Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 17:48
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe
-
Size
204KB
-
MD5
bfbf738fd5d4247871b673a210d78ff0
-
SHA1
38476a8f29ec33644f2439f6cc94db9a1906c9ae
-
SHA256
324d5e5bd8f3bfdc812a4728bd2d95aa68ce1d52a476e73b3abb2d0fe3808f00
-
SHA512
1d256a98f6557653f50dff180b4f12211db33a4f2b57c051299ae5726f94de31c24a561e3892795a00ed1236047064fb432bb58c196a8b506f2ee3433f522720
-
SSDEEP
6144:jiLdwJ5X0SGC7rrYGQJ0qkWfk0NVHlnU7:jSuJ5t2k2nnw
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (61) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
ggQMAIcg.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation ggQMAIcg.exe -
Executes dropped EXE 2 IoCs
Processes:
ggQMAIcg.exeaokEwEks.exepid process 2252 ggQMAIcg.exe 3024 aokEwEks.exe -
Loads dropped DLL 20 IoCs
Processes:
2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeggQMAIcg.exepid process 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeggQMAIcg.exeaokEwEks.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\ggQMAIcg.exe = "C:\\Users\\Admin\\FiYMQcMk\\ggQMAIcg.exe" 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\aokEwEks.exe = "C:\\ProgramData\\AeYQsoUI\\aokEwEks.exe" 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\ggQMAIcg.exe = "C:\\Users\\Admin\\FiYMQcMk\\ggQMAIcg.exe" ggQMAIcg.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\aokEwEks.exe = "C:\\ProgramData\\AeYQsoUI\\aokEwEks.exe" aokEwEks.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exepid process 1720 reg.exe 2300 reg.exe 2572 reg.exe 2868 reg.exe 1668 reg.exe 704 reg.exe 1212 reg.exe 1644 reg.exe 812 reg.exe 2908 reg.exe 2772 reg.exe 340 reg.exe 1896 reg.exe 2388 reg.exe 2276 reg.exe 2448 reg.exe 2060 reg.exe 2356 reg.exe 2044 reg.exe 1632 reg.exe 708 reg.exe 1612 reg.exe 2936 reg.exe 2608 reg.exe 1520 reg.exe 1988 reg.exe 860 reg.exe 2912 reg.exe 1220 reg.exe 576 reg.exe 832 reg.exe 3068 reg.exe 848 reg.exe 2668 reg.exe 1836 reg.exe 2488 reg.exe 2428 reg.exe 1612 reg.exe 1568 reg.exe 1616 reg.exe 1140 reg.exe 2980 reg.exe 1216 reg.exe 1628 reg.exe 2980 reg.exe 832 reg.exe 2524 reg.exe 2068 reg.exe 1876 reg.exe 2536 reg.exe 2696 reg.exe 988 reg.exe 1728 reg.exe 2584 reg.exe 2524 reg.exe 876 reg.exe 2632 reg.exe 1692 reg.exe 2812 reg.exe 2852 reg.exe 640 reg.exe 1892 reg.exe 1704 reg.exe 2460 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exepid process 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2616 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2616 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2128 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2128 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1396 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1396 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 992 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 992 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2068 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2068 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2556 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2556 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2176 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2176 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2616 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2616 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1432 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1432 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 876 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 876 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1676 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1676 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2684 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2684 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2276 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2276 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1456 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1456 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1720 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1720 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 772 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 772 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1316 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1316 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1220 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1220 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1632 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1632 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1856 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1856 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 3032 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 3032 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1344 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1344 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1728 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1728 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1868 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1868 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1472 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1472 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1888 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1888 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1416 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1416 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1396 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 1396 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2692 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe 2692 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
ggQMAIcg.exepid process 2252 ggQMAIcg.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
ggQMAIcg.exepid process 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe 2252 ggQMAIcg.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.execmd.execmd.exe2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.execmd.execmd.exedescription pid process target process PID 2860 wrote to memory of 2252 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe ggQMAIcg.exe PID 2860 wrote to memory of 2252 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe ggQMAIcg.exe PID 2860 wrote to memory of 2252 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe ggQMAIcg.exe PID 2860 wrote to memory of 2252 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe ggQMAIcg.exe PID 2860 wrote to memory of 3024 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe aokEwEks.exe PID 2860 wrote to memory of 3024 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe aokEwEks.exe PID 2860 wrote to memory of 3024 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe aokEwEks.exe PID 2860 wrote to memory of 3024 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe aokEwEks.exe PID 2860 wrote to memory of 2648 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2860 wrote to memory of 2648 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2860 wrote to memory of 2648 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2860 wrote to memory of 2648 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2648 wrote to memory of 2796 2648 cmd.exe 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe PID 2648 wrote to memory of 2796 2648 cmd.exe 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe PID 2648 wrote to memory of 2796 2648 cmd.exe 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe PID 2648 wrote to memory of 2796 2648 cmd.exe 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe PID 2860 wrote to memory of 2792 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2860 wrote to memory of 2792 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2860 wrote to memory of 2792 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2860 wrote to memory of 2792 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2860 wrote to memory of 2552 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2860 wrote to memory of 2552 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2860 wrote to memory of 2552 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2860 wrote to memory of 2552 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2860 wrote to memory of 2684 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2860 wrote to memory of 2684 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2860 wrote to memory of 2684 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2860 wrote to memory of 2684 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2860 wrote to memory of 2704 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2860 wrote to memory of 2704 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2860 wrote to memory of 2704 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2860 wrote to memory of 2704 2860 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2704 wrote to memory of 2424 2704 cmd.exe cscript.exe PID 2704 wrote to memory of 2424 2704 cmd.exe cscript.exe PID 2704 wrote to memory of 2424 2704 cmd.exe cscript.exe PID 2704 wrote to memory of 2424 2704 cmd.exe cscript.exe PID 2796 wrote to memory of 2452 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2796 wrote to memory of 2452 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2796 wrote to memory of 2452 