Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29/03/2024, 15:42
General
-
Target
2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exe
-
Size
118KB
-
MD5
cf32ba9b457ae5bfdb7f3a5ed546ec85
-
SHA1
34407958aba6bb692b0e31df1e07dfefb3ca8000
-
SHA256
928d576ac3f759e3bb011f0f2fc043d0e5bb6b7b73d4a9ef6788b0d815755eb7
-
SHA512
bef409e20c1539e085164574943d916d1d13139de8b17c4e7b89d7447b0bc746e9f493c4abf5c39a7605079bce50a24f9c92bdd681718c9e41866c7351f45dff
-
SSDEEP
1536:8xrSlcdFGiAmDK2PBBnIhD4pIe+0OByHUWREr0+S9tfG3d5j:81Kiv9DK2JtpIehOo0WREr0+x
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Renames multiple (88) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\ZqIcgoEg\qKkQIosg.exe"C:\Users\Admin\ZqIcgoEg\qKkQIosg.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
-
C:\ProgramData\wOsIEwMo\ygUEcIgI.exe"C:\ProgramData\wOsIEwMo\ygUEcIgI.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"8⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"10⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock11⤵
- Adds Run key to start application
-
C:\Users\Admin\BeoMYskU\aiEAEQoY.exe"C:\Users\Admin\BeoMYskU\aiEAEQoY.exe"12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 22813⤵
- Program crash
-
-
-
C:\ProgramData\EQMUIgko\CIggwkgk.exe"C:\ProgramData\EQMUIgko\CIggwkgk.exe"12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 22413⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"12⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"14⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"16⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV117⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"18⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"20⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"22⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"24⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"26⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"28⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"30⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"32⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV133⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"34⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock35⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"36⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock37⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"38⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV139⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock39⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"40⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock41⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"42⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"44⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"46⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV147⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock47⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"48⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV149⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock49⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"50⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock51⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"52⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock53⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"54⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock55⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"56⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock57⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"58⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock59⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"60⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock61⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"62⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock63⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"64⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV165⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock65⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"66⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock67⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"68⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock69⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"70⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock71⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"72⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock73⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"74⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV175⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock75⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"76⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock77⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"78⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock79⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"80⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock81⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"82⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock83⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"84⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock85⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"86⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock87⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"88⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock89⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"90⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock91⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"92⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock93⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"94⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock95⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"96⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock97⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"98⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock99⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"100⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"102⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"104⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1105⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"106⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"108⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"110⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"112⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"114⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"116⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1117⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"118⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-03-29_cf32ba9b457ae5bfdb7f3a5ed546ec85_virlock"120⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-