Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18-10-2024 02:52
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
-
Size
243KB
-
MD5
84af33fba0ff37b9bb00f062370754b0
-
SHA1
ae8c1577f871f6d320d36f163d1b5eaaa16a21b9
-
SHA256
7e27f4605a99496865b95850d8ff85e34c06ee25bae1f415ff2fa9b713913700
-
SHA512
4c5c0d6928d3d59d35663ee7e35921e5014f3b06a4641bd69786cb3c180413ae09d282f4c926550b50338881e39581f274fba8bdc94a042891f0311a9505f947
-
SSDEEP
6144:x+CT6Ci9nV85itzrXo9/D2TdCDMvahgEULjAz67ispuLW40mO5:7l0V85itzrXo9yhCDbifjiNTT
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (76) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
WiUskMkw.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation WiUskMkw.exe -
Executes dropped EXE 2 IoCs
Processes:
WiUskMkw.exeoMcsEoMA.exepid process 4940 WiUskMkw.exe 4008 oMcsEoMA.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeWiUskMkw.exeoMcsEoMA.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WiUskMkw.exe = "C:\\Users\\Admin\\csEMkEgo\\WiUskMkw.exe" 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oMcsEoMA.exe = "C:\\ProgramData\\caEsYckY\\oMcsEoMA.exe" 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WiUskMkw.exe = "C:\\Users\\Admin\\csEMkEgo\\WiUskMkw.exe" WiUskMkw.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oMcsEoMA.exe = "C:\\ProgramData\\caEsYckY\\oMcsEoMA.exe" oMcsEoMA.exe -
Drops file in System32 directory 1 IoCs
Processes:
WiUskMkw.exedescription ioc process File created C:\Windows\SysWOW64\shell32.dll.exe WiUskMkw.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
cmd.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execmd.execmd.exereg.execmd.execmd.execmd.exereg.exereg.exereg.execmd.execmd.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exereg.exereg.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exereg.exereg.exereg.execmd.execscript.exereg.exereg.execmd.exereg.execmd.execmd.execmd.exereg.exereg.execscript.execscript.exereg.execscript.exereg.execmd.execmd.execscript.execscript.execmd.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execmd.exereg.exereg.exereg.execscript.exereg.execmd.exereg.execmd.exereg.exereg.execmd.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Modifies registry key 1 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exepid process 32 reg.exe 4464 reg.exe 4884 reg.exe 1376 reg.exe 4092 reg.exe 3456 reg.exe 1644 reg.exe 672 reg.exe 3964 reg.exe 2548 reg.exe 5060 2124 reg.exe 4640 reg.exe 3640 reg.exe 4644 reg.exe 2952 reg.exe 2404 1432 reg.exe 4168 reg.exe 1432 reg.exe 5072 3928 reg.exe 5060 reg.exe 5092 reg.exe 2000 reg.exe 3748 reg.exe 924 reg.exe 376 reg.exe 5052 reg.exe 2000 reg.exe 1236 reg.exe 232 reg.exe 2620 reg.exe 3572 reg.exe 1448 3748 3500 reg.exe 232 reg.exe 4112 reg.exe 2872 reg.exe 3928 reg.exe 3200 reg.exe 4476 reg.exe 1204 reg.exe 4232 reg.exe 3900 reg.exe 3472 reg.exe 4584 reg.exe 4612 reg.exe 320 reg.exe 1248 reg.exe 4476 reg.exe 1904 reg.exe 4588 reg.exe 4852 reg.exe 2452 4320 reg.exe 4752 reg.exe 3320 reg.exe 3028 reg.exe 2400 reg.exe 1984 reg.exe 1004 reg.exe 2884 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exepid process 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3028 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3028 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3028 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3028 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2808 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2808 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2808 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2808 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4640 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4640 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4640 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4640 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4472 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4472 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4472 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4472 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1692 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1692 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1692 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1692 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2804 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2804 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2804 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2804 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1072 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1072 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1072 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1072 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4456 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4456 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4456 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4456 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4600 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4600 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4600 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4600 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3844 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3844 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3844 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3844 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2444 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2444 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2444 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2444 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2520 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2520 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2520 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2520 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3564 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3564 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3564 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3564 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WiUskMkw.exepid process 4940 WiUskMkw.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
WiUskMkw.exepid process 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe 4940 WiUskMkw.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execmd.execmd.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execmd.execmd.