⤵PID:4596
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs27⤵PID:4180
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 124⤵PID:3684
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 224⤵
- Modifies registry key
PID:1212 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f24⤵
- UAC bypass
PID:4920 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SgEsIwAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""24⤵
- System Location Discovery: System Language Discovery
PID:1036 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs25⤵PID:4100
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
- Modifies visibility of file extensions in Explorer
PID:4568 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 222⤵PID:3688
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f22⤵
- UAC bypass
PID:1252 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yaoEYkYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""22⤵PID:448
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs23⤵PID:1032
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵
- Modifies visibility of file extensions in Explorer
PID:1888 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵PID:3436
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
- System Location Discovery: System Language Discovery
PID:4512 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gMkEwIks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""20⤵
- System Location Discovery: System Language Discovery
PID:3580 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵
- System Location Discovery: System Language Discovery
PID:1608 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
- Modifies visibility of file extensions in Explorer
PID:1736 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵PID:4752
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
- UAC bypass
PID:2488 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qYAcgAco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""18⤵PID:540
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵PID:3740
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 116⤵
- Modifies visibility of file extensions in Explorer
PID:3448 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 216⤵
- Modifies registry key
PID:3804 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f16⤵
- UAC bypass
PID:2296 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAckoYoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""16⤵PID:3504
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵PID:980
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 114⤵
- Modifies visibility of file extensions in Explorer
PID:1252 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 214⤵
- Modifies registry key
PID:1636 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f14⤵PID:3424
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BKAIYssQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""14⤵PID:2128
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs15⤵PID:2080
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 112⤵
- Modifies visibility of file extensions in Explorer
PID:4532 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 212⤵PID:732
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f12⤵
- UAC bypass
PID:4836 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pMoUoAYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""12⤵PID:3664
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵PID:5112
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 110⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:2992 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 210⤵PID:2812
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f10⤵PID:4104
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rIYgUAQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""10⤵PID:2444
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵PID:4180
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 18⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4920 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 28⤵PID:4588
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f8⤵
- UAC bypass
- Modifies registry key
PID:4424 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EgcgkIgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""8⤵PID:2144
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵PID:2668
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
PID:3332 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵PID:4012
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
- UAC bypass
PID:880 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OIoMkcEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""6⤵PID:4828
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵PID:1564
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵PID:5060
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
- Modifies registry key
PID:1976 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵PID:4532