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2796 wrote to memory of 2452 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2452 wrote to memory of 2616 2452 cmd.exe 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe PID 2452 wrote to memory of 2616 2452 cmd.exe 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe PID 2452 wrote to memory of 2616 2452 cmd.exe 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe PID 2452 wrote to memory of 2616 2452 cmd.exe 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe PID 2796 wrote to memory of 2596 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2796 wrote to memory of 2596 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2796 wrote to memory of 2596 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2796 wrote to memory of 2596 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2796 wrote to memory of 2612 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2796 wrote to memory of 2612 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2796 wrote to memory of 2612 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2796 wrote to memory of 2612 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2796 wrote to memory of 1944 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2796 wrote to memory of 1944 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2796 wrote to memory of 1944 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2796 wrote to memory of 1944 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe reg.exe PID 2796 wrote to memory of 400 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2796 wrote to memory of 400 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2796 wrote to memory of 400 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 2796 wrote to memory of 400 2796 2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe cmd.exe PID 400 wrote to memory of 2148 400 cmd.exe cscript.exe PID 400 wrote to memory of 2148 400 cmd.exe cscript.exe PID 400 wrote to memory of 2148 400 cmd.exe cscript.exe PID 400 wrote to memory of 2148 400 cmd.exe cscript.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2860 -
C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe"C:\Users\Admin\FiYMQcMk\ggQMAIcg.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2252 -
C:\ProgramData\AeYQsoUI\aokEwEks.exe"C:\ProgramData\AeYQsoUI\aokEwEks.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3024 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:2648 -
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2616 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"6⤵PID:1860
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:2128 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"8⤵PID:576
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:1396 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"10⤵PID:964
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:992 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"12⤵PID:1220
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:2068 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"14⤵PID:2400
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2556 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"16⤵PID:2672
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:2176 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"18⤵PID:1568
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:2616 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"20⤵PID:1412
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:1432 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"22⤵PID:1540
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:876 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"24⤵PID:1264
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:1676 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"26⤵PID:2708
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:2684 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"28⤵PID:112
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:2276 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"30⤵PID:2196
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:1456 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"32⤵PID:2756
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1720 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"34⤵PID:1400
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock35⤵
- Suspicious behavior: EnumeratesProcesses
PID:772 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"36⤵PID:2268
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock37⤵
- Suspicious behavior: EnumeratesProcesses
PID:1316 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"38⤵PID:2504
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock39⤵
- Suspicious behavior: EnumeratesProcesses
PID:1220 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"40⤵PID:2960
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock41⤵
- Suspicious behavior: EnumeratesProcesses
PID:1632 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"42⤵PID:2272
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock43⤵
- Suspicious behavior: EnumeratesProcesses
PID:1856 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"44⤵PID:2128
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock45⤵
- Suspicious behavior: EnumeratesProcesses
PID:3032 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"46⤵PID:1484
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock47⤵
- Suspicious behavior: EnumeratesProcesses
PID:1344 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"48⤵PID:2920
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock49⤵
- Suspicious behavior: EnumeratesProcesses
PID:1728 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"50⤵PID:2664
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock51⤵
- Suspicious behavior: EnumeratesProcesses
PID:1868 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"52⤵PID:2764
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock53⤵
- Suspicious behavior: EnumeratesProcesses
PID:1472 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"54⤵PID:1440
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock55⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"56⤵PID:2892
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock57⤵
- Suspicious behavior: EnumeratesProcesses
PID:1416 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"58⤵PID:1984
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock59⤵
- Suspicious behavior: EnumeratesProcesses
PID:1860 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"60⤵PID:3004
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock61⤵
- Suspicious behavior: EnumeratesProcesses
PID:1396 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"62⤵PID:1400
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock63⤵
- Suspicious behavior: EnumeratesProcesses
PID:2692 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"64⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock65⤵PID:2552
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"66⤵PID:2776
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock67⤵PID:2620
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"68⤵PID:1488
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock69⤵PID:1780
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"70⤵PID:2736
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock71⤵PID:3000
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"72⤵PID:1184
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock73⤵PID:1688
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"74⤵PID:1484
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock75⤵PID:2784
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"76⤵PID:2324
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock77⤵PID:2264
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"78⤵PID:2392
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock79⤵PID:2772
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"80⤵PID:1632
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock81⤵PID:2960
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"82⤵PID:2972
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock83⤵PID:2800
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"84⤵PID:1452
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock85⤵PID:1848
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"86⤵PID:1860
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock87⤵PID:912
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"88⤵PID:576
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock89⤵PID:272
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"90⤵PID:1196
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock91⤵PID:2416
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"92⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock93⤵PID:2752
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"94⤵PID:2852
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock95⤵PID:2032
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"96⤵PID:1704
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock97⤵PID:1636
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"98⤵PID:1524
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock99⤵PID:1652
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"100⤵PID:1620
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock101⤵PID:2476
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"102⤵PID:1532
