Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
19/03/2024, 04:25
General
-
Target
2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exe
-
Size
118KB
-
MD5
1230ded712fb2a40bb6e4c482d0113eb
-
SHA1
d3f9b992ed9d8789123be9ba75e8427008c6b767
-
SHA256
25472dde6b78b905ada37c271ae7820f19b426c4b017493a3e056bfa5461f3bd
-
SHA512
8e98d1366be67ffb7a47d15d838413afc7590f7ad595b3c6989e2b786ee27706a576658e3ef14821ec2b1c6e0215ca8f7d7504a8d7c1ba730d91655f6222f740
-
SSDEEP
1536:hXn2ah9O12cb5Y/2RYuxv+ch2x+QbZGyJVBDo4NRuLAVA9U67kRE6zI2bIwP11Ca:h32snctp6onh25kofEYkwq0
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 63 IoCs
-
UAC bypass 3 TTPs 63 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 20 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\CcsQwYUY\BoUIYMkA.exe"C:\Users\Admin\CcsQwYUY\BoUIYMkA.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
-
C:\ProgramData\vGkYwAIc\xWccIUUQ.exe"C:\ProgramData\vGkYwAIc\xWccIUUQ.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"6⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"8⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"10⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"12⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"14⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"16⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"18⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"20⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"22⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"24⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"26⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"28⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"30⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"32⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"34⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock35⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"36⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock37⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"38⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock39⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"40⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock41⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"42⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock43⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"44⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock45⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"46⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock47⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"48⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock49⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"50⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock51⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"52⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock53⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"54⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock55⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"56⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock57⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"58⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock59⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"60⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock61⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"62⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock63⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"64⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock65⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"66⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock67⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"68⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock69⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"70⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock71⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"72⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock73⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"74⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock75⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"76⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock77⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"78⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock79⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"80⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock81⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"82⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock83⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"84⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock85⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"86⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock87⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"88⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock89⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"90⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock91⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"92⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock93⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"94⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock95⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"96⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock97⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"98⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock99⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"100⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock101⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"102⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock103⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"104⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock105⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"106⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock107⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"108⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock109⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"110⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock111⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"112⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock113⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"114⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock115⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"116⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock117⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"118⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock119⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock"120⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-19_1230ded712fb2a40bb6e4c482d0113eb_virlock121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-