Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18-10-2024 02:55
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
-
Size
243KB
-
MD5
84af33fba0ff37b9bb00f062370754b0
-
SHA1
ae8c1577f871f6d320d36f163d1b5eaaa16a21b9
-
SHA256
7e27f4605a99496865b95850d8ff85e34c06ee25bae1f415ff2fa9b713913700
-
SHA512
4c5c0d6928d3d59d35663ee7e35921e5014f3b06a4641bd69786cb3c180413ae09d282f4c926550b50338881e39581f274fba8bdc94a042891f0311a9505f947
-
SSDEEP
6144:x+CT6Ci9nV85itzrXo9/D2TdCDMvahgEULjAz67ispuLW40mO5:7l0V85itzrXo9yhCDbifjiNTT
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Renames multiple (81) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Blocklisted process makes network request 2 IoCs
Processes:
flow pid process 50 1852 52 1852 -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
GeYMccsM.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation GeYMccsM.exe -
Executes dropped EXE 2 IoCs
Processes:
CmkosAYM.exeGeYMccsM.exepid process 1088 CmkosAYM.exe 2632 GeYMccsM.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeGeYMccsM.exeCmkosAYM.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CmkosAYM.exe = "C:\\Users\\Admin\\dokcgYQU\\CmkosAYM.exe" 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GeYMccsM.exe = "C:\\ProgramData\\MIAgEkwU\\GeYMccsM.exe" 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GeYMccsM.exe = "C:\\ProgramData\\MIAgEkwU\\GeYMccsM.exe" GeYMccsM.exe Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CmkosAYM.exe = "C:\\Users\\Admin\\dokcgYQU\\CmkosAYM.exe" CmkosAYM.exe -
Drops file in System32 directory 2 IoCs
Processes:
GeYMccsM.exedescription ioc process File created C:\Windows\SysWOW64\shell32.dll.exe GeYMccsM.exe File opened for modification C:\Windows\SysWOW64\shell32.dll.exe GeYMccsM.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
cmd.exereg.exereg.execmd.exereg.execscript.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exereg.exereg.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exereg.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exereg.exereg.execmd.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execscript.exereg.execmd.exereg.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execmd.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exereg.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exereg.execscript.execmd.exereg.execmd.exereg.execmd.exereg.execmd.execscript.execmd.exereg.exereg.execmd.exereg.execmd.exereg.execmd.execmd.execmd.exereg.execmd.execscript.exereg.exereg.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe -
Modifies registry key 1 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exepid process 4500 reg.exe 4672 reg.exe 2396 reg.exe 644 reg.exe 4296 reg.exe 1876 reg.exe 4416 reg.exe 4060 reg.exe 4124 reg.exe 1728 reg.exe 4624 reg.exe 3936 5012 reg.exe 4908 reg.exe 3692 reg.exe 3620 reg.exe 4312 reg.exe 1612 reg.exe 2944 reg.exe 1512 reg.exe 3648 reg.exe 844 reg.exe 3956 reg.exe 3484 reg.exe 2800 4576 reg.exe 3172 3704 reg.exe 3524 reg.exe 3900 reg.exe 1728 reg.exe 4592 reg.exe 780 reg.exe 3940 reg.exe 4764 reg.exe 4204 reg.exe 1912 reg.exe 1856 reg.exe 3800 reg.exe 2852 reg.exe 4296 reg.exe 3432 reg.exe 2604 reg.exe 116 4552 reg.exe 844 reg.exe 3904 reg.exe 3180 reg.exe 3764 4592 reg.exe 3340 reg.exe 4612 reg.exe 3504 reg.exe 3520 reg.exe 3512 reg.exe 3180 reg.exe 1620 reg.exe 4880 reg.exe 3764 2280 reg.exe 5008 reg.exe 1516 reg.exe 1256 reg.exe 3516 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exepid process 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4264 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4264 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4264 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4264 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2216 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2216 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2216 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2216 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2784 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2784 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2784 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2784 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3868 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3868 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3868 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3868 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 5040 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 5040 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 5040 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 5040 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 220 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 220 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 220 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 220 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2100 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2100 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2100 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2100 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4192 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4192 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4192 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4192 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1160 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1160 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1160 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 1160 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2920 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2920 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2920 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 2920 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 372 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 372 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 372 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 372 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4760 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4760 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4760 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 4760 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3644 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3644 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3644 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe 3644 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
GeYMccsM.exepid process 2632 GeYMccsM.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
