Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
03/04/2024, 18:38
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe
-
Size
709KB
-
MD5
544db6d59b25248df3c9cf9b9b33b544
-
SHA1
41fcdaa68b616b5ffaff9c4e7a4f76445372102a
-
SHA256
6d361226ae035f3b21c1cdbc55ddd68ae2eed78b9bcaaa3ab7373d670cfd70be
-
SHA512
e992a614ee2ea8a0bb07648e44b2f86c34bd627567a46d64481f5fded670e3e1667f5e4985a5be87ae4d754d2e7ffa68e76055e950ccca40343c3a2a8e459d36
-
SSDEEP
12288:XbccHXQ/j5pGYUd9YTKwdYXspdN9TSR8EJQvct/zrPf5QRNdh3EW9:XbcgQdYYUvYTKapdiRZJJXoh3b
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (87) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation MoUkgMMM.exe -
Executes dropped EXE 2 IoCs
pid Process 1772 MoUkgMMM.exe 2156 QIQsoIUQ.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MoUkgMMM.exe = "C:\\Users\\Admin\\IEIwMEkw\\MoUkgMMM.exe" 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\QIQsoIUQ.exe = "C:\\ProgramData\\FiscYoIc\\QIQsoIUQ.exe" 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MoUkgMMM.exe = "C:\\Users\\Admin\\IEIwMEkw\\MoUkgMMM.exe" MoUkgMMM.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\QIQsoIUQ.exe = "C:\\ProgramData\\FiscYoIc\\QIQsoIUQ.exe" QIQsoIUQ.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\shell32.dll.exe MoUkgMMM.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
pid Process 4880 reg.exe 4364 reg.exe 5016 reg.exe 1756 reg.exe 876 reg.exe 2844 reg.exe 4616 reg.exe 2736 reg.exe 1820 reg.exe 4868 reg.exe 4672 reg.exe 3472 reg.exe 4276 reg.exe 4548 reg.exe 3752 reg.exe 3608 reg.exe 4344 reg.exe 1680 reg.exe 4884 reg.exe 2000 reg.exe 4836 reg.exe 5088 reg.exe 1180 reg.exe 1124 reg.exe 264 reg.exe 4308 reg.exe 1604 reg.exe 924 reg.exe 3876 reg.exe 1572 reg.exe 1792 reg.exe 2864 reg.exe 2304 reg.exe 5008 reg.exe 5072 reg.exe 2000 reg.exe 3568 reg.exe 4644 reg.exe 2040 reg.exe 3320 reg.exe 1756 reg.exe 2056 reg.exe 60 reg.exe 1664 reg.exe 1104 reg.exe 1180 reg.exe 464 reg.exe 2480 reg.exe 4884 reg.exe 1196 reg.exe 3636 reg.exe 1132 reg.exe 1044 reg.exe 2624 reg.exe 3788 reg.exe 2928 reg.exe 3476 reg.exe 3880 reg.exe 1044 reg.exe 4420 reg.exe 2204 reg.exe 4620 reg.exe 2684 reg.exe 5008 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4196 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4196 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4196 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4196 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 392 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 392 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 392 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 392 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1472 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1472 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1472 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 1472 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4456 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4456 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4456 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4456 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2640 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2640 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2640 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 2640 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3276 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3276 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3276 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3276 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3964 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3964 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3964 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3964 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 5080 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 5080 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 5080 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 5080 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4308 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4308 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4308 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4308 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4456 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4456 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4456 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4456 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3916 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3916 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3916 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3916 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4636 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4636 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4636 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 4636 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3592 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3592 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3592 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 3592 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1772 MoUkgMMM.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe 1772 MoUkgMMM.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4448 wrote to memory of 1772 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 86 PID 4448 wrote to memory of 1772 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 86 PID 4448 wrote to memory of 1772 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 86 PID 4448 wrote to memory of 2156 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 87 PID 4448 wrote to memory of 2156 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 87 PID 4448 wrote to memory of 2156 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 87 PID 4448 wrote to memory of 4688 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 88 PID 4448 wrote to memory of 4688 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 88 PID 4448 wrote to memory of 4688 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 88 PID 4688 wrote to memory of 3340 4688 cmd.exe 91 PID 4688 wrote to memory of 3340 4688 cmd.exe 91 PID 4688 wrote to memory of 3340 4688 cmd.exe 91 PID 4448 wrote to memory of 1500 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 90 PID 4448 wrote to memory of 1500 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 90 PID 4448 wrote to memory of 1500 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 90 PID 4448 wrote to memory of 3932 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 92 PID 4448 wrote to memory of 3932 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 92 PID 4448 wrote to memory of 3932 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 92 PID 4448 wrote to memory of 1140 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 93 PID 4448 wrote to memory of 1140 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 93 PID 4448 wrote to memory of 1140 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 93 PID 4448 wrote to memory of 2576 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 94 PID 4448 wrote to memory of 2576 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 94 PID 4448 wrote to memory of 2576 4448 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 94 PID 2576 wrote to memory of 1572 2576 cmd.exe 99 PID 2576 wrote to memory of 1572 2576 cmd.exe 99 PID 2576 wrote to memory of 1572 2576 cmd.exe 99 PID 3340 wrote to memory of 1900 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 100 PID 3340 wrote to memory of 1900 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 100 PID 3340 wrote to memory of 1900 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 100 PID 1900 wrote to memory of 2740 1900 cmd.exe 102 PID 1900 wrote to memory of 2740 1900 cmd.exe 102 PID 1900 wrote to memory of 2740 1900 cmd.exe 102 PID 3340 wrote to memory of 2980 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 103 PID 3340 wrote to memory of 2980 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 103 PID 3340 wrote to memory of 2980 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 103 PID 3340 wrote to memory of 1196 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 104 PID 3340 wrote to memory of 1196 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 104 PID 3340 wrote to memory of 1196 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 104 PID 3340 wrote to memory of 4880 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 105 PID 3340 wrote to memory of 4880 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 105 PID 3340 wrote to memory of 4880 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 105 PID 3340 wrote to memory of 4600 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 106 PID 3340 wrote to memory of 4600 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 106 PID 3340 wrote to memory of 4600 3340 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 106 PID 4600 wrote to memory of 3380 4600 cmd.exe 111 PID 4600 wrote to memory of 3380 4600 cmd.exe 111 PID 4600 wrote to memory of 3380 4600 cmd.exe 111 PID 2740 wrote to memory of 976 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 113 PID 2740 wrote to memory of 976 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 113 PID 2740 wrote to memory of 976 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 113 PID 976 wrote to memory of 4196 976 cmd.exe 115 PID 976 wrote to memory of 4196 976 cmd.exe 115 PID 976 wrote to memory of 4196 976 cmd.exe 115 PID 2740 wrote to memory of 1200 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 116 PID 2740 wrote to memory of 1200 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 116 PID 2740 wrote to memory of 1200 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 116 PID 2740 wrote to memory of 696 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 117 PID 2740 wrote to memory of 696 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 117 PID 2740 wrote to memory of 696 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 117 PID 2740 wrote to memory of 892 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 118 PID 2740 wrote to memory of 892 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 118 PID 2740 wrote to memory of 892 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 118 PID 2740 wrote to memory of 3960 2740 2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe 119
