Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15/05/2024, 10:41
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe
-
Size
196KB
-
MD5
e9ff91b035c87dd83393342e735a28a7
-
SHA1
3b8780a3b0b9fa81d9e2e4c9eb2bde5fb258c7aa
-
SHA256
dc1c31aed64946afa7cedc15497ada98cb15b20b28db91bb5dfa3a08915b934d
-
SHA512
85bcd41c0d140569fea5159b501fca0db87506306a5695e761dc3324fd18fe022742f05ed79ff3ae346c7fc8c8f924a458a38e8560c268b5bf0b863728a6c771
-
SSDEEP
3072:DPbDCEVlW2/PHeAmfG+a8iJLN5bKawv7SxN/MANvWoHpSxp:DyEVlh/GAHLXEbqvVJ
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (61) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation lgUcsYAc.exe -
Deletes itself 1 IoCs
pid Process 2416 cmd.exe -
Executes dropped EXE 2 IoCs
pid Process 2944 lgUcsYAc.exe 2604 oysAgQwA.exe -
Loads dropped DLL 20 IoCs
pid Process 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\lgUcsYAc.exe = "C:\\Users\\Admin\\mmckAIYA\\lgUcsYAc.exe" 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oysAgQwA.exe = "C:\\ProgramData\\VSgwMYMU\\oysAgQwA.exe" 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\lgUcsYAc.exe = "C:\\Users\\Admin\\mmckAIYA\\lgUcsYAc.exe" lgUcsYAc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oysAgQwA.exe = "C:\\ProgramData\\VSgwMYMU\\oysAgQwA.exe" oysAgQwA.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
pid Process 2296 reg.exe 3024 reg.exe 1460 reg.exe 1348 reg.exe 1544 reg.exe 2456 reg.exe 3028 reg.exe 276 reg.exe 1796 reg.exe 2372 reg.exe 1732 reg.exe 2412 reg.exe 1884 reg.exe 1576 reg.exe 2424 reg.exe 2252 reg.exe 328 reg.exe 2872 reg.exe 2628 reg.exe 2172 reg.exe 2336 reg.exe 2652 reg.exe 2420 reg.exe 344 reg.exe 1544 reg.exe 952 reg.exe 332 reg.exe 2128 reg.exe 2528 reg.exe 1676 reg.exe 2584 reg.exe 1644 reg.exe 1248 reg.exe 1796 reg.exe 1504 reg.exe 2420 reg.exe 1764 reg.exe 2748 reg.exe 3052 reg.exe 772 reg.exe 1856 reg.exe 544 reg.exe 1916 reg.exe 2056 reg.exe 2444 reg.exe 272 reg.exe 1284 reg.exe 2516 reg.exe 3056 reg.exe 2192 reg.exe 1724 reg.exe 2256 reg.exe 956 reg.exe 1892 reg.exe 2520 reg.exe 1224 reg.exe 2416 reg.exe 2752 reg.exe 1488 reg.exe 2952 reg.exe 2304 reg.exe 1924 reg.exe 2488 reg.exe 2644 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1628 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1628 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 788 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 788 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2224 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2224 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1476 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1476 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2012 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2012 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2660 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2660 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1536 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1536 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2796 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2796 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 3068 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 3068 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1052 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1052 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1284 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1284 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2836 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2836 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1868 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1868 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2772 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2772 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2756 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2756 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2840 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2840 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2656 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2656 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2460 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2460 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1188 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1188 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1104 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1104 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 952 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 952 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1648 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1648 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2840 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2840 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2176 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2176 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2460 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2460 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2252 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2252 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2092 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2092 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2552 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2552 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1064 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 1064 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2556 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 2556 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2944 lgUcsYAc.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe 2944 lgUcsYAc.