Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/04/2024, 18:32
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe
-
Size
188KB
-
MD5
2654b33a18d9a692515f7b0b1fee79ed
-
SHA1
ba9ff62d1e2f1e06616aee98942fa70d797bbdd1
-
SHA256
5d9b42712df611c6a017f46359523aeb117c136bdfe73613a29cb62306027a50
-
SHA512
85557045d145df48e4f7a6812c59724b58a31d0216a909febe8a771570156270f4b6af9eb5164f0639cb5005865c722a9e2b61a93415f2665a7292f458619b4d
-
SSDEEP
3072:/vS5a7fRMjVOaG5F7qOEwRmg0HKvTfDahQ23XoG7bA/Zvq/FdqXik:/vS52fRMjVOaSq/+70uTLa+gbGZC/FMx
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (57) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation KCUIMoso.exe -
Executes dropped EXE 2 IoCs
pid Process 1800 DsIEAwIg.exe 2520 KCUIMoso.exe -
Loads dropped DLL 20 IoCs
pid Process 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\DsIEAwIg.exe = "C:\\Users\\Admin\\fAkAgEwI\\DsIEAwIg.exe" DsIEAwIg.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\DsIEAwIg.exe = "C:\\Users\\Admin\\fAkAgEwI\\DsIEAwIg.exe" 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KCUIMoso.exe = "C:\\ProgramData\\kcYwYcwY\\KCUIMoso.exe" 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KCUIMoso.exe = "C:\\ProgramData\\kcYwYcwY\\KCUIMoso.exe" KCUIMoso.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
pid Process 2320 reg.exe 2644 Process not Found 2640 reg.exe 1620 reg.exe 2128 reg.exe 2956 Process not Found 2672 reg.exe 1688 reg.exe 2636 reg.exe 2532 reg.exe 536 reg.exe 2732 reg.exe 492 reg.exe 556 Process not Found 356 reg.exe 2420 reg.exe 2528 Process not Found 2524 reg.exe 472 Process not Found 2036 reg.exe 1656 reg.exe 2864 reg.exe 2704 reg.exe 1728 reg.exe 2356 reg.exe 2012 reg.exe 1908 reg.exe 1608 reg.exe 2408 reg.exe 1724 reg.exe 2580 reg.exe 2524 reg.exe 1492 reg.exe 336 reg.exe 2396 reg.exe 3028 reg.exe 572 Process not Found 2028 reg.exe 2380 reg.exe 3064 reg.exe 1692 reg.exe 624 reg.exe 332 reg.exe 2572 reg.exe 1272 reg.exe 2628 reg.exe 768 reg.exe 2712 reg.exe 2804 reg.exe 2332 reg.exe 2508 reg.exe 1600 reg.exe 892 reg.exe 3000 reg.exe 2636 reg.exe 1808 reg.exe 1152 reg.exe 988 reg.exe 2400 reg.exe 2844 reg.exe 1044 reg.exe 2400 reg.exe 2300 reg.exe 3044 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2768 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2768 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2716 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2716 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2096 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2096 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 3040 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 3040 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1648 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1648 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2700 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2700 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1636 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1636 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 3060 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 3060 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 560 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 560 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2348 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2348 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2376 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2376 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 888 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 888 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2460 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2460 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2580 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2580 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2744 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2744 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2956 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2956 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1900 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1900 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2676 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2676 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 360 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 360 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1284 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1284 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1616 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1616 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2948 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2948 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2960 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2960 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2440 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2440 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1556 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1556 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1392 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 1392 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2012 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2012 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2096 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2096 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2448 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2448 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2476 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 2476 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2520 KCUIMoso.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe 2520 KCUIMoso.