Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-05-2024 22:23
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe
-
Size
117KB
-
MD5
8f12f6672e3a30bea49592af840f6d93
-
SHA1
b67d1459060b1d16917d68151e64c4286fbe91c2
-
SHA256
3c7abd7432b74c6f258cf94c6ced8ead24d75fdd98290ac4a8b794839a6971c9
-
SHA512
36330d2ec44307aae5db01055d104b4c20525f0a7614aaa9c9bb1233d59e00f36788fd59a224cc154f425239a6bde5e85e4a1fea3230857a75e90fa53d6b2c03
-
SSDEEP
3072:9X75hp2S75mWgAs68JNkl98pMT8DzZ1y3K9Hk0:N75hDdmDv68JNkl98zykr
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation dAkAUwwk.exe -
Executes dropped EXE 2 IoCs
pid Process 2344 rGEgkYoM.exe 2640 dAkAUwwk.exe -
Loads dropped DLL 20 IoCs
pid Process 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\rGEgkYoM.exe = "C:\\Users\\Admin\\SqUgUcoU\\rGEgkYoM.exe" 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\dAkAUwwk.exe = "C:\\ProgramData\\HOwUEkYM\\dAkAUwwk.exe" 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\dAkAUwwk.exe = "C:\\ProgramData\\HOwUEkYM\\dAkAUwwk.exe" dAkAUwwk.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\rGEgkYoM.exe = "C:\\Users\\Admin\\SqUgUcoU\\rGEgkYoM.exe" rGEgkYoM.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
pid Process 3048 reg.exe 2028 reg.exe 2772 reg.exe 1360 reg.exe 2100 reg.exe 2804 reg.exe 2584 reg.exe 2012 reg.exe 1944 reg.exe 1100 reg.exe 2984 reg.exe 2592 reg.exe 2324 reg.exe 2908 reg.exe 2064 reg.exe 1040 reg.exe 2340 reg.exe 1588 reg.exe 2588 reg.exe 2596 reg.exe 2380 reg.exe 864 reg.exe 768 reg.exe 820 reg.exe 2616 reg.exe 1700 reg.exe 2600 reg.exe 2436 reg.exe 1872 reg.exe 2548 reg.exe 2888 reg.exe 312 reg.exe 2424 reg.exe 2920 reg.exe 3012 reg.exe 1964 reg.exe 2940 reg.exe 2732 reg.exe 3012 reg.exe 1656 reg.exe 1636 reg.exe 1436 reg.exe 1648 reg.exe 2428 reg.exe 1672 reg.exe 2696 reg.exe 1776 reg.exe 2340 reg.exe 2184 reg.exe 2752 reg.exe 2620 reg.exe 964 reg.exe 2440 reg.exe 2516 reg.exe 1436 reg.exe 1552 reg.exe 2292 reg.exe 1516 reg.exe 2888 reg.exe 2496 reg.exe 1568 reg.exe 2836 reg.exe 2620 reg.exe 1100 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2744 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2744 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1808 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1808 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2960 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2960 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1140 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1140 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2324 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2324 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2588 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2588 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2300 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2300 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2636 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2636 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1808 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1808 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1556 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1556 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1604 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1604 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 796 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 796 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2796 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2796 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2704 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2704 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 900 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 900 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 540 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 540 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2424 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2424 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2456 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2456 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1712 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1712 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1032 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1032 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2256 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2256 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2364 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2364 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 820 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 820 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1480 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 1480 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 564 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 564 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2976 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2976 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 760 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 760 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 956 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 956 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2376 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 2376 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 472 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 472 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2640 dAkAUwwk.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe 2640 dAkAUwwk.