Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
03/04/2024, 19:26
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
-
Size
200KB
-
MD5
16110daf1409fd74e4630f0cc4e5869d
-
SHA1
33f2c6cfb4a81cbd57eb16b5fb667ab5c39d8742
-
SHA256
53ca275d20d4b651cc11e14027d8a64f756fe08c8c4c5a6b6bda607c579b4a43
-
SHA512
1559cb64a2b1aa6c01d3eea100cff003c8dda26fb40084e5aff647997aea552c6362fc119182b59281e910645c6ab5c02858f9ebbdd640ed08c51dbf6cfb1a7a
-
SSDEEP
6144:mVdolfd85vyPXtFt3ohCjkuSNvizItA1YA:Gdol18kFFt3ohCjkLIzgA
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Process not Found -
Renames multiple (82) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation fmwkAMIw.exe -
Executes dropped EXE 2 IoCs
pid Process 3800 UacUgoEQ.exe 4544 fmwkAMIw.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UacUgoEQ.exe = "C:\\Users\\Admin\\pMkIsUoc\\UacUgoEQ.exe" 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fmwkAMIw.exe = "C:\\ProgramData\\jqIcwkYs\\fmwkAMIw.exe" 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fmwkAMIw.exe = "C:\\ProgramData\\jqIcwkYs\\fmwkAMIw.exe" fmwkAMIw.exe Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UacUgoEQ.exe = "C:\\Users\\Admin\\pMkIsUoc\\UacUgoEQ.exe" UacUgoEQ.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\shell32.dll.exe fmwkAMIw.exe File opened for modification C:\Windows\SysWOW64\shell32.dll.exe fmwkAMIw.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
pid Process 4400 reg.exe 2172 reg.exe 1524 reg.exe 1440 reg.exe 4928 reg.exe 3712 reg.exe 1548 reg.exe 4216 reg.exe 3064 reg.exe 512 reg.exe 2652 reg.exe 4280 reg.exe 812 reg.exe 624 reg.exe 2972 reg.exe 3208 reg.exe 3576 reg.exe 4480 reg.exe 3652 reg.exe 4484 reg.exe 3144 reg.exe 3760 reg.exe 2976 reg.exe 3620 reg.exe 912 reg.exe 2088 reg.exe 348 reg.exe 1884 Process not Found 4432 reg.exe 720 reg.exe 2792 reg.exe 4148 reg.exe 3736 Process not Found 2704 reg.exe 348 reg.exe 4752 reg.exe 684 reg.exe 1772 Process not Found 2376 reg.exe 3352 reg.exe 744 reg.exe 4172 reg.exe 4408 reg.exe 1580 reg.exe 4776 reg.exe 3428 reg.exe 3312 reg.exe 864 reg.exe 4296 reg.exe 1512 Process not Found 3736 reg.exe 3940 reg.exe 3332 reg.exe 2484 reg.exe 1900 reg.exe 1800 reg.exe 1700 reg.exe 4888 reg.exe 996 reg.exe 4048 reg.exe 2200 reg.exe 5064 reg.exe 2464 reg.exe 756 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3868 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3868 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3868 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3868 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2780 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2780 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2780 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2780 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4072 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4072 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4072 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4072 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1500 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1500 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1500 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 1500 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3520 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3520 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3520 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3520 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4792 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4792 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4792 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4792 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4288 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4288 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4288 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4288 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3156 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3156 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3156 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3156 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4212 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4212 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4212 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 4212 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3224 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3224 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3224 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3224 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 5044 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 5044 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 5044 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 5044 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2976 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2976 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2976 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 2976 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3140 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3140 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3140 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 3140 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4544 fmwkAMIw.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe 4544 fmwkAMIw.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1764 wrote to memory of 3800 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 87 PID 1764 wrote to memory of 3800 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 87 PID 1764 wrote to memory of 3800 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 87 PID 1764 wrote to memory of 4544 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 88 PID 1764 wrote to memory of 4544 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 88 PID 1764 wrote to memory of 4544 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 88 PID 1764 wrote to memory of 4396 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 89 PID 1764 wrote to memory of 4396 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 89 PID 1764 wrote to memory of 4396 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 89 PID 1764 wrote to memory of 2332 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 92 PID 1764 wrote to memory of 2332 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 92 PID 1764 wrote to memory of 2332 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 92 PID 1764 wrote to memory of 2252 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 93 PID 1764 wrote to memory of 2252 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 93 PID 1764 wrote to memory of 2252 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 93 PID 1764 wrote to memory of 5084 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 94 PID 1764 wrote to memory of 5084 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 94 PID 1764 wrote to memory of 5084 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 94 PID 1764 wrote to memory of 3064 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 95 PID 1764 wrote to memory of 3064 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 95 PID 1764 wrote to memory of 3064 1764 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 95 PID 4396 wrote to memory of 2608 4396 cmd.exe 100 PID 4396 wrote to memory of 2608 4396 cmd.exe 100 PID 4396 wrote to memory of 2608 4396 cmd.exe 100 PID 3064 wrote to memory of 1828 3064 cmd.exe 101 PID 3064 wrote to memory of 1828 3064 cmd.exe 101 PID 3064 wrote to memory of 1828 3064 cmd.exe 101 PID 2608 wrote to memory of 4804 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 102 PID 2608 wrote to memory of 4804 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 102 PID 2608 wrote to memory of 4804 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 102 PID 4804 wrote to memory of 4476 4804 cmd.exe 104 PID 4804 wrote to memory of 4476 4804 cmd.exe 104 PID 4804 wrote to memory of 4476 4804 cmd.exe 104 PID 2608 wrote to memory of 3320 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 105 PID 2608 wrote to memory of 3320 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 105 PID 2608 wrote to memory of 3320 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 105 PID 2608 wrote to memory of 1332 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 106 PID 2608 wrote to memory of 1332 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 106 PID 2608 wrote to memory of 1332 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 106 PID 2608 wrote to memory of 4148 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 107 PID 2608 wrote to memory of 4148 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 107 PID 2608 wrote to memory of 4148 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 107 PID 2608 wrote to memory of 1696 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 108 PID 2608 wrote to memory of 1696 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 108 PID 2608 wrote to memory of 1696 2608 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 108 PID 1696 wrote to memory of 512 1696 cmd.exe 113 PID 1696 wrote to memory of 512 1696 cmd.exe 113 PID 1696 wrote to memory of 512 1696 cmd.exe 113 PID 4476 wrote to memory of 4932 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 114 PID 4476 wrote to memory of 4932 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 114 PID 4476 wrote to memory of 4932 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 114 PID 4932 wrote to memory of 3868 4932 cmd.exe 116 PID 4932 wrote to memory of 3868 4932 cmd.exe 116 PID 4932 wrote to memory of 3868 4932 cmd.exe 116 PID 4476 wrote to memory of 1820 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 117 PID 4476 wrote to memory of 1820 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 117 PID 4476 wrote to memory of 1820 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 117 PID 4476 wrote to memory of 4432 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 118 PID 4476 wrote to memory of 4432 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 118 PID 4476 wrote to memory of 4432 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 118 PID 4476 wrote to memory of 1552 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 119 PID 4476 wrote to memory of 1552 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 119 PID 4476 wrote to memory of 1552 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 119 PID 4476 wrote to memory of 720 4476 2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe 120