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execmd.exedescription pid process target process PID 1968 wrote to memory of 4940 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe WiUskMkw.exe PID 1968 wrote to memory of 4940 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe WiUskMkw.exe PID 1968 wrote to memory of 4940 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe WiUskMkw.exe PID 1968 wrote to memory of 4008 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe oMcsEoMA.exe PID 1968 wrote to memory of 4008 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe oMcsEoMA.exe PID 1968 wrote to memory of 4008 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe oMcsEoMA.exe PID 1968 wrote to memory of 4704 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 1968 wrote to memory of 4704 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 1968 wrote to memory of 4704 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 4704 wrote to memory of 3120 4704 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 4704 wrote to memory of 3120 4704 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 4704 wrote to memory of 3120 4704 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 1968 wrote to memory of 1904 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 1968 wrote to memory of 1904 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 1968 wrote to memory of 1904 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 1968 wrote to memory of 4884 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 1968 wrote to memory of 4884 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 1968 wrote to memory of 4884 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 1968 wrote to memory of 4040 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 1968 wrote to memory of 4040 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 1968 wrote to memory of 4040 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 1968 wrote to memory of 3556 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 1968 wrote to memory of 3556 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 1968 wrote to memory of 3556 1968 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3556 wrote to memory of 3320 3556 cmd.exe cscript.exe PID 3556 wrote to memory of 3320 3556 cmd.exe cscript.exe PID 3556 wrote to memory of 3320 3556 cmd.exe cscript.exe PID 3120 wrote to memory of 3312 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3120 wrote to memory of 3312 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3120 wrote to memory of 3312 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3312 wrote to memory of 3736 3312 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 3312 wrote to memory of 3736 3312 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 3312 wrote to memory of 3736 3312 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 3120 wrote to memory of 4300 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3120 wrote to memory of 4300 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3120 wrote to memory of 4300 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3120 wrote to memory of 3508 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3120 wrote to memory of 3508 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3120 wrote to memory of 3508 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3120 wrote to memory of 2020 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3120 wrote to memory of 2020 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3120 wrote to memory of 2020 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3120 wrote to memory of 3528 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3120 wrote to memory of 3528 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3120 wrote to memory of 3528 3120 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3528 wrote to memory of 2216 3528 cmd.exe cscript.exe PID 3528 wrote to memory of 2216 3528 cmd.exe cscript.exe PID 3528 wrote to memory of 2216 3528 cmd.exe cscript.exe PID 3736 wrote to memory of 3108 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3736 wrote to memory of 3108 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3736 wrote to memory of 3108 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3108 wrote to memory of 3028 3108 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 3108 wrote to memory of 3028 3108 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 3108 wrote to memory of 3028 3108 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 3736 wrote to memory of 3416 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3736 wrote to memory of 3416 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3736 wrote to memory of 3416 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3736 wrote to memory of 5092 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3736 wrote to memory of 5092 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3736 wrote to memory of 5092 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3736 wrote to memory of 4904 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3736 wrote to memory of 4904 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3736 wrote to memory of 4904 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 3736 wrote to memory of 4172 3736 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Users\Admin\csEMkEgo\WiUskMkw.exe"C:\Users\Admin\csEMkEgo\WiUskMkw.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4940 -
C:\ProgramData\caEsYckY\oMcsEoMA.exe"C:\ProgramData\caEsYckY\oMcsEoMA.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4008 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:4704 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3120 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:3312 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3736 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"6⤵
- Suspicious use of WriteProcessMemory
PID:3108 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:3028 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"8⤵PID:4936
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:2808 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"10⤵PID:2876
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:4640 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"12⤵PID:4632
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:4472 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"14⤵PID:3628
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:1692 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"16⤵PID:3416
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:2804 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"18⤵PID:4612
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:1072 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"20⤵PID:1492
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"22⤵PID:4908
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:4600 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"24⤵PID:2976
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:3844 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"26⤵PID:2940
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:2444 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"28⤵PID:4168
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:2520 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"30⤵PID:1464
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:3564 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"32⤵PID:2020
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock33⤵PID:1048
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"34⤵PID:816
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock35⤵PID:2880
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"36⤵PID:2204
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock37⤵PID:4112
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"38⤵PID:3976
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock39⤵PID:4828
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"40⤵PID:2664
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock41⤵PID:4704
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"42⤵PID:3616
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock43⤵PID:2452
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"44⤵PID:540
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV145⤵PID:3760