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cYEgQcgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""4⤵
- Suspicious use of WriteProcessMemory
PID:5048 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵PID:2388
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
PID:1352 -
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- System Location Discovery: System Language Discovery
PID:4752 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
PID:4652 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\meskMYcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_0ceb4c17f841ecfca9e8b2e8094af39f_virlock.exe""2⤵
- Suspicious use of WriteProcessMemory
PID:592 -
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵PID:624
-
C:\Windows\System32\sihclient.exeC:\Windows\System32\sihclient.exe /cv jckMLkVNskGIC+vvUHMGcQ.0.21⤵PID:3488
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca1⤵PID:2316
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
110KB
MD537a1e9aa6f10b9e8f32c139ddd9a9482
SHA1f722c6c911552f58d5952c063c11362aaae9af6e
SHA2563b6600b38ffeff4860ff5aa85ef6df5c0eb5c58176ac0855ef5a217526c6adf2
SHA51251163415fb1323b150bf3c9ff9691b52222f18d3c9228bc3d85cb3268eb7efbe513201322c320840a7253a032e06622797dd074852cd8ef4ff2bb7089107667f
-
Filesize
141KB
MD542309c5a8820a4f1c4c89a1053db9037
SHA1144495615a9039fe188ab32a6ddc704d64ba60ee
SHA2567b2530126c7d7393e36e87f66fa948c21a03d59640de5293f4e30c6394d7138a
SHA5129ef2f584b5626675b10e68804228d36482f1c5d27ebc11e796e283d983bb8c7e5e9f25ae36028cf28f6b7dd02cf7708cd74ba7c8698942179ce836db1c65d9e6
-
Filesize
699KB
MD5486f4eb713e75b559d5c0d01cde71095
SHA142ad460c69a962ec5cc81a6022b0d026f74682a7
SHA25631874b6e040348cca55e1e4707f54ff8946eb0fa37fdc8ae70b36ebbb620db44
SHA51281c3f041318dfc52193b4e5c57fe8a87e2893f0853846dfb1335af99c83818a514bd231bac16d36a5c0b66701c5b801361374071a1875343aceb33b1bdbbfcc5
-
Filesize
112KB
MD5517bbc9399c7fdceed9fff5494bc6216
SHA17fd3884710ef64d5ac2f18c984cfaa92ed978d0f
SHA256cb3ee8940c3b0cc5ee2581babc28d84d8b1b6c678b869d3ed30d76606906210d
SHA512765c9020ea7d89201a76b4a09f5fa183dc4874a500b4f297e9ca9a67604ca9d09544a8183db477095e23d566353f8b7e21a4eedad9d8783081b11134418ab667
-
Filesize
115KB
MD52d7fed41e1e879b09792c9daefd96223
SHA1a0b3dac6a8d9ab9aa41b734dc57c3d3ed7ff871d
SHA2563148f4e0a3998eda5b11e4022b7f3bb8664bf653631c633b17d3d9fa1727b624
SHA5123eec6313f885e4f3fb0381ef52e9b991732973c251338d685e674ede4776afecfd64ca9989d19c92c6a1081a1779cfe08a4c4c17c9b22bd3b8d8c3a91a51abc1
-
Filesize
126KB
MD55e1be7ad6435e59f80a22c0a72915ae7
SHA192c0eb5ced2770f1cee509bc68efbd63bed68ccd
SHA256378f26473be15dfdfdea5629acab589b47feab126d94301e01955ebc15558137
SHA5124978bb956e8b2e28763308b29babbf5f6511f869fd97514311bac3a5ed6cd51fc777e197f00b55bedee357291491c518b74da5b875aa34b8836e0e252db92f50
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png.exe
Filesize112KB
MD5367efdcba35471e4bb61160a46a2e5f7
SHA1918c4d38fccce90952834b029a96098b521d8775
SHA256e76ee6f2e6410c2aa33469860c5ae59281a4f655a31ca0b7910576717b383033
SHA512bd2f89106d7b4e8b9214cafb9eba42d77319cd7b2eef95f02ffd909e637cdc9148720090edfa1291d6bc9c38e10388a929b902a9eb4a0238ed40fbc3bf061d74
-
Filesize
1.7MB
MD54c9a5d5ba124cec8fc9248baaa092d8b
SHA1aae12214d014b31be0b3647ff35913a1f4601aa1
SHA256404b2975a70921f15e988a6ef57cebe66ebf5c89f801885ca0a5e5be3cda7a38
SHA5121a2371c2c0d98b898cfc688d2421bcfb565a5bdf10972f17603a6d126c77a352d833a8cf9bb0b2e00e9401de02dfd050ef705c725ceb89537e3878688e6c3e35
-
Filesize
48KB
MD535cbde129d22ad6080dc8fed0fd3e185
SHA1e29871c61fe34d7159cf12daa543e1679f3ef63a
SHA256eaed558d6439df7f6172277ad993c778b631aa73ffce8cd9619b525ff92a2265
SHA512009e3a9714454ae0b0ea87d391dd42583a390ce74d249a0421318dfa8af27e98d4cfc625f1923304a177a6824210c687f522082783c9920beeba3ab078ae2f60
-
Filesize
121KB
MD5797d9d8d40a984abb971e0b5995527e0
SHA1cdf055713d0d2ddf913493d0e6b6e9cc8745e2bf
SHA256b6a96f3740056cdd284f562446ee05fc3334b5cdec42c9e1fcc9d85d8cf77d68
SHA5128700e475fbb0c290a5cda08b3292d79f5d5f065b45f7d6699349421aa5ef280a5df9ceb580bee56f73bd0292260472ed0cd217f131427434c7684a8b8d1af732
-
Filesize
1.0MB
MD5687b702bb09af2f81af1564b5b5030db
SHA1dac41a1a14fb192937a06653891abd9849563acb
SHA2560c0138d46557d51b600ab4958610615f3b31e682282090ddf62ab209f80b3a9c
SHA51222eb8048066ca5690d20de3c43392e972f19d35584d1768da16517494f0de03d5dcfbeeef26a04ba6bc6192bce2f9ac6bc347f38354e217035e35a43d05d218e
-
Filesize
4KB
MD5f31b7f660ecbc5e170657187cedd7942
SHA142f5efe966968c2b1f92fadd7c85863956014fb4
SHA256684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6
SHA51262787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462
-
Filesize
112KB
MD551cae1c61c3759995acb9e2df22f6b33
SHA17a72de22d160cddc2737346468cce6efe2ffe931
SHA256c6ed41f674886868270d624519c7894aef448786cb4f48fb1345347d12a86c07
SHA51284eb33ed8ccc731be27b572e5a3888fd1747e6a894c98b2bd1049fe3a2545b15a5e6de0b902386065f55112ec0142d0f80a1f77567dfdbd13611a5ad03b843d4
-
Filesize
120KB
MD5053d7189954e63bc1225b4603c409c55
SHA11ba6bd23bd2b67f540ae5029076452e357f7a2c2
SHA256b9c29483505598033b06e95b12b899469137f8599dc2fb824d920d5fba48b62d
