Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
18-10-2024 02:55
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
-
Size
243KB
-
MD5
84af33fba0ff37b9bb00f062370754b0
-
SHA1
ae8c1577f871f6d320d36f163d1b5eaaa16a21b9
-
SHA256
7e27f4605a99496865b95850d8ff85e34c06ee25bae1f415ff2fa9b713913700
-
SHA512
4c5c0d6928d3d59d35663ee7e35921e5014f3b06a4641bd69786cb3c180413ae09d282f4c926550b50338881e39581f274fba8bdc94a042891f0311a9505f947
-
SSDEEP
6144:x+CT6Ci9nV85itzrXo9/D2TdCDMvahgEULjAz67ispuLW40mO5:7l0V85itzrXo9yhCDbifjiNTT
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (56) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
uYwUQQAA.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation uYwUQQAA.exe -
Executes dropped EXE 2 IoCs
Processes:
tOAIAYQc.exeuYwUQQAA.exepid process 2728 tOAIAYQc.exe 2684 uYwUQQAA.exe -
Loads dropped DLL 20 IoCs
Processes:
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeuYwUQQAA.exepid process 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeuYwUQQAA.exetOAIAYQc.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\tOAIAYQc.exe = "C:\\Users\\Admin\\fyowAIAA\\tOAIAYQc.exe" 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uYwUQQAA.exe = "C:\\ProgramData\\oyswggAA\\uYwUQQAA.exe" 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uYwUQQAA.exe = "C:\\ProgramData\\oyswggAA\\uYwUQQAA.exe" uYwUQQAA.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\tOAIAYQc.exe = "C:\\Users\\Admin\\fyowAIAA\\tOAIAYQc.exe" tOAIAYQc.exe -
Drops file in Windows directory 1 IoCs
Processes:
uYwUQQAA.exedescription ioc process File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico uYwUQQAA.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
cmd.execmd.execmd.execscript.exereg.exereg.execscript.execmd.exereg.execscript.exereg.execmd.execmd.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exereg.execmd.exereg.execscript.exereg.execmd.execmd.execmd.execscript.execscript.execmd.exereg.exereg.execscript.exereg.exereg.execmd.execmd.execscript.exereg.execscript.exereg.execscript.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execmd.exereg.exereg.execmd.exereg.exereg.exereg.exereg.execscript.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exereg.exereg.exereg.exereg.execmd.execscript.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exereg.exereg.exereg.exereg.execmd.exereg.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exereg.exereg.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe -
Modifies registry key 1 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exepid process 1868 reg.exe 1868 reg.exe 2204 reg.exe 2284 reg.exe 2732 reg.exe 2260 reg.exe 2532 reg.exe 2484 reg.exe 2224 reg.exe 2776 reg.exe 2284 reg.exe 824 reg.exe 1684 reg.exe 2160 reg.exe 1764 reg.exe 2208 reg.exe 2364 reg.exe 2160 reg.exe 2708 reg.exe 1324 reg.exe 924 reg.exe 2732 reg.exe 1536 reg.exe 1664 reg.exe 592 reg.exe 2784 reg.exe 2976 reg.exe 1488 reg.exe 1528 reg.exe 2184 reg.exe 2440 reg.exe 2204 reg.exe 1804 reg.exe 2604 reg.exe 2364 reg.exe 2748 reg.exe 848 reg.exe 2860 reg.exe 448 reg.exe 2620 reg.exe 2924 reg.exe 1120 reg.exe 2652 reg.exe 1688 reg.exe 2384 reg.exe 3060 reg.exe 856 reg.exe 2120 reg.exe 2744 reg.exe 624 reg.exe 1780 reg.exe 1356 reg.exe 2228 reg.exe 1480 reg.exe 2856 reg.exe 2888 reg.exe 2624 reg.exe 2872 reg.exe 2540 reg.exe 2360 reg.exe 1756 reg.exe 2920 reg.exe 1760 reg.exe 1264 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exepid process 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1740 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1740 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1768 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1768 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2272 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2272 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1668 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1668 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1864 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1864 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2164 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2164 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2920 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2920 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 380 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 380 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2460 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2460 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2092 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2092 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 324 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 324 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 584 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 584 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2188 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2188 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2388 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2388 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2932 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2932 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2624 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2624 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 408 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 408 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2356 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2356 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1480 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1480 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1600 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1600 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2876 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2876 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2928 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2928 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 536 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 536 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2136 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2136 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1852 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1852 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 604 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 604 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 868 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 868 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 856 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 856 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
uYwUQQAA.exepid process 2684 uYwUQQAA.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
