Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/04/2024, 10:36
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
-
Size
111KB
-
MD5
fcae4b3ff43c32e4e3c7b8e3f97cab86
-
SHA1
23a2ccb9e19103ee725f0e9648fc26f6e264fb44
-
SHA256
c73a86117863dd382b1bf3b47cc95d79b111fadff9665e82193d265b5437a6d7
-
SHA512
b03c4755b079d783c690c29c0200b9dbc9b971f193c26adc6f5faa307c72251fbfef430bf103ed76db04d44e14c1a834b1fe59c575d7775edde6bbc04420fa56
-
SSDEEP
1536:G816PIW+BIpLV1r1K06qmiFMt6wCjZx8RYE0MaVhH0pkL38gcMsylrEnf7cuKaKM:GSd61rl77ZjZCYE4VMk73rEf75KDM
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Control Panel\International\Geo\Nation XgkwYogg.exe -
Deletes itself 1 IoCs
pid Process 2956 cmd.exe -
Executes dropped EXE 2 IoCs
pid Process 2172 ZkccIYgY.exe 2832 XgkwYogg.exe -
Loads dropped DLL 20 IoCs
pid Process 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\ZkccIYgY.exe = "C:\\Users\\Admin\\zgkYwIgs\\ZkccIYgY.exe" 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\XgkwYogg.exe = "C:\\ProgramData\\vYAUsUsg\\XgkwYogg.exe" 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\ZkccIYgY.exe = "C:\\Users\\Admin\\zgkYwIgs\\ZkccIYgY.exe" ZkccIYgY.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\XgkwYogg.exe = "C:\\ProgramData\\vYAUsUsg\\XgkwYogg.exe" XgkwYogg.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
pid Process 1744 reg.exe 2824 reg.exe 1472 reg.exe 1016 reg.exe 2000 reg.exe 2992 reg.exe 2340 reg.exe 2688 reg.exe 2304 reg.exe 2292 reg.exe 2636 reg.exe 2024 reg.exe 1128 reg.exe 2348 reg.exe 2796 reg.exe 1680 reg.exe 1384 reg.exe 1580 reg.exe 2672 reg.exe 1984 reg.exe 2548 reg.exe 3032 reg.exe 1520 reg.exe 2872 reg.exe 444 reg.exe 2416 reg.exe 1548 reg.exe 1424 reg.exe 2580 reg.exe 2156 reg.exe 2940 reg.exe 392 reg.exe 2588 reg.exe 1420 reg.exe 2828 reg.exe 1524 reg.exe 2956 reg.exe 1592 reg.exe 2860 reg.exe 2564 reg.exe 1588 reg.exe 2284 reg.exe 2564 reg.exe 2028 reg.exe 2716 reg.exe 2524 reg.exe 2568 reg.exe 444 reg.exe 3048 reg.exe 2812 reg.exe 1188 reg.exe 2732 reg.exe 980 reg.exe 1956 reg.exe 2484 reg.exe 392 reg.exe 2716 reg.exe 2768 reg.exe 768 reg.exe 2880 reg.exe 2636 reg.exe 840 reg.exe 2652 reg.exe 2936 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 924 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 924 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1412 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1412 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1888 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1888 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 836 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 836 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1508 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1508 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 3060 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 3060 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 324 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 324 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2464 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2464 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1484 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1484 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 872 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 872 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 3012 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 3012 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1184 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1184 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2636 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2636 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2004 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2004 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1896 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1896 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 3068 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 3068 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 868 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 868 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1644 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1644 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2704 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2704 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1708 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1708 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2696 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2696 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2824 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2824 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 3052 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 3052 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2332 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2332 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2176 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2176 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2664 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 2664 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 952 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 952 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1616 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1616 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1688 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1688 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1836 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 1836 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2832 XgkwYogg.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe 2832 XgkwYogg.