SHA5127fbe03725846786efa243a70c84ed288bd2b564622fae685b973989b62684743d88c93e2030b2deffea4f4227bc78e3279741d773572dce6e9dce1d6754e245f
-
Filesize
111KB
MD583e00fb37df89868c2790cd1e4842ee9
SHA1bcba806ea6e3ea14de7b10343ec7dfed2f2c74d0
SHA25640c1d3f2ce1ce0fd081a7c367c398dd1ec7432bb74db4e61ef4c1a674b5f6fc5
SHA5120460e1ed6e0069390257f962b14c6a102988aab3808d87779ed224f40dc63a9882b8b3507d6f76c5cca55f036aca698ee5f43374e683d8364e819ce5e4e9348d
-
Filesize
500KB
MD58daab3ce39ed0d5a759e5ccd0daec30d
SHA1260f662ace009d16e3cde93551d0be407558caf0
SHA2566fca4a1e55cb208405b8030c4cff20d711dfca1f81959a2435523d9fd3757535
SHA512451439467255afd2499e238ff5895d3548e95cf68be4c32385eb7c39483866e072d82fbc2275b8ada2d27746b99f7dd27bdee25636c14386b3eb2c713f4dee82
-
Filesize
568KB
MD564afed44646673f27ff1a0e819192ea9
SHA199a60bb48fff673168f7596ef710e6a8f1625ce4
SHA2560fd9dfb20b10ed1d62e220a254844525e320623531d770e64f100a275f6ba744
SHA5128fca3f85a4e296e5733d04cb5a6fc8fdb9787bdac986cafc9b39c8a85a4569761b407aa29c2a584d58027196ee796dbc0ee2700c2748226ea07d48d4b3ecc3df
-
Filesize
110KB
MD5b5bce3924b5734cfed49cf5be4552cf2
SHA152355dfe9e7cb926ab3be16fd3502d72ac1bf7fb
SHA2562cdc914045d69898697328b0635c6f4f465bb9bd34f409042933711a22d4f992
SHA512a088adde92ffa4c333dc1c71e2b54d799618efd3136579de864b574402964e62284163c13fa118a8d9f218d3d70af2525e3252bc781242935757cea32c826fa1
-
Filesize
5.8MB
MD5cb194e3e54cf7c875ecdf32a8a986434
SHA10560cdd51ca3b4c0c50a0ad53e90eb84849724fd
SHA256ba69178f00da28568720bc0d3d86b78b6507ccf0761eb37b161d969f3a711e85
SHA5126d5547ead6aa47eda8e83f6bc4e396122c3a613904374ebe8cad4c1e89b9be574baa7d837c69cae2b590bae672c27c9db6c0f9c49502fe47ad2d18ce482f1089
-
Filesize
744KB
MD5f66fa1b9788e816b464e40b28f1b5cae
SHA13422b76b965aa5fc9a385d5ac14f801d3def2d02
SHA256c74def5d60ac762dce5e255b3ccfe2c98c4c021513920501bf2804335c85355c
SHA512e895628941a58e9692bc2c23eb839799180923b32b3e2509f8eb60391d3c1a7d659b30ab6de84c4030b25e0f39120baa61e0c8ee1366becb222ca4d6ce4af5a7
-
Filesize
112KB
MD52dad0f27bef908d6aa3d0109ac90594f
SHA1a778e41d4c33c117bdb8306a6b2d9d364237dcba
SHA2567cc96da2a320a34c0f39cac7265ff78a12765064ef158614096fec22fc8c9d58
SHA512148e112ecc87b137d61c2bf1bc856856ce72a8005a2726a31f2e5ca4238d92dfdcacba67c89e015ecf5ddfce08022a06926d51bc3fd511168712d395425633b2
-
Filesize
154KB
MD5eccdadf03f893f36c19d02c942875801
SHA1dfb8518319645dca77cc498925e504e2529cc9c7
SHA2563113eada32c252b8a9de8731dba6ad13caa81a6048bfdbd3952b68d5a4c0d54c
SHA512340876e4a2371b70802582c9adf4c4549eac4d3595c5559e631130d05ebb85334da614ea4b02f54607da8f4159e7ca427f40511e5660cb24f04891b93ac3b999
-
Filesize
109KB
MD52b61c04050dc229ab1e919d16b301bf3
SHA18ac3e09d459ce79833ae43a4be64443db9935174
SHA256fb81d5643b4da839d61537c31abae81a6a7b53ae620855dc2851389da41c2f21
SHA5128c0f5d819f64e56716cdabcbc759df1d3ff759d2a645fd60045b3dde52621591c6b4cc38c411a4df19f644215937dcd624ef84a2c6867934c41ecfbba6ce9f8b
-
Filesize
119KB
MD543f750579ea52a4e8a6eea122bda3d3a
SHA16f4e7910d8edd558a9f53747cf6ab26bcd3e3736
SHA25661f40320e61328808f288a3867934f34a9741889fb3a1c8e3cb40ec7d37366f2
SHA512c4a944262e1bbb3362767fa3c04fce8a1d7f5a6550666ee3d79c925513621b9a3c2c29a0953a60602ff958badde60f17062ef013b636d5fe6c1bda36680f396b
-
Filesize
139KB
MD58112f8d43662de235a0a16ecf7aee6b8
SHA1577a7cbf71303becf66cc15169014e42274250d3
SHA256a1b578b792ad9c34011e72303ab486597b601338ed34f71abcdb6c8d4b416dc8
SHA512ac06c6328c077ed4f414635ba009b97d92d8f589a72062b1145dbab2c9a4dfcfb00fc33135c7065824e742cd53939364d6bc13a073ef84bd10316ff410899cfc
-
Filesize
118KB
MD5d7cbf11f2ce0bffcc9d67279d2298a1c
SHA1ff8bf0e484461e33f49f1712ec2457d0e31e0eee
SHA2562b2f90e3aca6853a774e2a090be5e146a0a8b46f8882bc1efb97c22f60e041d3
SHA512cfddd0ac6b803110f3dd2a41fd856efe408ce77ca70b8eaee6a2c6b26427ec06f4fceb49a59d6461b4dc824bb871d589515661dd4edf48afbd318d22bac9a096
-
Filesize
112KB
MD52d5b74d790c290757bdae96ccaa354cb
SHA1ceaf64a885fb0db95c6bc556518d447b540668b6
SHA256563b02d5949889f612079364962c1bc91ada59b27e4d39db0d27a6df6358a2b3
SHA512086a373aff3de4280ef9f011fe68236234147dc7fc6844a1026950ad42e976a70c48da7d0577ef57ea983eacc15f654f25c8e3f2ae7fa7645165442dac13d8ee
-
Filesize
698KB
MD51d3ff35ef5a0c3d13e2f44fdeb15b115
SHA1dd0f8c8bd42b66f38ce94d6e5aa4a01f442763e8
SHA256f800072ce2b0c882b55ca2baed84e2bcfc575fe875b3ac251f3b97e983eca4e5
SHA5125a0414b940d3da8b93337c82dd6ce6bcf219c8f084b396b3019287a1013ecb9b3099128b92c0a3f9ae404cc082f8316d67f11c95436d7db4b3136347c525b84d
-
Filesize
5.8MB
MD595eb82a8f285103aff36a3a2026f0ac5
SHA10ced165012d75a28d9254a69bc7d3d1c90d8461c
SHA2561f352f1ac75fae65ae4d2bfe96792f29ace659b806365e5e122bcaa3a323556b
SHA51209422d610da5f3a67415e0796b2cd6bcdb0e2460c51a8cca15b4f3e1b40896d9c9208dd0f8037ac82d614632ed29dc2a9a6dc627b323f681e1a5de410c0a1b6c
-
Filesize
110KB
MD5513e9f4e704164334134be0ecb73e77b
SHA1335ba9186c80caf3ad55c905f656c33af5c4c650
SHA256e43137451c561d3c2e830c2506ff73dd5f0662b2cd5530060c4c61e72e28e1a6
SHA512384c70d1157ecdbc5efa25e77e7a1ea67b6e6ecc4616e81c9e2a0ba0062947bfd5a01befa8abbf85c8e8a2afedcc49bf299ed13cfb966b11581d3dd4dd0b21dc
-
Filesize
109KB