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1720 wrote to memory of 2344 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 28 PID 1720 wrote to memory of 2344 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 28 PID 1720 wrote to memory of 2344 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 28 PID 1720 wrote to memory of 2344 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 28 PID 1720 wrote to memory of 2640 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 29 PID 1720 wrote to memory of 2640 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 29 PID 1720 wrote to memory of 2640 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 29 PID 1720 wrote to memory of 2640 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 29 PID 1720 wrote to memory of 2672 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 30 PID 1720 wrote to memory of 2672 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 30 PID 1720 wrote to memory of 2672 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 30 PID 1720 wrote to memory of 2672 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 30 PID 2672 wrote to memory of 2612 2672 cmd.exe 32 PID 2672 wrote to memory of 2612 2672 cmd.exe 32 PID 2672 wrote to memory of 2612 2672 cmd.exe 32 PID 2672 wrote to memory of 2612 2672 cmd.exe 32 PID 1720 wrote to memory of 2256 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 33 PID 1720 wrote to memory of 2256 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 33 PID 1720 wrote to memory of 2256 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 33 PID 1720 wrote to memory of 2256 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 33 PID 1720 wrote to memory of 2816 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 34 PID 1720 wrote to memory of 2816 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 34 PID 1720 wrote to memory of 2816 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 34 PID 1720 wrote to memory of 2816 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 34 PID 1720 wrote to memory of 2620 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 36 PID 1720 wrote to memory of 2620 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 36 PID 1720 wrote to memory of 2620 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 36 PID 1720 wrote to memory of 2620 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 36 PID 1720 wrote to memory of 2212 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 39 PID 1720 wrote to memory of 2212 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 39 PID 1720 wrote to memory of 2212 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 39 PID 1720 wrote to memory of 2212 1720 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 39 PID 2212 wrote to memory of 2452 2212 cmd.exe 41 PID 2212 wrote to memory of 2452 2212 cmd.exe 41 PID 2212 wrote to memory of 2452 2212 cmd.exe 41 PID 2212 wrote to memory of 2452 2212 cmd.exe 41 PID 2612 wrote to memory of 2064 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 42 PID 2612 wrote to memory of 2064 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 42 PID 2612 wrote to memory of 2064 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 42 PID 2612 wrote to memory of 2064 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 42 PID 2064 wrote to memory of 2744 2064 cmd.exe 44 PID 2064 wrote to memory of 2744 2064 cmd.exe 44 PID 2064 wrote to memory of 2744 2064 cmd.exe 44 PID 2064 wrote to memory of 2744 2064 cmd.exe 44 PID 2612 wrote to memory of 2888 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 45 PID 2612 wrote to memory of 2888 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 45 PID 2612 wrote to memory of 2888 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 45 PID 2612 wrote to memory of 2888 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 45 PID 2612 wrote to memory of 2920 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 46 PID 2612 wrote to memory of 2920 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 46 PID 2612 wrote to memory of 2920 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 46 PID 2612 wrote to memory of 2920 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 46 PID 2612 wrote to memory of 2496 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 47 PID 2612 wrote to memory of 2496 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 47 PID 2612 wrote to memory of 2496 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 47 PID 2612 wrote to memory of 2496 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 47 PID 2612 wrote to memory of 2268 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 48 PID 2612 wrote to memory of 2268 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 48 PID 2612 wrote to memory of 2268 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 48 PID 2612 wrote to memory of 2268 2612 2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe 48 PID 2268 wrote to memory of 2328 2268 cmd.exe 53 PID 2268 wrote to memory of 2328 2268 cmd.exe 53 PID 2268 wrote to memory of 2328 2268 cmd.exe 53 PID 2268 wrote to memory of 2328 2268 cmd.exe 53
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1720 -
C:\Users\Admin\SqUgUcoU\rGEgkYoM.exe"C:\Users\Admin\SqUgUcoU\rGEgkYoM.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2344
-
-
C:\ProgramData\HOwUEkYM\dAkAUwwk.exe"C:\ProgramData\HOwUEkYM\dAkAUwwk.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2640
-
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:2672 -
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2612 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:2064 -
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2744 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"6⤵PID:332
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:1808 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"8⤵PID:2840
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:2960 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"10⤵PID:1620
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:1140 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"12⤵PID:2168
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:2324 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"14⤵PID:2648
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2588 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"16⤵PID:2684
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:2300 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"18⤵PID:2124
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:2636 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"20⤵PID:2288
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:1808 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"22⤵PID:2036
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1556 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"24⤵PID:2404
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:1604 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"26⤵PID:2764
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:796 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"28⤵PID:2904
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:2796 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"30⤵PID:2744
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:2704 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"32⤵PID:332
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock33⤵
- Suspicious behavior: EnumeratesProcesses
PID:900 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"34⤵PID:2960