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2712 wrote to memory of 1800 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 28 PID 2712 wrote to memory of 1800 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 28 PID 2712 wrote to memory of 1800 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 28 PID 2712 wrote to memory of 1800 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 28 PID 2712 wrote to memory of 2520 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 29 PID 2712 wrote to memory of 2520 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 29 PID 2712 wrote to memory of 2520 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 29 PID 2712 wrote to memory of 2520 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 29 PID 2712 wrote to memory of 2652 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 30 PID 2712 wrote to memory of 2652 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 30 PID 2712 wrote to memory of 2652 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 30 PID 2712 wrote to memory of 2652 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 30 PID 2652 wrote to memory of 2584 2652 cmd.exe 32 PID 2652 wrote to memory of 2584 2652 cmd.exe 32 PID 2652 wrote to memory of 2584 2652 cmd.exe 32 PID 2652 wrote to memory of 2584 2652 cmd.exe 32 PID 2712 wrote to memory of 2996 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 242 PID 2712 wrote to memory of 2996 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 242 PID 2712 wrote to memory of 2996 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 242 PID 2712 wrote to memory of 2996 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 242 PID 2712 wrote to memory of 2544 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 34 PID 2712 wrote to memory of 2544 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 34 PID 2712 wrote to memory of 2544 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 34 PID 2712 wrote to memory of 2544 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 34 PID 2712 wrote to memory of 2244 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 36 PID 2712 wrote to memory of 2244 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 36 PID 2712 wrote to memory of 2244 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 36 PID 2712 wrote to memory of 2244 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 36 PID 2712 wrote to memory of 2316 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 38 PID 2712 wrote to memory of 2316 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 38 PID 2712 wrote to memory of 2316 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 38 PID 2712 wrote to memory of 2316 2712 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 38 PID 2316 wrote to memory of 2420 2316 cmd.exe 41 PID 2316 wrote to memory of 2420 2316 cmd.exe 41 PID 2316 wrote to memory of 2420 2316 cmd.exe 41 PID 2316 wrote to memory of 2420 2316 cmd.exe 41 PID 2584 wrote to memory of 2732 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 42 PID 2584 wrote to memory of 2732 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 42 PID 2584 wrote to memory of 2732 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 42 PID 2584 wrote to memory of 2732 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 42 PID 2732 wrote to memory of 2768 2732 cmd.exe 44 PID 2732 wrote to memory of 2768 2732 cmd.exe 44 PID 2732 wrote to memory of 2768 2732 cmd.exe 44 PID 2732 wrote to memory of 2768 2732 cmd.exe 44 PID 2584 wrote to memory of 2880 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 45 PID 2584 wrote to memory of 2880 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 45 PID 2584 wrote to memory of 2880 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 45 PID 2584 wrote to memory of 2880 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 45 PID 2584 wrote to memory of 2904 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 46 PID 2584 wrote to memory of 2904 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 46 PID 2584 wrote to memory of 2904 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 46 PID 2584 wrote to memory of 2904 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 46 PID 2584 wrote to memory of 2900 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 48 PID 2584 wrote to memory of 2900 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 48 PID 2584 wrote to memory of 2900 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 48 PID 2584 wrote to memory of 2900 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 48 PID 2584 wrote to memory of 1608 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 50 PID 2584 wrote to memory of 1608 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 50 PID 2584 wrote to memory of 1608 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 50 PID 2584 wrote to memory of 1608 2584 2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe 50 PID 1608 wrote to memory of 660 1608 cmd.exe 121 PID 1608 wrote to memory of 660 1608 cmd.exe 121 PID 1608 wrote to memory of 660 1608 cmd.exe 121 PID 1608 wrote to memory of 660 1608 cmd.exe 121
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2712 -
C:\Users\Admin\fAkAgEwI\DsIEAwIg.exe"C:\Users\Admin\fAkAgEwI\DsIEAwIg.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1800
-
-
C:\ProgramData\kcYwYcwY\KCUIMoso.exe"C:\ProgramData\kcYwYcwY\KCUIMoso.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2520
-
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:2652 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:2732 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2768 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"6⤵PID:1424
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:2716 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"8⤵PID:2800
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:2096 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"10⤵PID:2120
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:3040 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"12⤵PID:888
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:1648 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"14⤵PID:2460
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2700 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"16⤵PID:2580
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:1636 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"18⤵PID:2756
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:3060 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"20⤵PID:2384
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:560 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"22⤵PID:1900
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:2348 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"24⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:2376 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"26⤵PID:2472
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:888 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"28⤵PID:1520
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:2460 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"30⤵PID:2304
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:2580 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"32⤵PID:2868