MD578302900801a22b9a19db8b6503fee8f
SHA13bfb75155e5e327a0adf634801cb2c83967fb49d
SHA2565e70d58e0b76b41c1dc7395976f7b31a44176b59296ebeeb2bc84a7057cf2907
SHA512d9eea97dc9fb448b856f9d0aec5f32f90c2816862e92c9aad92e02588df867bead9b841476085d04703c8b5b5dfd7364986ed688758697dd8af513eb657c33ca
-
Filesize
110KB
MD5846b839048b9c9cd0a2dae82ffb53645
SHA119c86c6efacc4e194ee19858b1d418ab0b48b7b0
SHA25678022a0c1861dbd5c9c3e5febe6605fbf11ce8336756098f05213de30a6a374b
SHA512510b28e452358302f964b6add2c2ab271f95a711df510249c550f0258acd1411cff7f6ea29398d36c510f7e0b1f55b2da8ceb46e6516488ab824c6ea096298ae
-
Filesize
606KB
MD5cba673f48f2a3c546efe3af06c928436
SHA1b13610d428413db67043773a230f823d7e9ae367
SHA25623bf7190c4195e83b757b8b0021871ebbb437b11d7837ce95545cf75a86db9d7
SHA5122309c528d17dc0643f88f737ec62b2511a2a3bcec0aae914cdebbc0ee13a4956e9b1ceb1eadc31f1cbe4f0e11e840e28a77f04bc9475bce0a423826d36c0b4dc
-
Filesize
554KB
MD5f8b3142fd013b9391071fe6ebf9f03e4
SHA1f1a43686194cd16766d23e43b42e8afdf21552a5
SHA2566a6d14a056ec087b2a5cef6469b360fdc48f0389c6a2074a3233a6fbe2f494d6
SHA512ad005d8b30f304c59ae48b60b471bcc3837d3824e259b9dc83aafc696cc218f3bd49516aa498501413334c115742aa6985271364b1dc8f747fcb475c9902f03c
-
Filesize
112KB
MD5ac5e030ba6a3638a7f373adc9c65fa95
SHA1cf14251394fa6efbbcd889bfac0d9e284cb1d9b0
SHA256ca98e5b6f7d01ca77fae556d6fad93bd53c61ebaeaf8bc6d4b6505630ff19f59
SHA512b5715cbbe67ecec9c28f7995f7ea91e2d7c550fa9db0527a72278861e0d3350276afab86f8885382f0a8cd6b58ec1420d26aa99b90bcd71428da17895686d72f
-
Filesize
657KB
MD589e16aa86c75834d221a22af3e30b741
SHA1835f05251c51f64228412bdfa7577296e747dbe4
SHA2567450ac24f729d876f773f34af551bf01329afc7249ae1d73bcf5187be9efa12a
SHA512cd59b21ed06d5c6303dbac8c7331c353c9d79a249acc427d67a0ba760a7ebfdca1b85dff66bb6f6f46fce8223b1066e9909d7837db6a703a9ff0291525e9562a
-
Filesize
114KB
MD5278b9cbbcb8b553047365ec44c631643
SHA110d6b78d979b122e7f95bf23280b07b6cc5cb18a
SHA2561261f6d034e88324dadc5d38b9baee92c8affdfe3d62b5ba8b131e5cc04b7bdc
SHA5129ae358a8086ab01522df88f016f2a449c91dc05c5da77d3cf13f6bbe57e89250b4e533cd37b5a9f1af7733c7de2cc69c483d1aff463584d94cb3801e34055f33
-
Filesize
117KB
MD56aa95129a06cc140b9632541776d2602
SHA16b33f93d7e28ebb985580f9481c3dee3a2ba44c8
SHA256152968c1f443a2ed1a70c57ad2d463a9bbdbe539f687b171a0c1e0d3e35f6ede
SHA51209f6df4be19134a12b07ebb0179385d1854ca3b0b0b4be9c3c2cbd1cb508e6fe950847df1a627e31d03b6be8fe3ec6c616c5ec5049b5cd0b83d8aaf7e13894b3
-
Filesize
115KB
MD509e0c72e0936743358c8884b5cfc9de8
SHA16442e1476dc7d24302970ae09b29bffb6cd69483
SHA256b0ac35aa3d78a02560f11a9ee596638eaa06a4178365330b53b2b13d851d37e6
SHA512d08d03582c2ecaac68e5ee9e91bd6f0047d2698c11beccf4ac6e427817105b62d8c45d3e839de58b1eafb2afa1b4477acd0acf5cedac29a5e6b06c1fb151df1a
-
Filesize
113KB
MD59ab4b2816271d719d64caa89421b4997
SHA192ae64de146a1f86790223e8c670c53ca0079217
SHA25680d907362c6cfac0e1b72d04afbf646f5f2e67470e41a63aa7a668223ba15132
SHA512787680d6f8eed991dc528baf258cb6e484fa811f9999e0456c7f197245994f15514852f015864d56a21cdc6ba4686f70a74c8fafccf7dfe2fdc909b40ed25df3
-
Filesize
340KB
MD5a28fe19cf05817dee289dca6ff16693c
SHA1e7b2f3defc8c6c16fbc534e70bffe9c220d66038
SHA2566a7c9277cf0215fbe82eebf8ba67a20d587b6a593380662ea8047024bb0b0e6e
SHA5122c260cdcdfc2280990102008469c616c734c32f7508dc12368be15ad2de4024fcff51e48d0796ba1ec19ca70eb303009d307f043d37a788e2061c7cb24ebc83e
-
Filesize
114KB
MD5364c2dc3f76cd5c72533cad8628bb357
SHA1ffa7e6891cc3312856af23cbff6b874682282935
SHA25653450be4e4f76e82c203363f035e7b1c0ee3b000860003bc079184867a3a0fc8
SHA512b392fb1ff1ef3f5cbb71ffca3fbad3e17896d1a2c0e4e75ff767f53e4b982f44d08e8d501c0bdfa690a4f657dd1b50e45e699090691408d2b889978ed0ecb09c
-
Filesize
113KB
MD5b36906613131cd4cc688ab4354a293fe
SHA1471ad54b985123911e0371e2c1327afc82a5af83
SHA2565668ce21b019a8a2ef9c115cf208cb204c8f0041ac299233d94dd3c6798d61c3
SHA512230205c9c9afa5b5bd5de2a8bdc169330dca0e445c39969957c9711a0ae9cf36f075116a73c51c07bdf487b110bdcc7c3bb0e840d036f94fd5b83ea9adc6f637
-
Filesize
117KB
MD512eda1629f8854ddc80a9421d0e6fc96
SHA17095e0f8aae4381fce23232a9aa490364f859552
SHA256e5d45d451814bba5a5cefacc751a9865383198a77768be29c9b7cd39c130b39b
SHA51238c57afc09f93266eb420df0600f7ddc4675e14df5ce87f96846bcc950a75a24ff124545b1aab48fa889b07060548d938e4547fb95a634bb0f1c6a030a2bdeca
-
Filesize
4KB
MD56edd371bd7a23ec01c6a00d53f8723d1
SHA17b649ce267a19686d2d07a6c3ee2ca852a549ee6
SHA2560b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7
SHA51265ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8
-
Filesize
721KB
MD5c4098625b12525c832ddf73a847d3595
SHA1f069fe1f12db41c44cfbfff8f5d29d6471281b5d
SHA256745751a1bc1f8265716c0bba54bd9a2ce002c131d99c87b7fe852eee26030cd7
SHA5124c19ed227cde404288c700f88c528775e1d159d7a304a077f41872480aed1961112e055a9cf71e761019a41b75ce7df28524949ed63262f511e399cd20bdaaf4
-
Filesize
110KB
MD58141b39fe8a2c3bbe2daf03287c216e9
SHA127f2681b0a69e50b78acab4918ae1799ad890b4e
SHA2565662ed5b9344327d9628f290e5a053225b4981703007b9cd1334f237b4fb72bf
SHA512ae2a84d769795b9707a6941fc16ff2eeb5cfb14a39737868fe0970602c7aa85da6b416ea3e870aa1da8dd00bf980d33a3d3cdd1fcef4a43cd0b55848ecf353d5