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock103⤵PID:1264
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"104⤵PID:2676
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock105⤵PID:1944
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"106⤵PID:1220
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock107⤵PID:2076
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"108⤵PID:2108
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock109⤵PID:1448
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"110⤵PID:2072
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock111⤵PID:2792
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"112⤵PID:1484
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock113⤵PID:1980
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"114⤵PID:2440
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock115⤵PID:1052
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"116⤵PID:1356
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock117⤵PID:2444
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"118⤵PID:400
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock119⤵PID:2392
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"120⤵PID:2120
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock121⤵PID:1980
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"122⤵PID:2308
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock123⤵PID:2552
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"124⤵PID:1836
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock125⤵PID:2044
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"126⤵PID:624
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock127⤵PID:1212
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"128⤵PID:2268
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock129⤵PID:1688
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"130⤵PID:2348
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock131⤵PID:1984
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"132⤵PID:2764
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock133⤵PID:1424
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"134⤵PID:1884
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock135⤵PID:1472
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"136⤵PID:2124
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock137⤵PID:1576
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"138⤵PID:1208
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock139⤵PID:344
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"140⤵PID:1536
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock141⤵PID:1344
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"142⤵PID:2924
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock143⤵PID:1912
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"144⤵PID:2568
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock145⤵PID:2808
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"146⤵PID:2072
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock147⤵PID:764
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"148⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock149⤵PID:2584
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"150⤵PID:2080
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock151⤵PID:1504
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"152⤵PID:960
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock153⤵PID:1508
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"154⤵PID:2492
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock155⤵PID:1876
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"156⤵PID:1704
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock157⤵PID:2864
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"158⤵PID:1196
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock159⤵PID:1428
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"160⤵PID:1744
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock161⤵PID:1720
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"162⤵PID:1684
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock163⤵PID:2372
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"164⤵PID:2740
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock165⤵PID:1516
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"166⤵PID:2460
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock167⤵PID:2104
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"168⤵PID:1248
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock169⤵PID:960
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"170⤵PID:2008
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock171⤵PID:1968
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"172⤵PID:1752
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock173⤵PID:2836
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"174⤵PID:2128
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock175⤵PID:992
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"176⤵PID:2504
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock177⤵PID:1636
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"178⤵PID:3004
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock179⤵PID:2156
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"180⤵PID:2892
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock181⤵PID:3000
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"182⤵PID:2544
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock183⤵PID:1700
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"184⤵PID:2368
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock185⤵PID:624
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"186⤵PID:1884
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock187⤵PID:2640
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"188⤵PID:3056
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock189⤵PID:340
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"190⤵PID:1680
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock191⤵PID:1700
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"192⤵PID:2620
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock193⤵PID:1356
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"194⤵PID:992
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock195⤵PID:704
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"196⤵PID:2356
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock197⤵PID:1396
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"198⤵PID:2536
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock199⤵PID:2272
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"200⤵PID:2280
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock201⤵PID:664
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"202⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock203⤵PID:1452
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"204⤵PID:860
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock205⤵PID:2680
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"206⤵PID:1656
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock207⤵PID:1496
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"208⤵PID:1400
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock209⤵PID:580
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"210⤵PID:2476
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock211⤵PID:2696
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"212⤵PID:1652
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock213⤵PID:1560
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"214⤵PID:3044
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock215⤵PID:2588
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"216⤵PID:1236
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock217⤵PID:1052
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"218⤵PID:1448
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock219⤵PID:2924
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"220⤵PID:904
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock221⤵PID:3004
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"222⤵PID:1944
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock223⤵PID:2660
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"224⤵PID:1012
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock225⤵PID:2300
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"226⤵PID:1892
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock227⤵PID:1140
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"228⤵PID:2632
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock229⤵PID:1532
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"230⤵PID:1888
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock231⤵PID:2268
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"232⤵PID:1996
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock233⤵PID:2140
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"234⤵PID:1684
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock235⤵PID:1428
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"236⤵PID:2964
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock237⤵PID:960
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"238⤵PID:2412
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock239⤵PID:1484
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"240⤵PID:2312
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock241⤵PID:2900
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-14_bfbf738fd5d4247871b673a210d78ff0_virlock"242⤵PID:1196