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2744 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"34⤵PID:2168
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock35⤵
- Suspicious behavior: EnumeratesProcesses
PID:2956 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"36⤵PID:2320
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock37⤵
- Suspicious behavior: EnumeratesProcesses
PID:1900 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"38⤵PID:1668
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock39⤵
- Suspicious behavior: EnumeratesProcesses
PID:2676 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"40⤵PID:624
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock41⤵
- Suspicious behavior: EnumeratesProcesses
PID:360 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"42⤵PID:2564
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock43⤵
- Suspicious behavior: EnumeratesProcesses
PID:1284 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"44⤵PID:3068
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock45⤵
- Suspicious behavior: EnumeratesProcesses
PID:1616 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"46⤵PID:984
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock47⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"48⤵PID:1688
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock49⤵
- Suspicious behavior: EnumeratesProcesses
PID:2960 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"50⤵PID:2328
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock51⤵
- Suspicious behavior: EnumeratesProcesses
PID:2440 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"52⤵PID:2028
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock53⤵
- Suspicious behavior: EnumeratesProcesses
PID:1556 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"54⤵PID:1676
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock55⤵
- Suspicious behavior: EnumeratesProcesses
PID:1392 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"56⤵PID:2396
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock57⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"58⤵PID:3048
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock59⤵
- Suspicious behavior: EnumeratesProcesses
PID:2096 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"60⤵PID:2836
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock61⤵
- Suspicious behavior: EnumeratesProcesses
PID:2448 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"62⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock63⤵
- Suspicious behavior: EnumeratesProcesses
PID:2476 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"64⤵PID:2900
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock65⤵PID:868
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"66⤵PID:1556
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock67⤵PID:848
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"68⤵PID:2920
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock69⤵PID:1220
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"70⤵PID:2136
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock71⤵PID:2012
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"72⤵PID:948
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock73⤵PID:2324
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"74⤵PID:2788
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock75⤵PID:1492
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"76⤵PID:660
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock77⤵PID:2108
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"78⤵PID:2772
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock79⤵PID:1576
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"80⤵PID:1420
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock81⤵PID:2276
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"82⤵PID:2016
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock83⤵PID:1236
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"84⤵PID:1144
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock85⤵PID:2744
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"86⤵PID:560
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock87⤵PID:1184
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"88⤵PID:2908
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock89⤵PID:2700
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"90⤵PID:2412
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock91⤵PID:1852
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"92⤵PID:1368
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock93⤵PID:1940
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"94⤵PID:840
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock95⤵PID:1616
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"96⤵PID:1484
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock97⤵PID:3056
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"98⤵PID:2476
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock99⤵PID:892
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"100⤵PID:1900
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock101⤵PID:2648
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"102⤵PID:2768
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock103⤵PID:2040
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"104⤵PID:1672
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock105⤵PID:2208
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"106⤵PID:1044
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock107⤵PID:2792
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"108⤵PID:1280
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock109⤵PID:2952
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"110⤵PID:1844
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock111⤵PID:3040
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"112⤵PID:2724
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock113⤵PID:2812
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"114⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock115⤵PID:2900
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"116⤵PID:328
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock117⤵PID:1592
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"118⤵PID:1320
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock119⤵PID:1648
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"120⤵PID:2128
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock121⤵PID:2380
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock"122⤵PID:1324
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-