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock35⤵
- Suspicious behavior: EnumeratesProcesses
PID:540 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"36⤵PID:1140
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock37⤵
- Suspicious behavior: EnumeratesProcesses
PID:2424 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"38⤵PID:2200
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock39⤵
- Suspicious behavior: EnumeratesProcesses
PID:2456 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"40⤵PID:1280
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock41⤵
- Suspicious behavior: EnumeratesProcesses
PID:1712 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"42⤵PID:1496
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock43⤵
- Suspicious behavior: EnumeratesProcesses
PID:1032 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"44⤵PID:2272
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock45⤵
- Suspicious behavior: EnumeratesProcesses
PID:2256 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"46⤵PID:1744
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock47⤵
- Suspicious behavior: EnumeratesProcesses
PID:2364 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"48⤵PID:1784
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock49⤵
- Suspicious behavior: EnumeratesProcesses
PID:820 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"50⤵PID:2756
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock51⤵
- Suspicious behavior: EnumeratesProcesses
PID:1480 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"52⤵PID:2632
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock53⤵
- Suspicious behavior: EnumeratesProcesses
PID:564 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"54⤵PID:920
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock55⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"56⤵PID:2760
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock57⤵
- Suspicious behavior: EnumeratesProcesses
PID:760 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"58⤵PID:1532
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock59⤵
- Suspicious behavior: EnumeratesProcesses
PID:956 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"60⤵PID:2100
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock61⤵
- Suspicious behavior: EnumeratesProcesses
PID:2376 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"62⤵PID:1988
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock63⤵
- Suspicious behavior: EnumeratesProcesses
PID:472 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"64⤵PID:2688
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock65⤵PID:532
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"66⤵PID:3052
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock67⤵PID:1832
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"68⤵PID:2596
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock69⤵PID:2920
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"70⤵PID:2528
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock71⤵PID:1484
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"72⤵PID:2288
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock73⤵PID:2700
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"74⤵PID:2804
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock75⤵PID:2592
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"76⤵PID:2064
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock77⤵PID:488
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"78⤵PID:2732
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock79⤵PID:1436
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"80⤵PID:1608
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock81⤵PID:1600
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"82⤵PID:2276
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock83⤵PID:1496
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"84⤵PID:2908
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock85⤵PID:1528
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"86⤵PID:2584
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock87⤵PID:2288
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"88⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock89⤵PID:2796
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"90⤵PID:1980
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock91⤵PID:2104
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"92⤵PID:2380
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock93⤵PID:1628
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"94⤵PID:1248
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock95⤵PID:2792
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"96⤵PID:1672
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock97⤵PID:1588
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"98⤵PID:768
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock99⤵PID:2092
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"100⤵PID:2944
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock101⤵PID:312
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"102⤵PID:1692
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock103⤵PID:2132
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"104⤵PID:852
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock105⤵PID:2844
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"106⤵PID:2436
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock107⤵PID:1248
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"108⤵PID:2696
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock109⤵PID:956
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"110⤵PID:2572
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock111⤵PID:2176
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"112⤵PID:1696
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock113⤵PID:2372
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"114⤵PID:2072
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock115⤵PID:2272
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"116⤵PID:884
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock117⤵PID:2804
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"118⤵PID:1924
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock119⤵PID:1568
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"120⤵PID:2748
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock121⤵PID:1248
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-05-21_8f12f6672e3a30bea49592af840f6d93_virlock"122⤵PID:2264
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-