-
Filesize
111KB
MD597e6d81169dae21011704e5ee13c4eff
SHA111e862d8399e8d99bf1cf33e8f15b256569eb773
SHA256a3d4f022f079d68040e969325b5d07f5f2f75276dcce77c161516f31907481f8
SHA512900a8867bafe42be50dc3850afae32a344b2f561949ed79bef89100425327e2b1e128fca4c893ab4f00d446cbbe22d295e6c5c54f513fd2317216ebae1a16505
-
Filesize
404KB
MD5ffe0754ef97a348feb335a33769ccf26
SHA141b1e02e7e10b28c1890bc87d7ee09a4dedcf6f1
SHA2564f90b361d7bc292752af813760f3169edd49e6af60e862121b50c4155d069684
SHA51244032cdeb4525401fba4ff81de1c49afbcc51d5c092ab184c8b96dfd97c9f64491b4e339d02d9811df7fa1252bb928776c4c94913d1259c3e0d7a62c37772d3e
-
Filesize
117KB
MD5707b8ff4af9b43f0a2ce2bb2cb559114
SHA17580b0eb063bad3f7eb5840f266d60a84fcec1f8
SHA25697bdbdeb25a77a190fc6503e18ebdfd5fa67b205425b927bf4df4e5acaee5d33
SHA512528b402dd06faef0884860c68ef661f7da627a790b06720092a4162dfb2f686ee5c70ec4fc071e538b704b330cd63c9518afaa6cc325e971b03d6e3d00c95d55
-
Filesize
113KB
MD5510cd49333885af7aa43e5309bcf0947
SHA1aa82f975753bfdca046e2259530900376a0880bd
SHA25680ac250f72c7ab51d3a8885649da24d274fad63e1a571a48b817568b80dae842
SHA512588562b1fd21b8b90e3cbbe96412c8a265ac9ba17d3a32931d8a58713ac2c57a0eec609fe3795a344ee9ddcb51b10060eb2c34c41590ca226a3be83e5ad84c17
-
Filesize
115KB
MD54014f587e400bb2e282e64b9988fa515
SHA1f8c9ea8ae02c42e909b7615faaa99fcbfaf0879a
SHA25617fc8f621ed24fe58ee410385a447ac3fafa0502ab346beb457ccd3374d49c39
SHA5120507bb5a6b44d31c9d7af9e92ecb9d50215e3615e95e354941fc57bcd6e5149b4c91d27423305f34d07ec0da1b5604dd0e510e93d523090ccac54998cfed5237
-
Filesize
115KB
MD5f59df0de63cf99e9f62f0f3b3cda1448
SHA1d84c3bd1049d74f7442f6de861802a00c56378f1
SHA256ba56245bee8cfedf750009b454c13255d67b985f5866821871f055b1a66c3c95
SHA51296cb38bb50f451424d2384b60e162353eeb0dc642301fc36655a82e6e3c4defeb5246faef8a9aa7bf606804c2e18cec50e423fb34ef3ab89ac09d58635f6949e
-
Filesize
745KB
MD5722de7de15434f67e39bf9f06045a0cd
SHA1c076c5f8d5eafa392bd01ff69656cb35903f52d3
SHA256dda1612fe011851f94e02d98ec24ed072093f968b1e795884d62284e3ff2a266
SHA5120bffdb9b1fd49790a229c97bd91cf65b261eb5aaefda50116dedc0b02c2516b352008c5ae4888a12fa339e5faa83b264d6be79d8ac9cf48c4570b68f08d9068f
-
Filesize
712KB
MD56477a97628a7060f3fe0bb269aad4f42
SHA1f96ca6d325c1c5e42445b78ff9fd188da2040028
SHA256c8722ea85e2229ccedebe6f772896eebddc059c0496aca8b9ce08aa8452736cf
SHA512dc7f60ada80b7a2fa42ab57880c919702fc4ec9993f8674315d2916703a49f2b9458d0f3f4080b2226df95537c59d7182dda4ee7f46351997536f7797998a113
-
Filesize
138KB
MD5de05c108b6e4eb58e9f41f1331ca8d5f
SHA1bc4cb476657674b8f148f813a6888267a116be3d
SHA256449bb85ba38cf52361f2d758205d9895f6076f54b17f5ec6a7ec347c48cbd8dd
SHA512d1e91bd55f5e846ac4ac068448fc5d52e3e7c97c9504cb63aab17160d6df7a4ebe6bb2d277e103e84f6902c977a0ac8ecb755c9ab111fd9a59c97bab1ff5a306
-
Filesize
111KB
MD5ea8481268e43656bc085933529509742
SHA161d3e751131a85fe0bcc0be1a0dc95dbfef8da59
SHA2567874add4a7ba61b72e501728bf87e753339343e42f91028990df07b217aff86d
SHA5122b6ca5c512a5b0c684801da47cfdc623a26d6665db7e5f307662f0b63bed93c116094cb11263e8edfce0c645fd7770dbb74e8457c00b7f0ff4ef08f57b946b21
-
Filesize
112KB
MD53eac456533b0d92937711d73e2710fb3
SHA14062b50cb2bbb33ba94918247acf1fad07e81cea
SHA2562f9ad9ec612ef788b27a4850d4e2686ddaa3a57c2d55bd6bced6706359182ed8
SHA512e38473aea6d4ecbea3e09fa15ba8d418a8b2cc6f0f3b6786a68e34b57b6187494c167f0c9782b15fffbe457be20d49fe1773d13eeeaa66163f0f496e44b0bcf4
-
Filesize
235KB
MD592547e6a4f88221a0d94bf10b63dc78b
SHA1315753e201b45c64eec7b2373bd607bbfb6638e2
SHA25667c098eae988701a2312c1ae2335d74e8757d4251c6bed7d1229c5e153cc2c2d
SHA512945acb5e70b696a4fce801a2e28ccede87c1553882d42819ae11dbba801567521193e1057ffff0987c0b7944e65bee7ec72779e72d7b13dc493dc775738e0d74
-
Filesize
111KB
MD5201e095458dc0205f171a3736625ac7d
SHA1082da7766c4890c50206740b8fd06d3ebce3fc7c
SHA256cc42c82ab46837dea418f6077a7cf94f086481dbbe9aa7621287b47e888dd45b
SHA51277c936052b80fcf518fad3860e2511ead29730fb9c493af1a242dc5f08ab797ed9e5b3f7ad3a93bf8e9f4c5c6cd7fba66cc5953a9284307e1d0a42f525efdd54
-
Filesize
485KB
MD584e96cfdc433e40487dbfc0f82fbe104
SHA165ef79dcf05d740aa17f3150b47579a132768b26
SHA2564b47c7fa840e81c939441552231065e11ce2d862d6b5def7bff9defc5291a31a
SHA5120a223904a29eb3a0448e4696f1da6acd0044a9f75c177c423b7969e643a9b1c89aac291af334aa98c9329642b0e7b62aa5959d99edee49b18448d35844e24235
-
Filesize
455KB
MD58e04b6b8e50c5fb33fd280cb9ecb4856
SHA1ff514f88bb713c176519525fee16fc67ae4d7825
SHA25625a27dd2b6236ab837992aae53b94ca7050f15aa285355a1d5c906abdb49c4a1
SHA512f1d5fedb348e991f5056a4e9abe5da0debde5cc779fd161f77abac9080241eb8782a73eef1828755151bc5281864193a7f0023665decb22b8dada21954f32db0
-
Filesize
348KB
MD5ee18e18de3cbd6608e7daac7cfef38b4
SHA1499d1e58a43ee07b40a4b6824c694e66f6ea6ee5
SHA256b4f740e5b554a9c6ecddaee70b362858a8c784d5adbcd224b63892f01b6b8933
SHA5124663bf361e4e56e50e3e2412f25ede65cfb55c2aa62d8254b25cfcc60bdb4ee33b1b3721b37d95cf4d381eb9429aacbf35860dfff46d44817c55de0aa4e5d98c
-
Filesize
564KB
MD5c91e7d7ac8aced8be372fed318131bc1
SHA1acdcaf767194c16cb044cb21624fc751501d93de
SHA256f1269fa133216b9ebba694b3bc38914c6bc52425729a4b91402cbda17e6e7079
