Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
15/05/2024, 10:39
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe
-
Size
186KB
-
MD5
d3ff61fb3af4a52b08b70dc9369cf264
-
SHA1
350fe15361b4f4f8b0f7e7c84aba2542b374469a
-
SHA256
ce13e35dcdab216ea5a67f021ad9dd14e12b066ee2ac97d72f0b4d6c34e64379
-
SHA512
8f98ec3b1927bd2af948e69e7c4dc6af3fd8745577f2419c768ee074967d4ffb1465a4cdff0a7eb4017eb498392010c0587a5a523c1e2fd2117110b00e6415d9
-
SSDEEP
3072:ttrQtEyTfCeHd5Kv1Z2oyAJVjiLBgJx2z8OpAl9BG5q1S61eQ3Nwzz31G:ttrILqe/ZsJZ4O2z8OpA5G5HFQ3Czb4
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (55) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation fewskEUY.exe -
Executes dropped EXE 2 IoCs
pid Process 2188 fewskEUY.exe 2548 tkEsQAUI.exe -
Loads dropped DLL 20 IoCs
pid Process 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\fewskEUY.exe = "C:\\Users\\Admin\\aigYAUAs\\fewskEUY.exe" fewskEUY.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tkEsQAUI.exe = "C:\\ProgramData\\WyYEwAoQ\\tkEsQAUI.exe" tkEsQAUI.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\fewskEUY.exe = "C:\\Users\\Admin\\aigYAUAs\\fewskEUY.exe" 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tkEsQAUI.exe = "C:\\ProgramData\\WyYEwAoQ\\tkEsQAUI.exe" 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
pid Process 3004 reg.exe 2696 reg.exe 600 reg.exe 2348 reg.exe 2580 reg.exe 2364 reg.exe 1940 reg.exe 2780 reg.exe 952 reg.exe 1096 reg.exe 2440 reg.exe 1040 reg.exe 892 reg.exe 2132 reg.exe 2392 reg.exe 1708 reg.exe 2824 reg.exe 2740 reg.exe 1572 reg.exe 1036 reg.exe 1512 reg.exe 748 reg.exe 900 reg.exe 1984 reg.exe 2920 reg.exe 2500 reg.exe 348 reg.exe 1036 reg.exe 1596 reg.exe 908 reg.exe 2492 reg.exe 2116 reg.exe 1676 reg.exe 820 reg.exe 840 reg.exe 1156 reg.exe 1564 reg.exe 2928 reg.exe 708 reg.exe 2792 reg.exe 1552 reg.exe 2080 reg.exe 1656 reg.exe 752 reg.exe 1988 reg.exe 1316 reg.exe 2656 reg.exe 2908 reg.exe 2780 reg.exe 3016 reg.exe 560 reg.exe 2540 reg.exe 988 reg.exe 2416 reg.exe 2892 reg.exe 3040 reg.exe 2040 reg.exe 2120 reg.exe 2744 reg.exe 1136 reg.exe 2740 reg.exe 3064 reg.exe 1036 reg.exe 1596 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2840 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2840 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 3052 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 3052 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1604 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1604 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1368 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1368 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 880 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 880 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2492 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2492 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2612 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2612 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2804 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2804 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1576 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1576 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2080 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2080 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1684 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1684 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2756 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2756 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1664 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1664 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 768 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 768 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 540 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 540 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2136 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2136 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1816 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1816 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2580 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2580 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2732 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2732 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2908 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2908 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2772 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2772 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 300 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 300 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2764 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2764 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1536 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1536 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2892 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2892 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1784 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1784 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 340 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 340 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2408 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2408 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1604 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 1604 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2100 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 2100 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2188 fewskEUY.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe 2188 fewskEUY.