Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/04/2024, 18:38
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
-
Size
709KB
-
MD5
544db6d59b25248df3c9cf9b9b33b544
-
SHA1
41fcdaa68b616b5ffaff9c4e7a4f76445372102a
-
SHA256
6d361226ae035f3b21c1cdbc55ddd68ae2eed78b9bcaaa3ab7373d670cfd70be
-
SHA512
e992a614ee2ea8a0bb07648e44b2f86c34bd627567a46d64481f5fded670e3e1667f5e4985a5be87ae4d754d2e7ffa68e76055e950ccca40343c3a2a8e459d36
-
SSDEEP
12288:XbccHXQ/j5pGYUd9YTKwdYXspdN9TSR8EJQvct/zrPf5QRNdh3EW9:XbcgQdYYUvYTKapdiRZJJXoh3b
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation mcMEksoQ.exe -
Executes dropped EXE 2 IoCs
pid Process 2828 OKwckkcU.exe 1768 mcMEksoQ.exe -
Loads dropped DLL 20 IoCs
pid Process 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\mcMEksoQ.exe = "C:\\Users\\Admin\\ZSEckcIY\\mcMEksoQ.exe" 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OKwckkcU.exe = "C:\\ProgramData\\dgUgAskI\\OKwckkcU.exe" 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\mcMEksoQ.exe = "C:\\Users\\Admin\\ZSEckcIY\\mcMEksoQ.exe" mcMEksoQ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OKwckkcU.exe = "C:\\ProgramData\\dgUgAskI\\OKwckkcU.exe" OKwckkcU.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico mcMEksoQ.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
pid Process 1708 reg.exe 2264 reg.exe 1996 reg.exe 2600 reg.exe 2444 reg.exe 2680 reg.exe 1080 reg.exe 1476 reg.exe 2244 reg.exe 792 reg.exe 2432 reg.exe 852 reg.exe 1384 reg.exe 900 reg.exe 2616 reg.exe 1776 reg.exe 560 reg.exe 2864 reg.exe 852 reg.exe 2700 reg.exe 792 reg.exe 2084 reg.exe 2536 reg.exe 2112 reg.exe 1496 reg.exe 1732 reg.exe 2096 reg.exe 2864 reg.exe 1612 reg.exe 592 reg.exe 2140 reg.exe 2580 reg.exe 2144 reg.exe 2024 reg.exe 1692 reg.exe 1484 reg.exe 2200 reg.exe 888 reg.exe 900 reg.exe 2784 reg.exe 2144 reg.exe 2520 reg.exe 2376 reg.exe 2836 reg.exe 1180 reg.exe 2760 reg.exe 2856 reg.exe 2436 reg.exe 1884 reg.exe 3024 reg.exe 2260 reg.exe 2208 reg.exe 3044 reg.exe 1272 reg.exe 2908 reg.exe 896 reg.exe 2200 reg.exe 3060 reg.exe 2636 reg.exe 1488 reg.exe 360 reg.exe 2016 reg.exe 2808 reg.exe 3036 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1596 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1596 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1896 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1896 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 540 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 540 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1512 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1512 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1996 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1996 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2744 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2744 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2708 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2708 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2040 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2040 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1256 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1256 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2856 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2856 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2616 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2616 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1360 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1360 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2708 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2708 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 772 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 772 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1736 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1736 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2948 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2948 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2156 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2156 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1604 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1604 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2024 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2024 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2504 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2504 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1868 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1868 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1884 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1884 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2164 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2164 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 592 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 592 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2884 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2884 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1856 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1856 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1768 mcMEksoQ.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe 1768 mcMEksoQ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2696 wrote to memory of 1768 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 28 PID 2696 wrote to memory of 1768 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 28 PID 2696 wrote to memory of 1768 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 28 PID 2696 wrote to memory of 1768 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 28 PID 2696 wrote to memory of 2828 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 29 PID 2696 wrote to memory of 2828 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 29 PID 2696 wrote to memory of 2828 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 29 PID 2696 wrote to memory of 2828 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 29 PID 2696 wrote to memory of 2628 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 30 PID 2696 wrote to memory of 2628 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 30 PID 2696 wrote to memory of 2628 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 30 PID 2696 wrote to memory of 2628 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 30 PID 2628 