uYwUQQAA.exepid process 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe 2684 uYwUQQAA.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execmd.execmd.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execmd.execmd.exedescription pid process target process PID 2268 wrote to memory of 2728 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe tOAIAYQc.exe PID 2268 wrote to memory of 2728 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe tOAIAYQc.exe PID 2268 wrote to memory of 2728 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe tOAIAYQc.exe PID 2268 wrote to memory of 2728 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe tOAIAYQc.exe PID 2268 wrote to memory of 2684 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe uYwUQQAA.exe PID 2268 wrote to memory of 2684 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe uYwUQQAA.exe PID 2268 wrote to memory of 2684 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe uYwUQQAA.exe PID 2268 wrote to memory of 2684 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe uYwUQQAA.exe PID 2268 wrote to memory of 2752 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2268 wrote to memory of 2752 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2268 wrote to memory of 2752 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2268 wrote to memory of 2752 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2752 wrote to memory of 2772 2752 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 2752 wrote to memory of 2772 2752 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 2752 wrote to memory of 2772 2752 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 2752 wrote to memory of 2772 2752 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 2268 wrote to memory of 2908 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2268 wrote to memory of 2908 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2268 wrote to memory of 2908 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2268 wrote to memory of 2908 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2268 wrote to memory of 2748 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2268 wrote to memory of 2748 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2268 wrote to memory of 2748 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2268 wrote to memory of 2748 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2268 wrote to memory of 2716 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2268 wrote to memory of 2716 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2268 wrote to memory of 2716 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2268 wrote to memory of 2716 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2268 wrote to memory of 2568 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2268 wrote to memory of 2568 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2268 wrote to memory of 2568 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2268 wrote to memory of 2568 2268 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2568 wrote to memory of 2336 2568 cmd.exe cscript.exe PID 2568 wrote to memory of 2336 2568 cmd.exe cscript.exe PID 2568 wrote to memory of 2336 2568 cmd.exe cscript.exe PID 2568 wrote to memory of 2336 2568 cmd.exe cscript.exe PID 2772 wrote to memory of 2108 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2772 wrote to memory of 2108 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2772 wrote to memory of 2108 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2772 wrote to memory of 2108 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2108 wrote to memory of 1740 2108 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 2108 wrote to memory of 1740 2108 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 2108 wrote to memory of 1740 2108 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 2108 wrote to memory of 1740 2108 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 2772 wrote to memory of 2924 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2772 wrote to memory of 2924 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2772 wrote to memory of 2924 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2772 wrote to memory of 2924 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2772 wrote to memory of 2288 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2772 wrote to memory of 2288 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2772 wrote to memory of 2288 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2772 wrote to memory of 2288 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2772 wrote to memory of 1632 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2772 wrote to memory of 1632 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2772 wrote to memory of 1632 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2772 wrote to memory of 1632 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 2772 wrote to memory of 2788 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2772 wrote to memory of 2788 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2772 wrote to memory of 2788 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2772 wrote to memory of 2788 2772 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 2788 wrote to memory of 2892 2788 cmd.exe cscript.exe PID 2788 wrote to memory of 2892 2788 cmd.exe cscript.exe PID 2788 wrote to memory of 2892 2788 cmd.exe cscript.exe PID 2788 wrote to memory of 2892 2788 cmd.exe cscript.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Users\Admin\fyowAIAA\tOAIAYQc.exe"C:\Users\Admin\fyowAIAA\tOAIAYQc.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2728 -
C:\ProgramData\oyswggAA\uYwUQQAA.exe"C:\ProgramData\oyswggAA\uYwUQQAA.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2684 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2772 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
PID:1740 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"6⤵PID:2472
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:1768 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"8⤵PID:2016
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:2272 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"10⤵PID:1460
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:1668 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"12⤵PID:1772
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:1864 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"14⤵PID:1892
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2164 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"16⤵PID:1632
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:2920 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"18⤵PID:1804
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:380 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"20⤵PID:2780
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:2460 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"22⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"24⤵PID:1968
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:324 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"26⤵PID:552
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:584 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"28⤵PID:1020
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:2188 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"30⤵PID:2360
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:2388 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"32⤵PID:2140
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2932 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"34⤵PID:2488
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock35⤵
- Suspicious behavior: EnumeratesProcesses
PID:656 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"36⤵PID:2716
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock37⤵
- Suspicious behavior: EnumeratesProcesses
PID:2624 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"38⤵PID:2756
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock39⤵
- Suspicious behavior: EnumeratesProcesses