SHA51284abf91068ee3f678b89fe9f5844b514fe7af0e274eac379ff9c09b2d0f6291ac461921d890bac49bf5953d6aae093ea496576c2d2ff7e521a3b6dda38712bd4
-
Filesize
113KB
MD54e33fc6f3b19ae6261d883a244f7864c
SHA13606640c129e7b663e01c1f5e55c85278ba5835f
SHA2560b680f9cc38b949e993101587710e06837cebe8b0bd8a1dbdc9b2336613ccba6
SHA5122e2d639ec169b0c8d507e0a219d05b1ffd1d6a9220fbebb0331c4584cb340bfab49447a94c04ed3a1a2d14821b0eafcbeb0e4b8108007809cadf3d3f158b5089
-
Filesize
114KB
MD5bb66ca7ea5d2c8096e3aded5ef456ae4
SHA16bdccdf6b420ec84d6558cb74cf3b74cf8a118b8
SHA256a3ce6b3f70302976cfa7de0d419777745fbfac052436237310baa14bfc1351fa
SHA51270ff2c12232dd5d6a2891ec1971bb0f96424a39cd594482e9def4cdd279c270e54dc089aba8755afe9f94da8be13334602fa543f1bfdc2d65aa9788db70e1a46
-
Filesize
111KB
MD5c8259ffae073ddd37a95c290e8642ac5
SHA11bb205282bdbde06f8058120e4ec54e6cad940a7
SHA256b75c54e4f41d92ae67954adeeb01686c5dc83163a4192509703987f740a1ac53
SHA51223ec76d681a5007038bddbf753530f9e40f269f41dd8b10cad04822d5c37bdad559618ddc32e25eaa68dfacf9cff0a8d0d808b097ce2fbb94614da0fb81c8046
-
Filesize
111KB
MD52d57b63990e3f6efa0844b0e5c8ab2e5
SHA175db1cbfe32e9825da88d375736e2dd57299eebf
SHA256b84923e3a1bd8ed77bb38525f7fe71b6e28ca0a8bfdcfebe17c2a0e7b6633b11
SHA5123420441a6c036ed7b2fd01431b5b5f7333848e6d8f1aa5c2471d70cdc81826d715c2ae8c4bed440704648325a10986cc771e5023bcd7662523550c5d17ba95ac
-
Filesize
112KB
MD5cc04af882d36855b78135f7934a9f6ff
SHA18f76ef3b70ab1606ed5406ddfa499f4632d941d9
SHA25609344ff305409592bb85bb3def117a05bf1b6e8a6fe8bf5101e0b27aa954087b
SHA5122c09b82ff57f7c16554f3cc09bb6734283b627d1e86d24d26715324bc8f9df000f642b7632b770cdf0bb6c7974cec5bf62e69c73b54053f0d28315ba2b9f0edb
-
Filesize
112KB
MD53a63faff3ed8f3475ca465fd04deabc5
SHA1b08dace60fa6245c24e4458f778183e8bfc322d5
SHA256c8b78acbded10104e0271e0b366250f9e498eaf346e86730c8a446500974679d
SHA512bad907a570c2790433f01537db0f5f6fb32c02239e53a11f13f4d9fe9c6f16d5b538e36d4eb0ae9f65f64487a6286c7c5e35359c3bf131a8a722448eb59c6c8f
-
Filesize
137KB
MD505ea7617ab65463f8d0906d0702959e8
SHA1f4f76495b72b9b227fe7aab1afd2f9b3de0cf126
SHA2567bee6f7d4be61205eb986e372b363f3ea2c6f38207968389524ccf8f3b22ba7f
SHA5121a56ae2db4fab67d2ebbc1c10d55a9ab2f97a9af546b95af29b706df53049c57e85ff07910ebf667bb688d5c20d7b9a0c2b5d85853ee44ff6c018e89ab1827a2
-
Filesize
112KB
MD588ad26e78085c5bfd4b32ee3836ae83e
SHA115f3ca57ceea0f520fe653def290cfc745d89ff1
SHA256e9e70a475c11feee715c426133c9ac79b21521eaf1869e5dd7f6f7850ea1de04
SHA51231b20039db4182e59d4ae8a94533045ff6b16a26a41e9dbc1577d4773f5f2ed8b373468372384c8b13dc750cd72edd306b90cc306050acc64df601691a7ed65e
-
Filesize
111KB
MD55e78afcdb2e9f88b452772f19a23ecb0
SHA1feefb85689ed35803757b14f2bcc3d8b4784cead
SHA2566b41c0c61bfa1547960e4b52b5ce6bd0183d4860427252a42aeedba80cf0af41
SHA5124178de219df8fc0e69f287e1ae781d8522cbaffd33126e7041f0d53209e8f6a140f742f1405dc259fd3dfe44188c1f20418aeff3000cf2537bc241ec0ef80257
-
Filesize
476KB
MD5064e5da732dfae68d19cf86b2139da28
SHA162a06c9c7097f42cb702c63b97aacb8c720760b5
SHA25699c745445250431489ff15f7ec779955a0ab63a9eb134d8015ab287020493b2d
SHA512329ab94168697b7284a8eb80df7973a5acf3bd920a7d3c60019c08c2241e3e2922e9c5adfce80b1d7e398b46237aac2a4d80a47eefd4e988ceb2e3434b27edd1
-
Filesize
115KB
MD5ee38c1325312ca67740ae1a2f5033454
SHA1d6fb06d79e56ac8e0eaf4f91cbe6e1a3f956e883
SHA256847813b4b5d6756aa369f969c425bff73f4102e3c5e6dbb89b10acf212e7b9c9
SHA5120521ca068bc1ec947ae4917dc5cbdb50c7a36f8e1a80ed3892ab6eaa5a27206e14d37bc1ab9008e8e9a11d98496a39ce51f170817081119dc94c41f17b477b5b
-
Filesize
554KB
MD5d6404d6eafefd93481ae88079289fb59
SHA1257837520489321b46fba7f0c79e373dbeff3fbc
SHA256da3d8801fcef3f3bcfdbc2ebbfdc21d535f199c2997e5472952fbb4d4e2a9ad6
SHA512f7b95f527e4f7b4ff3d24c0903b084c827a9025d0ad7d9672aa4e6805317fccb394b9c4086f14537fae6e594ab6053ef29b3c8a6710a13ea5015ffc61b57e0f4
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
111KB
MD5a31980e53b78dc2dfdc5c2eb9bb0273a
SHA15ee86133d6950322022a16278b98d9ae5a72b863
SHA2567634d8a70ac94729893e909b1290563e54c628bd099a3461f1825b7655c1c094
SHA51228e37c4fda776767999f53129168aaa17530d8f00223dbefe40ad8c59d5797b720e946e7917ef9113fef5e9f85690eeded0bc186248ca5ccdb7557664182347c
-
Filesize
110KB
MD5a062f921c68f28abbee5361cf6ae394b
SHA16ad9b0f6e59da045e54d31d53f6cf97855bdbac7
SHA256f46c88e6ad853145f425528f1bb3175d3ff73f0bf4c4f17009604a9c71dcaa55
SHA51226c61a61e6972d61b41887060564fecc89735236b32d650d5f6b230e2aaebbf62bd6c328789cae360b8d6206683519d7da275755b42fbaaad17d449ae2311b40
-
Filesize
111KB
MD5554390de74fd7cd4b205eb1154f2a663
SHA1990d1343d9943fe1e2708b29972b8065054ebe6f
SHA2560db0cee417a2bc964f8c3d26051013b3d333d82412ab179a8bb0cf5225ceaa40
SHA512c17be35333285f455c3630708c584567a458ee644a65bdfe3583c10fe4ee3df82f67eac2cd82217d18f4a6bfea71f0f34d90f58a59984e8317339108810e3477
-
Filesize
237KB
MD5ed40f174fcf65684538f7200362f7405
SHA1e4cbd6c30dbb25fc8e3176a814b40d7cd4b79925
SHA256539852dab8b1bc87fa520118d401bce111fcb3c640f9312be58002e939fbd974
SHA512d0fec99c22c6acf9fac0d6c031c9a1ee853b574f629566ef9f4f20dfb55f8fff5e3f27ba111f74f8c4ae20183f8151f0c71b1309c1996b165fff9f281cadead2