wrote to memory of 2556 2628 cmd.exe 33 PID 2628 wrote to memory of 2556 2628 cmd.exe 33 PID 2628 wrote to memory of 2556 2628 cmd.exe 33 PID 2628 wrote to memory of 2556 2628 cmd.exe 33 PID 2696 wrote to memory of 2516 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 32 PID 2696 wrote to memory of 2516 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 32 PID 2696 wrote to memory of 2516 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 32 PID 2696 wrote to memory of 2516 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 32 PID 2696 wrote to memory of 2908 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 34 PID 2696 wrote to memory of 2908 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 34 PID 2696 wrote to memory of 2908 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 34 PID 2696 wrote to memory of 2908 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 34 PID 2696 wrote to memory of 2680 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 36 PID 2696 wrote to memory of 2680 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 36 PID 2696 wrote to memory of 2680 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 36 PID 2696 wrote to memory of 2680 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 36 PID 2696 wrote to memory of 2860 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 39 PID 2696 wrote to memory of 2860 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 39 PID 2696 wrote to memory of 2860 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 39 PID 2696 wrote to memory of 2860 2696 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 39 PID 2860 wrote to memory of 2484 2860 cmd.exe 41 PID 2860 wrote to memory of 2484 2860 cmd.exe 41 PID 2860 wrote to memory of 2484 2860 cmd.exe 41 PID 2860 wrote to memory of 2484 2860 cmd.exe 41 PID 2556 wrote to memory of 2204 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 42 PID 2556 wrote to memory of 2204 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 42 PID 2556 wrote to memory of 2204 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 42 PID 2556 wrote to memory of 2204 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 42 PID 2204 wrote to memory of 1596 2204 cmd.exe 44 PID 2204 wrote to memory of 1596 2204 cmd.exe 44 PID 2204 wrote to memory of 1596 2204 cmd.exe 44 PID 2204 wrote to memory of 1596 2204 cmd.exe 44 PID 2556 wrote to memory of 1496 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 45 PID 2556 wrote to memory of 1496 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 45 PID 2556 wrote to memory of 1496 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 45 PID 2556 wrote to memory of 1496 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 45 PID 2556 wrote to memory of 1592 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 46 PID 2556 wrote to memory of 1592 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 46 PID 2556 wrote to memory of 1592 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 46 PID 2556 wrote to memory of 1592 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 46 PID 2556 wrote to memory of 1612 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 47 PID 2556 wrote to memory of 1612 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 47 PID 2556 wrote to memory of 1612 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 47 PID 2556 wrote to memory of 1612 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 47 PID 2556 wrote to memory of 1888 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 48 PID 2556 wrote to memory of 1888 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 48 PID 2556 wrote to memory of 1888 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 48 PID 2556 wrote to memory of 1888 2556 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 48 PID 1888 wrote to memory of 768 1888 cmd.exe 52 PID 1888 wrote to memory of 768 1888 cmd.exe 52 PID 1888 wrote to memory of 768 1888 cmd.exe 52 PID 1888 wrote to memory of 768 1888 cmd.exe 52
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Users\Admin\ZSEckcIY\mcMEksoQ.exe"C:\Users\Admin\ZSEckcIY\mcMEksoQ.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1768
-
-
C:\ProgramData\dgUgAskI\OKwckkcU.exe"C:\ProgramData\dgUgAskI\OKwckkcU.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2828
-
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:2628 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
PID:1596 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"6⤵PID:1924
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:1896 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"8⤵PID:2256
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:540 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"10⤵PID:1500
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:1512 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"12⤵PID:2948
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:1996 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"14⤵PID:2344
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2744 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"16⤵PID:2628
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:556 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"18⤵PID:2396
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:2708 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"20⤵PID:2260
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:2040 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"22⤵PID:2636
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1256 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"24⤵PID:1060
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:2856 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"26⤵PID:2632
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:2696 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"28⤵PID:1548
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:2616 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"30⤵PID:2352
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:1360 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"32⤵PID:1692
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2708 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"34⤵PID:1748
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock35⤵
- Suspicious behavior: EnumeratesProcesses
PID:772 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"36⤵PID:2760