PID:408 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"40⤵PID:2288
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock41⤵
- Suspicious behavior: EnumeratesProcesses
PID:2356 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"42⤵PID:2472
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock43⤵
- Suspicious behavior: EnumeratesProcesses
PID:1480 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"44⤵PID:2152
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock45⤵
- Suspicious behavior: EnumeratesProcesses
PID:1600 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"46⤵
- System Location Discovery: System Language Discovery
PID:2540 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock47⤵
- Suspicious behavior: EnumeratesProcesses
PID:2876 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"48⤵PID:2752
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock49⤵
- Suspicious behavior: EnumeratesProcesses
PID:2928 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"50⤵PID:2716
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock51⤵
- Suspicious behavior: EnumeratesProcesses
PID:536 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"52⤵PID:2924
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock53⤵
- Suspicious behavior: EnumeratesProcesses
PID:2136 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"54⤵PID:1688
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock55⤵
- Suspicious behavior: EnumeratesProcesses
PID:1852 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"56⤵PID:1464
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock57⤵
- Suspicious behavior: EnumeratesProcesses
PID:1656 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"58⤵PID:1756
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock59⤵
- Suspicious behavior: EnumeratesProcesses
PID:604 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"60⤵PID:1984
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock61⤵
- Suspicious behavior: EnumeratesProcesses
PID:868 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"62⤵
- System Location Discovery: System Language Discovery
PID:1192 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock63⤵
- Suspicious behavior: EnumeratesProcesses
PID:856 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"64⤵PID:1212
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock65⤵PID:1288
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"66⤵PID:1896
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock67⤵PID:2536
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"68⤵PID:1652
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock69⤵PID:2620
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"70⤵PID:1752
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock71⤵PID:324
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"72⤵PID:2204
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock73⤵PID:2888
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"74⤵PID:2716
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock75⤵PID:1836
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"76⤵PID:380
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock77⤵
- System Location Discovery: System Language Discovery
PID:560 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"78⤵PID:844
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock79⤵PID:2472
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"80⤵PID:1324
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock81⤵PID:1228
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"82⤵
- System Location Discovery: System Language Discovery
PID:2620 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock83⤵PID:396
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"84⤵PID:2164
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock85⤵PID:1752
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"86⤵PID:1616
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock87⤵PID:3056
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"88⤵PID:2076
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock89⤵PID:924
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"90⤵PID:2340
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock91⤵PID:380
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"92⤵PID:1732
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock93⤵PID:1644
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"94⤵PID:1748
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock95⤵PID:1144
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"96⤵PID:1216
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock97⤵PID:1760
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"98⤵PID:2856
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock99⤵PID:1444
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"100⤵PID:2428
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock101⤵PID:2796
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"102⤵PID:2340
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock103⤵PID:1656
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"104⤵PID:956
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock105⤵PID:1796
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"106⤵PID:792
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock107⤵PID:1700
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"108⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock109⤵PID:320
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"110⤵PID:1664
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock111⤵PID:536
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"112⤵PID:1608
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock113⤵PID:2380
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"114⤵PID:1416
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock115⤵PID:1960
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"116⤵PID:832
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock117⤵PID:1356
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"118⤵PID:2616
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock119⤵PID:396
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"120⤵PID:2420
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock121⤵PID:2084
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"122⤵PID:1760
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock123⤵PID:2444
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"124⤵PID:3012
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock125⤵PID:2532
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"126⤵
- System Location Discovery: System Language Discovery
PID:2156 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock127⤵PID:2588
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"128⤵PID:2500
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock129⤵PID:2368
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"130⤵
- System Location Discovery: System Language Discovery
PID:1652 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock131⤵
- System Location Discovery: System Language Discovery
PID:2896 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"132⤵PID:2112
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock133⤵PID:848
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"134⤵PID:2144
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock135⤵PID:1524
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"136⤵PID:2848
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock137⤵PID:1592
