Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
25-04-2024 20:58
General
-
Target
2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exe
-
Size
196KB
-
MD5
61cd4e9327ec5da51da328096b0fc36f
-
SHA1
253b9758f7b06743536ce8800ba7e21dd6273fce
-
SHA256
ea514385af1cd44410072e4c7aeba20d91d550b10236079dbdf126dfdd3e5de0
-
SHA512
0a38816904550129c73f1f4ea643a1b4e227d604eef42446bd1d2b9c5f38cf174cecf0d226333e7534f7b56b2cb63d307a00d25117ed6f75413b04f2a5caa5e1
-
SSDEEP
6144:GDdGBiS4E9JvqhgMHs79v+cJjbD42id2Csto5LXDRr:odGBiS4E9JvqhgC4vgpc4T9
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Renames multiple (64) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 4 IoCs
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\mKQEkIgg\tEIckoEs.exe"C:\Users\Admin\mKQEkIgg\tEIckoEs.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\ProgramData\yQUEkwMo\ZiIckIgI.exe"C:\ProgramData\yQUEkwMo\ZiIckIgI.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"8⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"10⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"12⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"14⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"16⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock17⤵
- Adds Run key to start application
-
C:\Users\Admin\byYgoYIM\nSYgEgUI.exe"C:\Users\Admin\byYgoYIM\nSYgEgUI.exe"18⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 22419⤵
- Program crash
-
C:\ProgramData\SCUEMUEI\bOQMYUwU.exe"C:\ProgramData\SCUEMUEI\bOQMYUwU.exe"18⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 22419⤵
- Program crash
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"18⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"20⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"22⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"24⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"26⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"28⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"30⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"32⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"34⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock35⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"36⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock37⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"38⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock39⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"40⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock41⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"42⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"44⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"46⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock47⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"48⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock49⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"50⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock51⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"52⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock53⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"54⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock55⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"56⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock57⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"58⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock59⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"60⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock61⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"62⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock63⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"64⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock65⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"66⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock67⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"68⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock69⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"70⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock71⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"72⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock73⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"74⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock75⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"76⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock77⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"78⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock79⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"80⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock81⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"82⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock83⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"84⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock85⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"86⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock87⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"88⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock89⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"90⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock91⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"92⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock93⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"94⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock95⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"96⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock97⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"98⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock99⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"100⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"102⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"104⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"106⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1107⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"108⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"110⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"112⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"114⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"116⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1117⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"118⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1119⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"120⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock121⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"122⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock123⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"124⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock125⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"126⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock127⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"128⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock129⤵
- Adds Run key to start application
-
C:\Users\Admin\byYgoYIM\nSYgEgUI.exe"C:\Users\Admin\byYgoYIM\nSYgEgUI.exe"130⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 184131⤵
- Program crash
-
C:\ProgramData\SCUEMUEI\bOQMYUwU.exe"C:\ProgramData\SCUEMUEI\bOQMYUwU.exe"130⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 188131⤵
- Program crash
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"130⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock131⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"132⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock133⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"134⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock135⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"136⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock137⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"138⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock139⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"140⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock141⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"142⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock143⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"144⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock145⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"146⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock147⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"148⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock149⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"150⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock151⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"152⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock153⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"154⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock155⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"156⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock157⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"158⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock159⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"160⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock161⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"162⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock163⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"164⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock165⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"166⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock167⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"168⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1169⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock169⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"170⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock171⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"172⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock173⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"174⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock175⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"176⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1177⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock177⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"178⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock179⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"180⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock181⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"182⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock183⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"184⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock185⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"186⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock187⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"188⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock189⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"190⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock191⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"192⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock193⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"194⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1195⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock195⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"196⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock197⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"198⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1199⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock199⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"200⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock201⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"202⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock203⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"204⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock205⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"206⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1207⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock207⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"208⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1209⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock209⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"210⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock211⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"212⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock213⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"214⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock215⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"216⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1217⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock217⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"218⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock219⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"220⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock221⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"222⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock223⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"224⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock225⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"226⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock227⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"228⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock229⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"230⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock231⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"232⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock233⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"234⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1235⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock235⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"236⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock237⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"238⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock239⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-25_61cd4e9327ec5da51da328096b0fc36f_virlock"240⤵