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock45⤵
- System Location Discovery: System Language Discovery
PID:3844 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"46⤵PID:1164
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock47⤵PID:4440
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"48⤵PID:3500
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock49⤵PID:4692
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"50⤵PID:928
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock51⤵PID:3628
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"52⤵PID:716
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock53⤵PID:4404
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"54⤵PID:3748
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock55⤵PID:3692
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"56⤵PID:3820
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV157⤵PID:3276
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock57⤵PID:4964
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"58⤵PID:2396
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock59⤵PID:4588
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"60⤵PID:1732
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock61⤵PID:1868
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"62⤵PID:1448
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock63⤵PID:1076
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"64⤵PID:3704
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock65⤵PID:3092
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"66⤵PID:2104
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock67⤵PID:1740
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"68⤵PID:4464
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock69⤵PID:756
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"70⤵PID:4844
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock71⤵PID:3828
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"72⤵PID:4640
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock73⤵PID:4772
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"74⤵PID:2596
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock75⤵PID:3880
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"76⤵PID:1740
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock77⤵PID:412
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"78⤵PID:756
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock79⤵PID:3760
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"80⤵PID:1448
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock81⤵PID:3824
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"82⤵PID:3276
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock83⤵PID:2800
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"84⤵PID:1116
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock85⤵PID:1788
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"86⤵PID:3736
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock87⤵PID:1688
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"88⤵PID:4140
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock89⤵PID:1732
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"90⤵PID:4800
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV191⤵PID:3824
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock91⤵PID:1504
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"92⤵PID:3776
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock93⤵PID:716
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"94⤵PID:1224
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock95⤵PID:2204
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"96⤵PID:3736
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock97⤵PID:2876
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"98⤵PID:1852
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock99⤵
- System Location Discovery: System Language Discovery
PID:4540 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"100⤵PID:4412
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock101⤵PID:4844
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"102⤵PID:3512
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock103⤵PID:1736
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"104⤵PID:1076
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock105⤵PID:4904
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"106⤵PID:412
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock107⤵PID:3264
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"108⤵PID:3572
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock109⤵PID:1968
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"110⤵PID:712
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock111⤵PID:4400
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"112⤵PID:1492
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock113⤵PID:3736
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"114⤵PID:2304
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock115⤵PID:1280
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"116⤵PID:2916
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock117⤵PID:3968
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"118⤵PID:3916
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock119⤵PID:4456
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"120⤵PID:64
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock121⤵PID:1376
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"122⤵
- System Location Discovery: System Language Discovery
PID:1256 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock123⤵PID:3972
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"124⤵PID:1280
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1125⤵PID:3964
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock125⤵PID:3536
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"126⤵PID:4580
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock127⤵PID:2916
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"128⤵PID:1472
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock129⤵PID:2588
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"130⤵PID:3248
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1131⤵PID:1852
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock131⤵PID:3032
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"132⤵PID:3092
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock133⤵PID:1256
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"134⤵PID:3584
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock135⤵PID:4584
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"136⤵PID:4580
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock137⤵PID:4872
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"138⤵PID:1472
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock139⤵PID:448
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"140⤵PID:1444
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock141⤵
- System Location Discovery: System Language Discovery
PID:3128 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"142⤵PID:4448
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock143⤵PID:1864
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"144⤵PID:2972
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1145⤵PID:5052
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock145⤵PID:2664
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"146⤵PID:1968
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1147⤵PID:1272