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"138⤵PID:1464
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock139⤵PID:1084
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"140⤵PID:2072
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock141⤵PID:408
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"142⤵PID:2476
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock143⤵PID:1544
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"144⤵PID:2968
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock145⤵PID:2248
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"146⤵PID:2160
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock147⤵PID:2420
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"148⤵PID:1616
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock149⤵PID:2472
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"150⤵PID:2572
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock151⤵PID:1756
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"152⤵PID:992
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock153⤵PID:2164
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"154⤵PID:2536
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock155⤵PID:2352
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"156⤵PID:2332
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock157⤵PID:1460
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"158⤵PID:2444
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock159⤵PID:1476
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"160⤵PID:2356
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock161⤵PID:1740
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"162⤵
- System Location Discovery: System Language Discovery
PID:2208 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock163⤵PID:1972
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"164⤵PID:1460
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock165⤵PID:1952
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"166⤵PID:1356
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock167⤵
- System Location Discovery: System Language Discovery
PID:2236 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"168⤵PID:2092
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock169⤵PID:1856
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"170⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock171⤵PID:1496
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"172⤵PID:2192
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock173⤵
- System Location Discovery: System Language Discovery
PID:2436 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"174⤵
- System Location Discovery: System Language Discovery
PID:1852 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock175⤵PID:852
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"176⤵PID:2212
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock177⤵PID:2604
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"178⤵PID:1748
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock179⤵PID:1464
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"180⤵PID:2772
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock181⤵PID:1288
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"182⤵PID:2112
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock183⤵PID:2236
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"184⤵PID:1864
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock185⤵PID:2788
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"186⤵PID:2484
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock187⤵PID:2368
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"188⤵PID:1760
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock189⤵PID:2176
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"190⤵PID:2000
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock191⤵PID:1872
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"192⤵PID:2036
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock193⤵PID:2172
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"194⤵PID:2324
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock195⤵PID:2332
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"196⤵PID:780
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock197⤵PID:1324
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"198⤵PID:1156
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock199⤵PID:1368
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"200⤵PID:2620
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock201⤵PID:2748
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"202⤵PID:988
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock203⤵PID:2252
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"204⤵PID:2436
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock205⤵PID:1752
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"206⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock207⤵PID:3004
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"208⤵PID:1696
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock209⤵PID:848
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"210⤵PID:2780
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock211⤵PID:1836
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"212⤵PID:2176
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock213⤵PID:320
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"214⤵
- System Location Discovery: System Language Discovery
PID:2520 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock215⤵PID:624
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"216⤵PID:560
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock217⤵PID:2572
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"218⤵PID:2160
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock219⤵PID:2720
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"220⤵
- System Location Discovery: System Language Discovery
PID:2088 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock221⤵PID:1204
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"222⤵PID:2740
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock223⤵PID:976
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"224⤵PID:1544
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock225⤵PID:2704
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"226⤵PID:2352
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock227⤵PID:2596
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"228⤵PID:2436
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock229⤵
- System Location Discovery: System Language Discovery
PID:1272 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"230⤵PID:2244
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock231⤵PID:1856
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"232⤵PID:1852
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock233⤵PID:1656
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"234⤵PID:2560
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock235⤵PID:2476
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"236⤵PID:1872
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock237⤵PID:1616
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"238⤵PID:896
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock239⤵PID:1480
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"240⤵PID:2480
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock241⤵PID:1688
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"242⤵PID:2100