Analysis
-
max time kernel
6s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/04/2024, 19:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
Resource
win7-20240221-en
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
Resource
win10v2004-20240226-en
14 signatures
150 seconds
General
-
Target
2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
-
Size
200KB
-
MD5
16110daf1409fd74e4630f0cc4e5869d
-
SHA1
33f2c6cfb4a81cbd57eb16b5fb667ab5c39d8742
-
SHA256
53ca275d20d4b651cc11e14027d8a64f756fe08c8c4c5a6b6bda607c579b4a43
-
SHA512
1559cb64a2b1aa6c01d3eea100cff003c8dda26fb40084e5aff647997aea552c6362fc119182b59281e910645c6ab5c02858f9ebbdd640ed08c51dbf6cfb1a7a
-
SSDEEP
6144:mVdolfd85vyPXtFt3ohCjkuSNvizItA1YA:Gdol18kFFt3ohCjkLIzgA
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 16 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Executes dropped EXE 2 IoCs
pid Process 2616 aekEosgQ.exe 2484 QsgMUMgw.exe -
Loads dropped DLL 4 IoCs
pid Process 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe -
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\QsgMUMgw.exe = "C:\\ProgramData\\ZEIUEQgo\\QsgMUMgw.exe" QsgMUMgw.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\aekEosgQ.exe = "C:\\Users\\Admin\\QiIwcQkA\\aekEosgQ.exe" aekEosgQ.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\aekEosgQ.exe = "C:\\Users\\Admin\\QiIwcQkA\\aekEosgQ.exe" 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\QsgMUMgw.exe = "C:\\ProgramData\\ZEIUEQgo\\QsgMUMgw.exe" 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe -
Modifies registry key 1 TTPs 64 IoCs
pid Process 816 reg.exe 1944 reg.exe 1892 reg.exe 2432 reg.exe 2680 reg.exe 1028 reg.exe 1696 reg.exe 1436 reg.exe 2600 reg.exe 1692 reg.exe 2060 reg.exe 2596 reg.exe 1768 reg.exe 984 reg.exe 1548 reg.exe 2524 reg.exe 2264 reg.exe 1140 reg.exe 2396 reg.exe 2556 reg.exe 112 reg.exe 1032 reg.exe 2044 reg.exe 2992 reg.exe 1528 reg.exe 1812 reg.exe 2152 reg.exe 2112 reg.exe 2240 reg.exe 2508 reg.exe 1140 reg.exe 1992 reg.exe 1444 reg.exe 1524 reg.exe 1420 reg.exe 2664 reg.exe 2000 reg.exe 1772 reg.exe 2460 reg.exe 1788 reg.exe 2864 reg.exe 1280 reg.exe 1636 reg.exe 3024 reg.exe 2648 reg.exe 2252 reg.exe 1148 reg.exe 1820 reg.exe 2904 reg.exe 2888 reg.exe 852 reg.exe 2064 reg.exe 1524 reg.exe 2620 reg.exe 2600 reg.exe 2768 reg.exe 2480 reg.exe 2920 reg.exe 948 reg.exe 1440 reg.exe 1496 reg.exe 2252 reg.exe 1788 reg.exe 2168 reg.exe -
Suspicious behavior: EnumeratesProcesses 34 IoCs
pid Process 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2272 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2272 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2000 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2000 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2044 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2044 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2268 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2268 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2536 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2536 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2672 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2672 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1612 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1612 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2556 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2556 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1404 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1404 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1628 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1628 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1148 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1148 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1420 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1420 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2652 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2652 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1700 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1700 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2460 wrote to memory of 2616 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 28 PID 2460 wrote to memory of 2616 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 28 PID 2460 wrote to memory of 2616 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 28 PID 2460 wrote to memory of 2616 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 28 PID 2460 wrote to memory of 2484 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 29 PID 2460 wrote to memory of 2484 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 29 PID 2460 wrote to memory of 2484 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 29 PID 2460 wrote to memory of 2484 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 29 PID 2460 wrote to memory of 2532 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 30 PID 2460 wrote to memory of 2532 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 30 PID 2460 wrote to memory of 2532 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 30 PID 2460 wrote to memory of 2532 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 30 PID 2532 wrote to memory of 2396 2532 cmd.exe 33 PID 2532 wrote to memory of 2396 2532 cmd.exe 33 PID 2532 wrote to memory of 2396 2532 cmd.exe 33 PID 2532 wrote to memory of 2396 2532 cmd.exe 33 PID 2460 wrote to memory of 2680 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 32 PID 2460 wrote to memory of 2680 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 32 PID 2460 wrote to memory of 2680 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 32 PID 2460 wrote to memory of 2680 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 32 PID 2460 wrote to memory of 2600 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 34 PID 2460 wrote to memory of 2600 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 34 PID 2460 wrote to memory of 2600 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 34 PID 2460 wrote to memory of 2600 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 34 PID 2460 wrote to memory of 1564 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 35 PID 2460 wrote to memory of 1564 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 35 PID 2460 wrote to memory of 1564 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 35 PID 2460 wrote to memory of 1564 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 35 PID 2460 wrote to memory of 2448 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 38 PID 2460 wrote to memory of 2448 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 38 PID 2460 wrote to memory of 2448 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 38 PID 2460 wrote to memory of 2448 2460 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 38 PID 2448 wrote to memory of 108 2448 cmd.exe 41 PID 2448 wrote to memory of 108 2448 cmd.exe 41 PID 2448 wrote to memory of 108 2448 cmd.exe 41 PID 2448 wrote to memory of 108 2448 cmd.exe 41 PID 2396 wrote to memory of 1072 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 42 PID 2396 wrote to memory of 1072 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 42 PID 2396 wrote to memory of 1072 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 42 PID 2396 wrote to memory of 1072 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 42 PID 1072 wrote to memory of 764 1072 cmd.exe 44 PID 1072 wrote to memory of 764 1072 cmd.exe 44 PID 1072 wrote to memory of 764 1072 cmd.exe 44 PID 1072 wrote to memory of 764 1072 cmd.exe 44 PID 2396 wrote to memory of 908 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 45 PID 2396 wrote to memory of 908 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 45 PID 2396 wrote to memory of 908 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 45 PID 2396 wrote to memory of 908 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 45 PID 2396 wrote to memory of 1868 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 46 PID 2396 wrote to memory of 1868 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 46 PID 2396 wrote to memory of 1868 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 46 PID 2396 wrote to memory of 1868 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 46 PID 2396 wrote to memory of 2276 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 123 PID 2396 wrote to memory of 2276 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 123 PID 2396 wrote to memory of 2276 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 123 PID 2396 wrote to memory of 2276 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 123 PID 2396 wrote to memory of 1400 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 48 PID 2396 wrote to memory of 1400 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 48 PID 2396 wrote to memory of 1400 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 48 PID 2396 wrote to memory of 1400 2396 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 48 PID 1400 wrote to memory of 1700 1400 cmd.exe 127 PID 1400 wrote to memory of 1700 1400 cmd.exe 127 PID 1400 wrote to memory of 1700 1400 cmd.exe 127 PID 1400 wrote to memory of 1700 1400 cmd.exe 127