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2012 wrote to memory of 2188 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 28 PID 2012 wrote to memory of 2188 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 28 PID 2012 wrote to memory of 2188 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 28 PID 2012 wrote to memory of 2188 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 28 PID 2012 wrote to memory of 2548 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 29 PID 2012 wrote to memory of 2548 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 29 PID 2012 wrote to memory of 2548 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 29 PID 2012 wrote to memory of 2548 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 29 PID 2012 wrote to memory of 2568 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 30 PID 2012 wrote to memory of 2568 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 30 PID 2012 wrote to memory of 2568 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 30 PID 2012 wrote to memory of 2568 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 30 PID 2568 wrote to memory of 2744 2568 cmd.exe 33 PID 2568 wrote to memory of 2744 2568 cmd.exe 33 PID 2568 wrote to memory of 2744 2568 cmd.exe 33 PID 2568 wrote to memory of 2744 2568 cmd.exe 33 PID 2012 wrote to memory of 2700 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 32 PID 2012 wrote to memory of 2700 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 32 PID 2012 wrote to memory of 2700 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 32 PID 2012 wrote to memory of 2700 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 32 PID 2012 wrote to memory of 2732 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 34 PID 2012 wrote to memory of 2732 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 34 PID 2012 wrote to memory of 2732 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 34 PID 2012 wrote to memory of 2732 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 34 PID 2012 wrote to memory of 2704 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 35 PID 2012 wrote to memory of 2704 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 35 PID 2012 wrote to memory of 2704 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 35 PID 2012 wrote to memory of 2704 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 35 PID 2012 wrote to memory of 2812 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 36 PID 2012 wrote to memory of 2812 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 36 PID 2012 wrote to memory of 2812 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 36 PID 2012 wrote to memory of 2812 2012 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 36 PID 2812 wrote to memory of 2540 2812 cmd.exe 41 PID 2812 wrote to memory of 2540 2812 cmd.exe 41 PID 2812 wrote to memory of 2540 2812 cmd.exe 41 PID 2812 wrote to memory of 2540 2812 cmd.exe 41 PID 2744 wrote to memory of 1888 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 42 PID 2744 wrote to memory of 1888 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 42 PID 2744 wrote to memory of 1888 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 42 PID 2744 wrote to memory of 1888 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 42 PID 1888 wrote to memory of 2840 1888 cmd.exe 44 PID 1888 wrote to memory of 2840 1888 cmd.exe 44 PID 1888 wrote to memory of 2840 1888 cmd.exe 44 PID 1888 wrote to memory of 2840 1888 cmd.exe 44 PID 2744 wrote to memory of 2856 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 45 PID 2744 wrote to memory of 2856 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 45 PID 2744 wrote to memory of 2856 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 45 PID 2744 wrote to memory of 2856 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 45 PID 2744 wrote to memory of 2864 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 46 PID 2744 wrote to memory of 2864 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 46 PID 2744 wrote to memory of 2864 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 46 PID 2744 wrote to memory of 2864 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 46 PID 2744 wrote to memory of 2888 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 47 PID 2744 wrote to memory of 2888 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 47 PID 2744 wrote to memory of 2888 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 47 PID 2744 wrote to memory of 2888 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 47 PID 2744 wrote to memory of 2916 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 48 PID 2744 wrote to memory of 2916 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 48 PID 2744 wrote to memory of 2916 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 48 PID 2744 wrote to memory of 2916 2744 2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe 48 PID 2916 wrote to memory of 2532 2916 cmd.exe 53 PID 2916 wrote to memory of 2532 2916 cmd.exe 53 PID 2916 wrote to memory of 2532 2916 cmd.exe 53 PID 2916 wrote to memory of 2532 2916 cmd.exe 53
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Users\Admin\aigYAUAs\fewskEUY.exe"C:\Users\Admin\aigYAUAs\fewskEUY.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2188
-
-
C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe"C:\ProgramData\WyYEwAoQ\tkEsQAUI.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2548
-
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:2568 -
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2744 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2840 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"6⤵PID:2740
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:3052 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"8⤵PID:3056
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:1604 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"10⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:1368 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"12⤵PID:2280
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:880 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"14⤵PID:2672
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2492 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"16⤵PID:2712
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:2612 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"18⤵PID:664
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:2804 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"20⤵PID:2444
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:1576 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"22⤵PID:1724
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:2080 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"24⤵PID:1856
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:1684 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"26⤵PID:2700
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:2756 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"28⤵PID:1232
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:1664 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"30⤵PID:1592
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:768 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"32⤵PID:1596
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock33⤵
- Suspicious behavior: EnumeratesProcesses
PID:540 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"34⤵PID:1080