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock147⤵PID:1684
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"148⤵PID:1112
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock149⤵PID:4476
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"150⤵PID:1432
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock151⤵
- System Location Discovery: System Language Discovery
PID:4872 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"152⤵PID:720
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock153⤵PID:5048
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"154⤵PID:2804
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1155⤵PID:1600
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock155⤵PID:4852
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"156⤵PID:2940
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock157⤵PID:4196
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"158⤵PID:4516
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock159⤵PID:868
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"160⤵
- System Location Discovery: System Language Discovery
PID:3608 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock161⤵PID:2400
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"162⤵PID:3736
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock163⤵PID:3972
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"164⤵
- System Location Discovery: System Language Discovery
PID:4580 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock165⤵PID:4352
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"166⤵PID:4840
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock167⤵PID:2596
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"168⤵
- System Location Discovery: System Language Discovery
PID:4516 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock169⤵PID:4076
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"170⤵PID:2544
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1171⤵PID:4852
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock171⤵PID:1852
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"172⤵PID:3528
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock173⤵PID:3704
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"174⤵PID:4140
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock175⤵PID:456
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"176⤵PID:2800
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock177⤵PID:3572
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"178⤵PID:2396
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock179⤵
- System Location Discovery: System Language Discovery
PID:516 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"180⤵PID:4752
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock181⤵PID:3828
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"182⤵PID:5072
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock183⤵PID:4600
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"184⤵PID:2596
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock185⤵PID:1112
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"186⤵PID:4196
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock187⤵PID:4432
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"188⤵PID:2460
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock189⤵PID:3748
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"190⤵
- System Location Discovery: System Language Discovery
PID:2272 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock191⤵PID:2784
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"192⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock193⤵PID:4292
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"194⤵PID:4872
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock195⤵PID:844
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"196⤵PID:4756
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock197⤵PID:1272
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"198⤵
- System Location Discovery: System Language Discovery
PID:2940 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock199⤵PID:3416
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"200⤵PID:928
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock201⤵PID:2124
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"202⤵PID:2620
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock203⤵PID:4412
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"204⤵PID:4104
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1205⤵PID:3032
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock205⤵PID:2008
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"206⤵PID:4516
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock207⤵PID:3232
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"208⤵PID:4440
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1209⤵PID:3608
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock209⤵PID:4320
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"210⤵PID:2392
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1211⤵PID:1504
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock211⤵PID:1552
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"212⤵PID:3108
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock213⤵PID:3572
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"214⤵PID:516
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock215⤵PID:3820
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"216⤵PID:64
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1217⤵PID:1112
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock217⤵PID:2400
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"218⤵PID:5084
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1219⤵PID:428
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock219⤵PID:448
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"220⤵PID:3216
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock221⤵PID:2652
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"222⤵PID:3696
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock223⤵PID:712
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"224⤵PID:1112
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock225⤵PID:4140
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"226⤵PID:1376
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock227⤵PID:1880
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"228⤵PID:1460
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1229⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock229⤵PID:5032
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"230⤵PID:4464
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1231⤵PID:456
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock231⤵PID:448
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"232⤵PID:1968
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock233⤵PID:4700
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"234⤵PID:5060
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock235⤵PID:3020
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"236⤵PID:1684
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock237⤵PID:2944
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"238⤵PID:3752
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock239⤵PID:4588
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"240⤵PID:4352
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock241⤵PID:2596
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"242⤵PID:2784