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2220 wrote to memory of 2172 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 28 PID 2220 wrote to memory of 2172 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 28 PID 2220 wrote to memory of 2172 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 28 PID 2220 wrote to memory of 2172 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 28 PID 2220 wrote to memory of 2832 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 29 PID 2220 wrote to memory of 2832 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 29 PID 2220 wrote to memory of 2832 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 29 PID 2220 wrote to memory of 2832 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 29 PID 2220 wrote to memory of 2628 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 30 PID 2220 wrote to memory of 2628 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 30 PID 2220 wrote to memory of 2628 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 30 PID 2220 wrote to memory of 2628 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 30 PID 2628 wrote to memory of 2860 2628 cmd.exe 33 PID 2628 wrote to memory of 2860 2628 cmd.exe 33 PID 2628 wrote to memory of 2860 2628 cmd.exe 33 PID 2628 wrote to memory of 2860 2628 cmd.exe 33 PID 2220 wrote to memory of 2652 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 32 PID 2220 wrote to memory of 2652 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 32 PID 2220 wrote to memory of 2652 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 32 PID 2220 wrote to memory of 2652 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 32 PID 2220 wrote to memory of 2524 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 34 PID 2220 wrote to memory of 2524 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 34 PID 2220 wrote to memory of 2524 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 34 PID 2220 wrote to memory of 2524 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 34 PID 2220 wrote to memory of 2684 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 36 PID 2220 wrote to memory of 2684 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 36 PID 2220 wrote to memory of 2684 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 36 PID 2220 wrote to memory of 2684 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 36 PID 2220 wrote to memory of 2680 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 39 PID 2220 wrote to memory of 2680 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 39 PID 2220 wrote to memory of 2680 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 39 PID 2220 wrote to memory of 2680 2220 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 39 PID 2680 wrote to memory of 2428 2680 cmd.exe 41 PID 2680 wrote to memory of 2428 2680 cmd.exe 41 PID 2680 wrote to memory of 2428 2680 cmd.exe 41 PID 2680 wrote to memory of 2428 2680 cmd.exe 41 PID 2860 wrote to memory of 2920 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 42 PID 2860 wrote to memory of 2920 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 42 PID 2860 wrote to memory of 2920 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 42 PID 2860 wrote to memory of 2920 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 42 PID 2920 wrote to memory of 924 2920 cmd.exe 44 PID 2920 wrote to memory of 924 2920 cmd.exe 44 PID 2920 wrote to memory of 924 2920 cmd.exe 44 PID 2920 wrote to memory of 924 2920 cmd.exe 44 PID 2860 wrote to memory of 2768 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 45 PID 2860 wrote to memory of 2768 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 45 PID 2860 wrote to memory of 2768 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 45 PID 2860 wrote to memory of 2768 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 45 PID 2860 wrote to memory of 2796 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 46 PID 2860 wrote to memory of 2796 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 46 PID 2860 wrote to memory of 2796 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 46 PID 2860 wrote to memory of 2796 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 46 PID 2860 wrote to memory of 2732 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 47 PID 2860 wrote to memory of 2732 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 47 PID 2860 wrote to memory of 2732 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 47 PID 2860 wrote to memory of 2732 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 47 PID 2860 wrote to memory of 2772 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 48 PID 2860 wrote to memory of 2772 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 48 PID 2860 wrote to memory of 2772 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 48 PID 2860 wrote to memory of 2772 2860 2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe 48 PID 2772 wrote to memory of 2660 2772 cmd.exe 53 PID 2772 wrote to memory of 2660 2772 cmd.exe 53 PID 2772 wrote to memory of 2660 2772 cmd.exe 53 PID 2772 wrote to memory of 2660 2772 cmd.exe 53
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Users\Admin\zgkYwIgs\ZkccIYgY.exe"C:\Users\Admin\zgkYwIgs\ZkccIYgY.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2172
-
-
C:\ProgramData\vYAUsUsg\XgkwYogg.exe"C:\ProgramData\vYAUsUsg\XgkwYogg.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2832
-
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:2628 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2860 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:2920 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
PID:924 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"6⤵PID:2024
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:1412 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"8⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"10⤵PID:1116
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:836 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"12⤵PID:1924
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:1508 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"14⤵PID:1908
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:3060 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"16⤵PID:2492
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:324 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"18⤵PID:2348
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:2464 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"20⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:1484 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"22⤵PID:2052
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:872 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"24⤵PID:952
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:3012 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"26⤵PID:1588
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:1184 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"28⤵PID:2444
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:2636 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"30⤵PID:2480
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:2004 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"32⤵PID:2592
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1896 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"34⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock35⤵