-
Filesize
237KB
MD53443872a93754ae36881d15af12a9820
SHA123e19582e7314f10411542d8f499c8b93cb117e8
SHA25695aeceddc6bdb961cc98dc0ef383da2b4cac5f73866b4663d52b65affe06aa3e
SHA512b4de9a397c7a3925014665f86825510c909320bf03fbace6335f54f29c4b3f470e68ec3018efc8c11f3138d90e298f8d23d339a2da5df2564cde867bf084eb5c
-
Filesize
113KB
MD54fb0c7c5f1a3f58ab2e452f9c90a3372
SHA16e4c5a91a52333b24be191bda94fde355cea9eb9
SHA25606d1c49ec522159741b2c9452b0e5c87bb96b7b2620190bf383f797bf85354c9
SHA512a7bce55d4b82ed669876edab450b334f2b725fecc36f43897a61d09c250786b3dc9d30c7e64d8a9b48aca7aa24744efc2bcf9e0db8c36c3f042979a4e7e8ca10
-
Filesize
720KB
MD5aedd6bdd7640abc656aa23e99a5e922d
SHA1e595253907e0da3fee89edb2e550c295a064980a
SHA2560acebea672503a039fe826009a46be0a7ffc0e1e267c933b96b32394001149af
SHA512880f5158ee7c86a4c07d9554c481e485a3be242914fff32e7ce729e3649bb84383c504640de97f4eade3dfeb1555329ea149ff8dd96e484aefc29d416619b85c
-
Filesize
114KB
MD5b453e7293de8eca12a4a55098caf20eb
SHA16be22e2f82e21aab16a7d6c933e340f1e7d1072b
SHA25699fa05717bf897960e7f7f02cdfa410cb20bb9e6d91b8ff2cf1a98d6329331db
SHA5128d005e4562907a3ac03107c26b0abd651fe2613067605a7c8527c1f4ee8d86fd1fe411abeb8ee690f3e287f8fbe959882d87a4038e000101fc18db7075814e2f
-
Filesize
155KB
MD50f33f1ed2ca79bc9f66815fdda67378a
SHA11e3c6493ed37bf50784866f8b46bc0f1d44d62d2
SHA256e770ff951851071b4736082d747ab810e98fa8e34daccb1e8c6d55d9edb4e6bb
SHA5124ce0baaf9183c318eb702f69d0e272b35002b23c83578bc1d66e7f675bb437a13140ecfa695ef2ada32992de3915273018f12c76e51a178006a9c6e6c5cad150
-
Filesize
110KB
MD5e2bf5d891b5f78c0411a7e6617d61e5d
SHA1b1c09ab6f04fe988124402959eb92fd1688fca08
SHA256d6946ec8a4eb08bc428d54f6665c4ad3631eab0a2c5f2a1d3797e844c5c62a2e
SHA512ae8c00f7ae073a8a8eecf004b9475234734218a3af3d66f4e7ae35f0f38dcba458070a78098366bb0072e7ddc6b018925e862aa74336e2ab38fd2b5e32b45355
-
Filesize
493KB
MD55c80d1e307b5511d4842ef0041c9245c
SHA1e759dab8b36938aa8c670873e0b06722806b5ffb
SHA256aff732d6dd2266a8a7d4d6a321ea9037e62a9b43e0400be96fb486bfc402c0e0
SHA51293ac50d0c5312beb1d3cbab422cb7313f5dce2572bacc23d1eb26a70075211ea5229da24e9c449fcc4d2fc4f7110e31aca725f24c4440b54b625c0bf8770ba0c
-
Filesize
111KB
MD59c8083cd114fcd8bbce2308042152939
SHA1a1355986b064d3d15dec0b563215d7dea1e0dcbd
SHA256a81947de1fa670d979d3014a88f359a63b7ffe3593d636bacce6013ca1a748cf
SHA512489cdb48b5118652f2a2a9a03a73f10cbb25f4c5a5f03631f0444b9cf3b1d7f8a4f5408ae353fb270dc86bad2d04a649d28547df84f24bc0efa40f71596138bf
-
Filesize
118KB
MD56f893fd189ea82fc7076b65c2e7b1d2f
SHA11ad070e76fee80b017e16144749d20c3fce08314
SHA256506c93ab9d9e72076161e0a1b4bf8e250545d5f75eaabf169ca07186bfb998fe
SHA5121aa65e618ca2c70ee0f34e22257c758c1df4a6c39ec0ecf17e9f173b7d325974b69a5fb7ddb8c9f6495dc4a013b07c3a61b11483ce17525351e946cf64334f93
-
Filesize
111KB
MD5a471822bba3ec0dd6f6dbff3ad3a29c3
SHA10e240d9700e792cc2074e4be86a9dc78ff31e4da
SHA256dad1ff573ec45cb7dbe795cea8f19fe244c249af9b42cb4c0f10c4a24000e673
SHA512f30201a0d957f545a28a14864c2855e8550686f2cf83fc3d8329ec65b1d76cc628cc83cd804fd317054da74abad9f2af6e699d758170dc4cd8dd22d6db5fc3b7
-
Filesize
148KB
MD5bfcf9c8aed760c102a91e0475e32ec21
SHA1fb8ab13453c2741a670a914db737445c6ee18330
SHA256ba389b5b74c09fc1c24663ab7a46fd00668d7643738945ae225c9c038bec243c
SHA5122aaf5edcf84a07c506d39562abfad999b74a62420251b75dc0576e7f4b2acd9d9b787d78c21b279a39ed358bd728c1feab79ead36929991bcaf6bdcf265b58d7
-
Filesize
115KB
MD5f41f37226d311a97889e1665fc69c8bd
SHA1dd1b3c7a68e5c053bcdba9ebaf3ab44c1aaf5738
SHA2561c1bc37a0a3bd6836b41abc315058d26d926eb92f6d871c49e4d12dca26ef982
SHA512e5bd546759271f3f00449dd90ee3f28a30dc86c996311e95d5058c812d6538e39058a97db2d35ce930f2f8f74122ba378ab8fc6c35abb774973da7458bf3ebb1
-
Filesize
4KB
MD5ac4b56cc5c5e71c3bb226181418fd891
SHA1e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998
-
Filesize
656KB
MD58d23f69663ff2383d2e7df5a9b06aedf
SHA18ced43cb60e61eeb5493938dc9204937e65c8392
SHA256998b515065c89e2e4fb3646c95275d2acf1acbb611e6e1e3f82c6e7dd16143f7
SHA512d1f173193ecc8a1d24462a8206c86132ed774c214864787190d2fb1071a0100d8ab03209ab4ae8949f7d12688c25537a0746c088fcdc8fd3b75d7faa2b17ae74
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
4KB
MD5d07076334c046eb9c4fdf5ec067b2f99
SHA15d411403fed6aec47f892c4eaa1bafcde56c4ea9
SHA256a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86
SHA5122315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd
-
Filesize
123KB
MD522095c2a199d80b20ba2edbd15187387
SHA17307a818d17e715c00affd94ce7851183c566c3e
SHA256b9728319a493f55aedf6c068bd5051aa8d1969cc8c745592f3551de9dd73b683
SHA512821f539b1e29c0471ceb8711c36fe840277278772e0a6fa0befee91955fcef6be0ff6a38808fe2303435493e047acbeb1e4a5bd1d5f9a57d59676310babdfa36
-
Filesize
4KB
MD5ee421bd295eb1a0d8c54f8586ccb18fa
SHA1bc06850f3112289fce374241f7e9aff0a70ecb2f
SHA25657e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563
SHA512dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897
-
Filesize
148KB
MD514691028182a48dc534d5a54204f5fd5
SHA1b2d1589e42560e82f9468df056e81588c9f3a161
SHA2564acf4dd7193e839e838abd788a9d4dc6a4557df04d1f0de5c08b8103922bec58