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1764 -
C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe"C:\Users\Admin\pMkIsUoc\UacUgoEQ.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3800
-
-
C:\ProgramData\jqIcwkYs\fmwkAMIw.exe"C:\ProgramData\jqIcwkYs\fmwkAMIw.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4544
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:4396 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2608 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:4804 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4476 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"6⤵
- Suspicious use of WriteProcessMemory
PID:4932 -
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:3868 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"8⤵PID:3692
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:2780 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"10⤵PID:2196
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:4072 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"12⤵PID:4472
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:1500 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"14⤵PID:4624
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:3520 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"16⤵PID:3612
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:4792 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"18⤵PID:4860
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:4288 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"20⤵PID:3412
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:3156 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"22⤵PID:4284
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:4212 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"24⤵PID:2088
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:3224 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"26⤵PID:5064
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:5044 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"28⤵PID:4636
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"30⤵PID:4468
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:3140 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"32⤵PID:4484
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock33⤵PID:540
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"34⤵PID:4256
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock35⤵PID:992
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"36⤵PID:1884
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock37⤵PID:3320
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"38⤵PID:4144
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock39⤵PID:3240
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"40⤵PID:932
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock41⤵PID:4932
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"42⤵PID:748
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock43⤵PID:3060
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"44⤵PID:3228
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock45⤵PID:2432
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"46⤵PID:5084
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock47⤵PID:972
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"48⤵PID:3116
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock49⤵PID:4144
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"50⤵PID:4052
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock51⤵PID:4996
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"52⤵PID:3060
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock53⤵PID:3400
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"54⤵PID:4592
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock55⤵PID:2096
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"56⤵PID:1704
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock57⤵PID:1508
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"58⤵PID:3152
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock59⤵PID:4024
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"60⤵PID:3320
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock61⤵PID:1140
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"62⤵PID:2792
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock63⤵PID:4992
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"64⤵PID:1332
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock65⤵PID:3780
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"66⤵PID:1904
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock67⤵PID:4500
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"68⤵PID:5044
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock69⤵PID:1208
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"70⤵PID:2060
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock71⤵PID:3712
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"72⤵PID:2964
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock73⤵PID:116
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"74⤵PID:3760
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock75⤵PID:3632
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"76⤵PID:4940
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock77⤵PID:3064
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"78⤵PID:2332
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock79⤵PID:952
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"80⤵PID:1312
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock81⤵PID:2828
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"82⤵PID:1440
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock83⤵PID:4548
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"84⤵PID:2096
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock85⤵PID:3928
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"86⤵PID:2880
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock87⤵PID:860
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"88⤵PID:3260
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock89⤵PID:1648
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"90⤵PID:1960
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock91⤵PID:1508
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"92⤵PID:844
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock93⤵PID:1772
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"94⤵PID:2688
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock95⤵PID:4128
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"96⤵PID:720
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock97⤵PID:452
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"98⤵PID:348
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock99⤵PID:3412
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"100⤵PID:3404
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock101⤵PID:3644
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"102⤵PID:2440
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock103⤵PID:1224
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"104⤵PID:748
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock105⤵PID:4588
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"106⤵PID:4688
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock107⤵PID:3132
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"108⤵PID:1072
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock109⤵PID:2196
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"110⤵PID:4212
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock111⤵PID:2652
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"112⤵PID:3272
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock113⤵PID:1260
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"114⤵PID:4752
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock115⤵PID:1508
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"116⤵PID:1548
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock117⤵PID:3652
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"118⤵PID:3720
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock119⤵PID:2376
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"120⤵PID:724
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock121⤵PID:2424
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock"122⤵PID:4044
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-