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock37⤵
- Suspicious behavior: EnumeratesProcesses
PID:1736 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"38⤵PID:1944
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock39⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"40⤵PID:1496
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock41⤵
- Suspicious behavior: EnumeratesProcesses
PID:2156 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"42⤵PID:1580
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock43⤵
- Suspicious behavior: EnumeratesProcesses
PID:1604 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"44⤵PID:2720
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock45⤵
- Suspicious behavior: EnumeratesProcesses
PID:2556 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"46⤵PID:2464
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock47⤵
- Suspicious behavior: EnumeratesProcesses
PID:2024 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"48⤵PID:1440
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock49⤵
- Suspicious behavior: EnumeratesProcesses
PID:2504 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"50⤵PID:2620
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock51⤵
- Suspicious behavior: EnumeratesProcesses
PID:1868 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"52⤵PID:1912
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock53⤵
- Suspicious behavior: EnumeratesProcesses
PID:1884 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"54⤵PID:1936
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock55⤵
- Suspicious behavior: EnumeratesProcesses
PID:1556 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"56⤵PID:3036
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock57⤵
- Suspicious behavior: EnumeratesProcesses
PID:2164 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"58⤵PID:2864
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock59⤵
- Suspicious behavior: EnumeratesProcesses
PID:592 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"60⤵PID:1472
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock61⤵
- Suspicious behavior: EnumeratesProcesses
PID:2884 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"62⤵PID:2680
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock63⤵
- Suspicious behavior: EnumeratesProcesses
PID:1856 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"64⤵PID:1008
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock65⤵PID:2120
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"66⤵PID:2104
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock67⤵PID:1576
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"68⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock69⤵PID:1676
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"70⤵PID:1180
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock71⤵PID:1924
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"72⤵PID:2764
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock73⤵PID:2216
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"74⤵PID:108
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock75⤵PID:2552
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"76⤵PID:1488
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock77⤵PID:2336
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"78⤵PID:1384
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock79⤵PID:2132
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"80⤵PID:1464
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock81⤵PID:2952
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"82⤵PID:1292
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock83⤵PID:1936
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"84⤵PID:2084
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock85⤵PID:2128
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"86⤵PID:1484
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock87⤵PID:1856
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"88⤵PID:2416
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock89⤵PID:1236
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"90⤵PID:2468
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock91⤵PID:2552
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"92⤵PID:560
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock93⤵PID:2460
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"94⤵PID:892
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock95⤵PID:1208
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"96⤵PID:1752
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock97⤵PID:2444
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"98⤵PID:1936
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock99⤵PID:1256
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"100⤵PID:2032
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock101⤵PID:2256
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"102⤵PID:2460
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock103⤵PID:2692
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"104⤵PID:1008
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock105⤵PID:1856
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"106⤵PID:2248
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock107⤵PID:1968
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"108⤵PID:1652
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock109⤵PID:920
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"110⤵PID:820
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock111⤵PID:1932
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"112⤵PID:644
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock113⤵PID:2908
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"114⤵PID:1384
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock115⤵PID:1592
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"116⤵PID:1484
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock117⤵PID:2072
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"118⤵PID:2176
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock119⤵PID:2812
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"120⤵PID:1512
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock121⤵PID:1696
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"122⤵PID:972
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-