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2460 -
C:\Users\Admin\QiIwcQkA\aekEosgQ.exe"C:\Users\Admin\QiIwcQkA\aekEosgQ.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2616
-
-
C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe"C:\ProgramData\ZEIUEQgo\QsgMUMgw.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2484
-
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:2532 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2396 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:1072 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
PID:764 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"6⤵PID:1592
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:2272 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"8⤵PID:1948
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:2000 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"10⤵PID:1944
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:2044 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"12⤵PID:2744
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:2268 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"14⤵PID:2764
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2536 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"16⤵PID:1544
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:2672 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"18⤵PID:1712
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:1612 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"20⤵PID:1932
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:2556 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"22⤵PID:1904
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1404 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"24⤵PID:1248
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:1628 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"26⤵PID:2436
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:1148 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"28⤵PID:1280
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:1420 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"30⤵PID:2672
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:2652 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"32⤵PID:2244
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1700 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"34⤵PID:636
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock35⤵PID:2032
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"36⤵PID:2768
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock37⤵PID:2468
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"38⤵PID:776
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock39⤵PID:2376
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"40⤵PID:112
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock41⤵PID:2892
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"42⤵PID:1744
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock43⤵PID:828
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"44⤵PID:2272
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock45⤵PID:1640
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"46⤵PID:1968
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock47⤵PID:1396
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"48⤵PID:1988
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock49⤵PID:600
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"50⤵PID:2268
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock51⤵PID:2960
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"52⤵PID:2396
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock53⤵PID:2488
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"54⤵PID:1764
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock55⤵PID:1264
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"56⤵PID:568
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock57⤵PID:596
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"58⤵PID:1744
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock59⤵PID:1640
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"60⤵PID:848
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock61⤵PID:2556
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"62⤵PID:3000
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock63⤵PID:1988
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"64⤵PID:2632
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock65⤵PID:1628
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"66⤵PID:3004
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock67⤵PID:1756
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"68⤵PID:2152
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock69⤵PID:2164
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"70⤵PID:2724
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock71⤵PID:1764
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"72⤵PID:2672
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock73⤵PID:924
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"74⤵PID:960
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock75⤵PID:2060
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"76⤵PID:600
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock77⤵PID:288
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"78⤵PID:1496
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock79⤵PID:584
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"80⤵PID:2528
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock81⤵PID:1992
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"82⤵PID:1064
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock83⤵PID:2668
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"84⤵PID:2160
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock85⤵PID:2068
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"86⤵PID:2196
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock87⤵PID:2348
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"88⤵PID:1696
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock89⤵PID:2968
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"90⤵PID:872
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock91⤵PID:1464
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"92⤵PID:1548
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock93⤵PID:540
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"94⤵PID:2520
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock95⤵PID:2988
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"96⤵PID:2188
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock97⤵PID:1420
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"98⤵PID:2108
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock99⤵PID:2300
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"100⤵PID:1496
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock101⤵PID:872
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"102⤵PID:1612
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock103⤵PID:1908
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"104⤵PID:540
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock105⤵PID:1760
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"106⤵PID:440
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock107⤵PID:920
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"108⤵PID:2212
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock109⤵PID:1396
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"110⤵PID:1696
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock111⤵PID:2248
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"112⤵PID:984
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock113⤵PID:872
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"114⤵PID:2736
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock115⤵PID:1340
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"116⤵PID:2588
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock117⤵PID:1772
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"118⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock119⤵PID:2804
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"120⤵PID:2988
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock121⤵PID:2288
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"122⤵PID:2436
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-