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4448 -
C:\Users\Admin\IEIwMEkw\MoUkgMMM.exe"C:\Users\Admin\IEIwMEkw\MoUkgMMM.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1772
-
-
C:\ProgramData\FiscYoIc\QIQsoIUQ.exe"C:\ProgramData\FiscYoIc\QIQsoIUQ.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2156
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:4688 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3340 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:1900 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"6⤵
- Suspicious use of WriteProcessMemory
PID:976 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:4196 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"8⤵PID:3956
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:392 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"10⤵PID:2372
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:1472 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"12⤵PID:4884
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"14⤵PID:2904
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2640 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"16⤵PID:3752
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:3276 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"18⤵PID:540
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:3964 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"20⤵PID:4508
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"22⤵PID:4448
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:4308 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"24⤵PID:1144
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"26⤵PID:892
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:3916 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"28⤵PID:1496
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:4636 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"30⤵PID:2152
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV131⤵PID:540
-
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:3592 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"32⤵PID:4612
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock33⤵PID:1140
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"34⤵PID:3824
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV135⤵PID:5020
-
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock35⤵PID:1864
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"36⤵PID:1756
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock37⤵PID:1604
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"38⤵PID:832
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock39⤵PID:4652
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"40⤵PID:2196
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock41⤵PID:1760
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"42⤵PID:1092
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock43⤵PID:2428
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"44⤵PID:624
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock45⤵PID:5088
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"46⤵PID:4548
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock47⤵PID:5072
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"48⤵PID:428
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV149⤵PID:4436
-
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock49⤵PID:4452
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"50⤵PID:1124
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock51⤵PID:1792
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"52⤵PID:1572
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock53⤵PID:3812
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"54⤵PID:2036
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV155⤵PID:3824
-
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock55⤵PID:3876
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"56⤵PID:644
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock57⤵PID:2684
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"58⤵PID:2152
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock59⤵PID:628
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"60⤵PID:2056
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock61⤵PID:4964
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"62⤵PID:1868
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock63⤵PID:1200
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"64⤵PID:1092
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock65⤵PID:4132
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"66⤵PID:4188
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock67⤵PID:2304
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"68⤵PID:3884
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock69⤵PID:2740
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"70⤵PID:3652
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock71⤵PID:1408
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"72⤵PID:2908
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock73⤵PID:1572
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"74⤵PID:2524
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock75⤵PID:1548
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"76⤵PID:5080
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock77⤵PID:4464
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"78⤵PID:2268
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock79⤵PID:1900
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"80⤵PID:516
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock81⤵PID:1564
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"82⤵PID:3244
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock83⤵PID:3492
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"84⤵PID:1984
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV185⤵PID:1548
-
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock85⤵PID:4128
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"86⤵PID:3932
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock87⤵PID:5036
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"88⤵PID:4216
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock89⤵PID:2100
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"90⤵PID:3620
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock91⤵PID:4880
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"92⤵PID:2764
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock93⤵PID:4432
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"94⤵PID:4024
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock95⤵PID:2368
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"96⤵PID:2724
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock97⤵PID:2432
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"98⤵PID:1572
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock99⤵PID:4276
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"100⤵PID:3516
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock101⤵PID:4940
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"102⤵PID:3608
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock103⤵PID:1568
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"104⤵PID:3136
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock105⤵PID:4972
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"106⤵PID:3824
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock107⤵PID:2536
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"108⤵PID:1152
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock109⤵PID:1984
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"110⤵PID:1408
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock111⤵PID:2836
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"112⤵PID:4644
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock113⤵PID:4888
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"114⤵PID:2612
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1115⤵PID:3584
-
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock115⤵PID:2740
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"116⤵PID:1760
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock117⤵PID:876
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"118⤵PID:4120
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock119⤵PID:4288
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"120⤵PID:5020
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock121⤵PID:3520
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_544db6d59b25248df3c9cf9b9b33b544_virlock"122⤵PID:2004
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-