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2256 wrote to memory of 2944 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 28 PID 2256 wrote to memory of 2944 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 28 PID 2256 wrote to memory of 2944 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 28 PID 2256 wrote to memory of 2944 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 28 PID 2256 wrote to memory of 2604 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 29 PID 2256 wrote to memory of 2604 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 29 PID 2256 wrote to memory of 2604 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 29 PID 2256 wrote to memory of 2604 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 29 PID 2256 wrote to memory of 2640 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 30 PID 2256 wrote to memory of 2640 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 30 PID 2256 wrote to memory of 2640 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 30 PID 2256 wrote to memory of 2640 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 30 PID 2256 wrote to memory of 2660 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 32 PID 2256 wrote to memory of 2660 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 32 PID 2256 wrote to memory of 2660 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 32 PID 2256 wrote to memory of 2660 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 32 PID 2256 wrote to memory of 2420 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 34 PID 2256 wrote to memory of 2420 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 34 PID 2256 wrote to memory of 2420 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 34 PID 2256 wrote to memory of 2420 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 34 PID 2256 wrote to memory of 2416 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 35 PID 2256 wrote to memory of 2416 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 35 PID 2256 wrote to memory of 2416 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 35 PID 2256 wrote to memory of 2416 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 35 PID 2256 wrote to memory of 2436 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 36 PID 2256 wrote to memory of 2436 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 36 PID 2256 wrote to memory of 2436 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 36 PID 2256 wrote to memory of 2436 2256 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 36 PID 2640 wrote to memory of 2072 2640 cmd.exe 33 PID 2640 wrote to memory of 2072 2640 cmd.exe 33 PID 2640 wrote to memory of 2072 2640 cmd.exe 33 PID 2640 wrote to memory of 2072 2640 cmd.exe 33 PID 2436 wrote to memory of 2080 2436 cmd.exe 41 PID 2436 wrote to memory of 2080 2436 cmd.exe 41 PID 2436 wrote to memory of 2080 2436 cmd.exe 41 PID 2436 wrote to memory of 2080 2436 cmd.exe 41 PID 2072 wrote to memory of 2696 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 42 PID 2072 wrote to memory of 2696 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 42 PID 2072 wrote to memory of 2696 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 42 PID 2072 wrote to memory of 2696 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 42 PID 2696 wrote to memory of 1628 2696 cmd.exe 44 PID 2696 wrote to memory of 1628 2696 cmd.exe 44 PID 2696 wrote to memory of 1628 2696 cmd.exe 44 PID 2696 wrote to memory of 1628 2696 cmd.exe 44 PID 2072 wrote to memory of 1724 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 45 PID 2072 wrote to memory of 1724 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 45 PID 2072 wrote to memory of 1724 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 45 PID 2072 wrote to memory of 1724 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 45 PID 2072 wrote to memory of 1740 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 46 PID 2072 wrote to memory of 1740 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 46 PID 2072 wrote to memory of 1740 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 46 PID 2072 wrote to memory of 1740 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 46 PID 2072 wrote to memory of 1548 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 47 PID 2072 wrote to memory of 1548 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 47 PID 2072 wrote to memory of 1548 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 47 PID 2072 wrote to memory of 1548 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 47 PID 2072 wrote to memory of 1728 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 48 PID 2072 wrote to memory of 1728 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 48 PID 2072 wrote to memory of 1728 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 48 PID 2072 wrote to memory of 1728 2072 2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe 48 PID 1728 wrote to memory of 1736 1728 cmd.exe 53 PID 1728 wrote to memory of 1736 1728 cmd.exe 53 PID 1728 wrote to memory of 1736 1728 cmd.exe 53 PID 1728 wrote to memory of 1736 1728 cmd.exe 53
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Users\Admin\mmckAIYA\lgUcsYAc.exe"C:\Users\Admin\mmckAIYA\lgUcsYAc.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2944
-
-
C:\ProgramData\VSgwMYMU\oysAgQwA.exe"C:\ProgramData\VSgwMYMU\oysAgQwA.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2604
-
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
PID:1628 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"6⤵PID:780
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:788 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"8⤵PID:2768
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:2224 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"10⤵PID:876
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:1476 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"12⤵PID:2920
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"14⤵PID:2420
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2660 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"16⤵PID:1716
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:1536 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"18⤵PID:3000
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:2796 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"20⤵PID:636
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:3068 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"22⤵PID:472
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1052 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"24⤵PID:1788
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:1284 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"26⤵PID:1188
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:2836 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"28⤵PID:1748
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:1868 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"30⤵PID:1716
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:2772 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"32⤵PID:3032
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2756 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"34⤵PID:2216
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock35⤵