SHA512fb539fd48e52695f1826895e29d28225f3672a019072f9869110d5c6b4e106eddb0930e1ce3b50a63cdc0dc111402df5c93b485b5d2c1b3735b2a591a148b24b
-
Filesize
5.8MB
MD5c15245528149ff54fa302409473d34c1
SHA18b36f39c1fd084451bbd50d004f92df514c9b53c
SHA25625748349cd28844e00caf96887c24e10d7742ca9af944e40e8dc9bc811656f8c
SHA512573d3a0b8dd3002181b542db565280f4e5b584477dcc6c58100925205177b30b0a040206d832af6a6a47852085f3fdd4fd355e7e93a3c5db37981add8c375bf7
-
Filesize
136KB
MD568bae0dcedf90ee4d0b64bd6a1aa56e0
SHA18f5e265696978d4e5ad250b12ee82a168f194e87
SHA25671b44c780cc3f75d0f9d02c633125784ee3381017e0ffa0be0330347eeada58e
SHA5121f0df3bf69aaf02a486b35ffa009063656d15e39b3e418d7ed60fb8a418a2b061c228b855a9211391ea8f78b7431fdbee7c5ee843db9ecbf0dd6c73b0dc3994f
-
Filesize
121KB
MD5a6fdf0458d48bae84a952aed845c197f
SHA1cd2784061bdaf66a2a25bfa7fd1ccdcde15873f5
SHA256de51d4da058793df9205bf2057d5304b163a07258a3f14a654675cc3abd06d2b
SHA512d4708db96856f908327ec84e70fec489f74e5c55268a079566fec06fe8e67d9d7df02691acd99fdf0c15b6d4124d782418baa55aebf1f2d27c7847c892714c18
-
Filesize
112KB
MD5796249780fa9c07509acbb9b850751aa
SHA1784d53cbd01333476f1760d2c50394c6bcc41e0f
SHA2569f0e1e6d9e120b5b3dd312309380279cca9a66626860c54c3d9f3f40495242f2
SHA51284958b9c8e5bf0b2b81a81ea29765ae8fa5b90a408f1cec4db1449d76d8c57e65f9ba15823286a24c8943f7f59111cbdb57d31f06ac241e0993561a159ec89b1
-
Filesize
237KB
MD533c240afe29d3db86591df16c09634da
SHA1408fabbfab23bf5532992bcfd5c919e75af85a79
SHA25660869e2e4bab6931a3062adbe4ada0c2460dcfb2aa5aadb16c77805559091d42
SHA51223e89748900066446f8174b17402c7739422a8e41b6f20c932bfb6b80c7ee74433034af487c3c3508b1a3ef5f2297ce514990738229b0836da931100a1a150b5
-
Filesize
113KB
MD5838fe3bc8c96e9285f14f4aeb7aa7f4b
SHA1c2f3394738e1dbdee15bc7bbcce8e1ee69874a23
SHA25627071a2a65028dfe13c9503ac05d61e57422ed77305cfbec33003c05079f7c87
SHA512487a2af1c7db0eceedc92bea60fa599566a52853c29faf1293a33d43989818b98d732efe391a13d9339778758c4e8888d27b365ad35e855d4da4bccf1a380325
-
Filesize
116KB
MD5fdd272402012c195be8f524d3d400e66
SHA1b97058068bb037ff00b85a08ea693842e049454c
SHA256584b0a73df2e6815db163a96cea95e281894cff0b0188172303c9edd13fed9a3
SHA512a58a94417fc39ee59cc199bf33e86695967b8b2f9105ee0cc1dde8ac9fbebc6922e351e36de369702fecdbc8322002ecd77742b24c7ec4307807f45106d2396d
-
Filesize
565KB
MD523bcfd93eac22561ab4c1795ab94731d
SHA196963793bccd16b0e19e52860e66dfd3f6f8bdfc
SHA2564c51e591f866a444d63bbaf708b4b8743359d443c220c12b42cbfe081ebab581
SHA512c8c9c3dc50a95045304fc86161badac19f37c5262316e5ee35fb09f6d658aeea381a86f5cb40b179c01a85cca5d6dcbece140bf4982ebb3783430883d6d3535d
-
Filesize
111KB
MD57659141d398de2d0a87e111862a7a219
SHA1353236bc085de64c675f992cdf80b349b2f4bdce
SHA256f6a0f4894cb9ee3a2e155ef80262724e3d5dd308ef313dd62f794a59bbe8a335
SHA5129f8b972e3a56924064cc366922444acc5521b1bf3d7c7e6d5a1105db7a39af0682145046a64350c71d4148821080758e509596583603c5b8a497d08195727324
-
Filesize
117KB
MD5540ad8a169c3b0133f48daa52e8b6394
SHA195299a5eaa75c5fb28653009b0bd8ff57d6c3c2f
SHA2562d827123cd59c6b2d1a216f8c4499dbc2d8aa0ab1dfbd5db8025bfebc43a9059
SHA512cdf87947bb25162fbce1f53d8aa01e43f786089b58d0684f6c4348331b16b75c5bb9348747ff9d97b054e21dd867456b364812a06a8390ca7d27327ed63dc984
-
Filesize
535KB
MD5c28f6e1781e61a73da91739338a21adb
SHA1a2ddb807cf7241a5c970e493ef9a4722344e1ae7
SHA25657edf545e669fe76344042cf7316791b6b02cf0d203ecf6fe61c6047d3c81e94
SHA5123c075e1d64169f16243b4ad6c813e9a54fd5935605421548b5982ca228d273443489fa040d00d86776a4ff70c8f76556723963c4972efcee005b5bde61f58354
-
Filesize
112KB
MD5917b05e4099048109213a092181fd327
SHA18e22ef54230ef4eb41906e38c40942744d3ddb9e
SHA256ea05d994cb6eced0a606a043fbcc10180e7b83cf0514d81a573680919a656714
SHA5122aae4da2473f379b6fb7a67758aec6295ab1401277a71401bb7350a136d6f14b4fe03d800e8a3f5c8e5fbf96873e8dc3281e77e99dd2900cf6bb2f21627d2049
-
Filesize
722KB
MD5919299a34cbf5310a1b3bdf5d4b1502b
SHA1b8bbe5c16e10d97c771138ecbb75db23f2c17841
SHA25685e1a23b69853a53e6859f54fae81d510bed1430c8e99dc99b27c7c81459764a
SHA5120c6198787d08bec2202fe76ee8dee3ebfb99e86f74119e542527f9fb3ddfd57673b7fb08a706649de51bc9a4e5995559717513bf92988f49655edcfc760a24fc
-
Filesize
110KB
MD55cb084208800d82ccd4a7b8737d47ddc
SHA158ca2a8add1fafa18f4590717992fa84b54dff33
SHA256a4a39c2ebe36c4a7948ff7b5f346b42b002321eeacaa6445cc114e3905e60254
SHA51213611bf03584d8a5c26860c4f9481b23f93d1479353bf3612e414d2f72fbeed5697893c3775ed20f78644dc85d5fb20cdbb67065ee1c3c53468ad33642dee993
-
Filesize
111KB
MD56e3e94f7c1c289ab09d5e033c63db2e4
SHA12513d6aec0d10010b79a9a8271ab2e2000e3eea8
SHA2560f5338583c5a429f8dbfe8fb2550374d1c7864f2e0035c750419c360efe6bd1d
SHA51257a4c001f044e010f2d4b76820214f6d429fcd98670861ea1b4e48de384b9e3819ee200c32ff97bc47c5f825c2e1c101c2f9cb9300220f6598b1bd5102c80757
-
Filesize
110KB
MD539362545d87204f1958b9cb98fbdb299
SHA18ddf3e9c3d4012935d7ebe5a9abfa081e48ed6b2
SHA2567d8f57ed8f44cb1c1dc2a3d90a2b4eae61e61630e18f6f1b1b0ea3257579fbf1
SHA512c4e413238c8e6b8c3753eb912028829b649a8361aa639c444da3f55f7bb01399e28aa66baed470830f8f9f9cf76fc1e256740fd084bf9c4d0c2ed7fb518075cd