- Suspicious behavior: EnumeratesProcesses
PID:3068 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"36⤵PID:2980
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock37⤵
- Suspicious behavior: EnumeratesProcesses
PID:868 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"38⤵PID:2624
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock39⤵
- Suspicious behavior: EnumeratesProcesses
PID:1644 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"40⤵PID:2520
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock41⤵
- Suspicious behavior: EnumeratesProcesses
PID:2704 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"42⤵PID:2964
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock43⤵
- Suspicious behavior: EnumeratesProcesses
PID:1708 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"44⤵PID:2812
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock45⤵
- Suspicious behavior: EnumeratesProcesses
PID:2696 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"46⤵PID:1640
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock47⤵
- Suspicious behavior: EnumeratesProcesses
PID:2824 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"48⤵PID:1072
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock49⤵
- Suspicious behavior: EnumeratesProcesses
PID:3052 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"50⤵PID:1460
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock51⤵
- Suspicious behavior: EnumeratesProcesses
PID:2332 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"52⤵PID:1832
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock53⤵
- Suspicious behavior: EnumeratesProcesses
PID:2176 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"54⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock55⤵
- Suspicious behavior: EnumeratesProcesses
PID:2664 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"56⤵PID:1184
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock57⤵
- Suspicious behavior: EnumeratesProcesses
PID:952 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"58⤵PID:804
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock59⤵
- Suspicious behavior: EnumeratesProcesses
PID:1616 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"60⤵PID:2728
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock61⤵
- Suspicious behavior: EnumeratesProcesses
PID:1688 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"62⤵PID:2192
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock63⤵
- Suspicious behavior: EnumeratesProcesses
PID:1836 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"64⤵PID:1908
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock65⤵PID:2644
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"66⤵PID:3004
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock67⤵PID:2868
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"68⤵PID:2620
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock69⤵PID:2000
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"70⤵PID:628
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock71⤵PID:868
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"72⤵PID:2812
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock73⤵PID:1048
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"74⤵PID:872
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock75⤵PID:2824
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"76⤵PID:2588
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock77⤵PID:2796
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"78⤵PID:2576
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock79⤵PID:1112
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"80⤵PID:1976
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock81⤵PID:1904
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"82⤵PID:2684
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock83⤵PID:1640
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"84⤵PID:2084
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock85⤵PID:1668
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"86⤵PID:876
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock87⤵PID:548
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"88⤵PID:1308
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock89⤵PID:2524
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"90⤵PID:1832
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock91⤵PID:1676
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"92⤵PID:1768
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock93⤵PID:1912
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"94⤵PID:1492
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock95⤵PID:1152
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"96⤵PID:632
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock97⤵PID:1296
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"98⤵PID:2916
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock99⤵PID:1984
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"100⤵PID:2248
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock101⤵PID:1512
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"102⤵PID:1896
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock103⤵PID:1520
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"104⤵PID:1528
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock105⤵PID:832
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"106⤵PID:1012
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock107⤵PID:2624
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"108⤵PID:2784
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock109⤵PID:928
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"110⤵PID:2428
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock111⤵PID:1072
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"112⤵PID:1128
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock113⤵PID:2136
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"114⤵PID:2568
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock115⤵PID:1920
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"116⤵PID:1956
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock117⤵PID:656
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"118⤵PID:2544
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock119⤵PID:1672
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"120⤵PID:2500
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock121⤵PID:2100
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock"122⤵PID:2372
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-