- Suspicious behavior: EnumeratesProcesses
PID:2840 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"36⤵PID:2488
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock37⤵
- Suspicious behavior: EnumeratesProcesses
PID:2656 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"38⤵PID:2448
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock39⤵
- Suspicious behavior: EnumeratesProcesses
PID:2460 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"40⤵PID:1576
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock41⤵
- Suspicious behavior: EnumeratesProcesses
PID:1188 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"42⤵PID:2812
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock43⤵
- Suspicious behavior: EnumeratesProcesses
PID:1104 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"44⤵PID:2376
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock45⤵
- Suspicious behavior: EnumeratesProcesses
PID:952 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"46⤵PID:3044
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock47⤵
- Suspicious behavior: EnumeratesProcesses
PID:1648 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"48⤵PID:2868
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock49⤵
- Suspicious behavior: EnumeratesProcesses
PID:2840 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"50⤵PID:2524
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock51⤵
- Suspicious behavior: EnumeratesProcesses
PID:2176 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"52⤵PID:2704
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock53⤵
- Suspicious behavior: EnumeratesProcesses
PID:2460 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"54⤵PID:2492
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock55⤵
- Suspicious behavior: EnumeratesProcesses
PID:2252 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"56⤵PID:1908
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock57⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"58⤵PID:2520
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock59⤵
- Suspicious behavior: EnumeratesProcesses
PID:2552 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"60⤵PID:2508
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock61⤵
- Suspicious behavior: EnumeratesProcesses
PID:1064 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"62⤵PID:324
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock63⤵
- Suspicious behavior: EnumeratesProcesses
PID:2556 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"64⤵PID:1588
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock65⤵PID:2488
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"66⤵PID:2896
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock67⤵PID:3052
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"68⤵PID:1796
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock69⤵PID:1232
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"70⤵PID:1052
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock71⤵PID:1908
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"72⤵PID:2720
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock73⤵PID:1696
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"74⤵PID:1604
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock75⤵PID:1504
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"76⤵PID:1868
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock77⤵PID:1536
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"78⤵PID:2056
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock79⤵PID:1244
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"80⤵PID:1928
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock81⤵PID:956
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"82⤵PID:472
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock83⤵PID:2404
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"84⤵PID:2496
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock85⤵PID:3032
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"86⤵PID:1564
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock87⤵PID:2408
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"88⤵PID:1568
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock89⤵PID:1272
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"90⤵PID:2192
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock91⤵PID:1576
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"92⤵PID:2016
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock93⤵PID:1104
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"94⤵PID:2392
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock95⤵PID:2952
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"96⤵PID:2696
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock97⤵PID:2472
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"98⤵PID:2128
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock99⤵PID:3028
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"100⤵PID:2008
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock101⤵PID:2136
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"102⤵PID:1800
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock103⤵PID:720
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"104⤵PID:1272
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock105⤵PID:2428
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"106⤵PID:1724
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock107⤵PID:2700
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"108⤵PID:1608
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock109⤵PID:1588
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"110⤵PID:1052
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock111⤵PID:1184
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"112⤵PID:2720
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock113⤵PID:2496
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"114⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock115⤵PID:2508
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"116⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock117⤵PID:3024
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"118⤵PID:2756
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock119⤵PID:1800
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"120⤵PID:2400
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock121⤵PID:1840
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_e9ff91b035c87dd83393342e735a28a7_virlock"122⤵PID:3028
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-