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock35⤵
- Suspicious behavior: EnumeratesProcesses
PID:2136 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"36⤵PID:1368
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock37⤵
- Suspicious behavior: EnumeratesProcesses
PID:1816 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"38⤵PID:2664
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock39⤵
- Suspicious behavior: EnumeratesProcesses
PID:2580 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"40⤵PID:2588
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock41⤵
- Suspicious behavior: EnumeratesProcesses
PID:2732 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"42⤵PID:692
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock43⤵
- Suspicious behavior: EnumeratesProcesses
PID:2908 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"44⤵PID:2804
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock45⤵
- Suspicious behavior: EnumeratesProcesses
PID:2772 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"46⤵PID:1564
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock47⤵
- Suspicious behavior: EnumeratesProcesses
PID:300 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"48⤵PID:1572
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock49⤵
- Suspicious behavior: EnumeratesProcesses
PID:2764 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"50⤵PID:2572
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock51⤵
- Suspicious behavior: EnumeratesProcesses
PID:1536 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"52⤵PID:2832
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock53⤵
- Suspicious behavior: EnumeratesProcesses
PID:2892 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"54⤵PID:2904
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock55⤵
- Suspicious behavior: EnumeratesProcesses
PID:1784 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"56⤵PID:380
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock57⤵
- Suspicious behavior: EnumeratesProcesses
PID:340 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"58⤵PID:1928
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock59⤵
- Suspicious behavior: EnumeratesProcesses
PID:2408 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"60⤵PID:2264
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock61⤵
- Suspicious behavior: EnumeratesProcesses
PID:1604 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"62⤵PID:2592
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock63⤵
- Suspicious behavior: EnumeratesProcesses
PID:2100 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"64⤵PID:2512
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock65⤵PID:2624
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"66⤵PID:3016
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock67⤵PID:1120
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"68⤵PID:732
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock69⤵PID:372
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"70⤵PID:2416
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock71⤵PID:320
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"72⤵PID:832
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock73⤵PID:876
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"74⤵PID:2680
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock75⤵PID:2632
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"76⤵PID:2724
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock77⤵PID:2788
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"78⤵PID:2280
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock79⤵PID:2880
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"80⤵PID:2716
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock81⤵PID:2700
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"82⤵PID:448
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock83⤵PID:2236
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"84⤵PID:1636
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock85⤵PID:2984
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"86⤵PID:2300
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock87⤵PID:2936
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"88⤵PID:1560
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock89⤵PID:2508
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"90⤵PID:2592
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock91⤵PID:2652
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"92⤵PID:2780
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock93⤵PID:2732
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"94⤵PID:1520
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock95⤵PID:408
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"96⤵PID:1060
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock97⤵PID:2680
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"98⤵PID:2348
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock99⤵PID:2084
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"100⤵PID:2604
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock101⤵PID:1240
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"102⤵PID:2652
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock103⤵PID:1672
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"104⤵PID:1860
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock105⤵PID:2092
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"106⤵PID:988
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock107⤵PID:2864
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"108⤵PID:2876
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock109⤵PID:608
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"110⤵PID:2344
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock111⤵PID:1992
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"112⤵PID:1556
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock113⤵PID:2780
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"114⤵PID:2088
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock115⤵PID:2804
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"116⤵PID:1856
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock117⤵PID:2564
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"118⤵PID:2856
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock119⤵PID:1272
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"120⤵PID:2280
-
C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock121⤵PID:3060
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-15_d3ff61fb3af4a52b08b70dc9369cf264_virlock"122⤵PID:2568
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-