GeYMccsM.exepid process 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe 2632 GeYMccsM.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execmd.execmd.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execmd.execmd.exe2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.execmd.exedescription pid process target process PID 4656 wrote to memory of 1088 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe CmkosAYM.exe PID 4656 wrote to memory of 1088 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe CmkosAYM.exe PID 4656 wrote to memory of 1088 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe CmkosAYM.exe PID 4656 wrote to memory of 2632 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe GeYMccsM.exe PID 4656 wrote to memory of 2632 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe GeYMccsM.exe PID 4656 wrote to memory of 2632 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe GeYMccsM.exe PID 4656 wrote to memory of 3888 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 4656 wrote to memory of 3888 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 4656 wrote to memory of 3888 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 4656 wrote to memory of 1904 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4656 wrote to memory of 1904 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4656 wrote to memory of 1904 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4656 wrote to memory of 4296 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4656 wrote to memory of 4296 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4656 wrote to memory of 4296 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4656 wrote to memory of 3704 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4656 wrote to memory of 3704 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4656 wrote to memory of 3704 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4656 wrote to memory of 1816 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 4656 wrote to memory of 1816 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 4656 wrote to memory of 1816 4656 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3888 wrote to memory of 4880 3888 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 3888 wrote to memory of 4880 3888 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 3888 wrote to memory of 4880 3888 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 1816 wrote to memory of 4676 1816 cmd.exe cscript.exe PID 1816 wrote to memory of 4676 1816 cmd.exe cscript.exe PID 1816 wrote to memory of 4676 1816 cmd.exe cscript.exe PID 4880 wrote to memory of 3760 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 4880 wrote to memory of 3760 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 4880 wrote to memory of 3760 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3760 wrote to memory of 4828 3760 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 3760 wrote to memory of 4828 3760 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 3760 wrote to memory of 4828 3760 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 4880 wrote to memory of 4896 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4880 wrote to memory of 4896 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4880 wrote to memory of 4896 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4880 wrote to memory of 3516 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4880 wrote to memory of 3516 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4880 wrote to memory of 3516 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4880 wrote to memory of 1728 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4880 wrote to memory of 1728 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4880 wrote to memory of 1728 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4880 wrote to memory of 3172 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 4880 wrote to memory of 3172 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 4880 wrote to memory of 3172 4880 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 3172 wrote to memory of 4932 3172 cmd.exe cscript.exe PID 3172 wrote to memory of 4932 3172 cmd.exe cscript.exe PID 3172 wrote to memory of 4932 3172 cmd.exe cscript.exe PID 4828 wrote to memory of 5036 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 4828 wrote to memory of 5036 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 4828 wrote to memory of 5036 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe PID 5036 wrote to memory of 4264 5036 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 5036 wrote to memory of 4264 5036 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 5036 wrote to memory of 4264 5036 cmd.exe 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe PID 4828 wrote to memory of 372 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4828 wrote to memory of 372 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4828 wrote to memory of 372 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4828 wrote to memory of 3304 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4828 wrote to memory of 3304 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4828 wrote to memory of 3304 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4828 wrote to memory of 4472 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4828 wrote to memory of 4472 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4828 wrote to memory of 4472 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe reg.exe PID 4828 wrote to memory of 4060 4828 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4656 -
C:\Users\Admin\dokcgYQU\CmkosAYM.exe"C:\Users\Admin\dokcgYQU\CmkosAYM.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1088 -
C:\ProgramData\MIAgEkwU\GeYMccsM.exe"C:\ProgramData\MIAgEkwU\GeYMccsM.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2632 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:3888 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4880 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:3760 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4828 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"6⤵
- Suspicious use of WriteProcessMemory
PID:5036 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
PID:4264 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"8⤵PID:2916
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:2216 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"10⤵
- System Location Discovery: System Language Discovery
PID:1984 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:2784 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"12⤵PID:4624
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
PID:3868 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"14⤵PID:4892
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:5040 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"16⤵PID:4904
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:220 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"18⤵PID:4060
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:2100 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"20⤵PID:1904
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:4192 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"22⤵PID:1684
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1160 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"24⤵PID:2108
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
PID:2920 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"26⤵PID:3152
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
PID:372 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"28⤵PID:4840
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
PID:4760 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"30⤵PID:4796
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:3644 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"32⤵PID:4984
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock33⤵PID:3052
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"34⤵PID:4672
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock35⤵PID:2252
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"36⤵PID:3096
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV137⤵PID:3152
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock37⤵PID:4072
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"38⤵PID:4044
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock39⤵PID:3928
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"40⤵PID:4976
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock41⤵PID:3836
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"42⤵PID:3432
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock43⤵PID:1628
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"44⤵PID:4756
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock45⤵PID:2108
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"46⤵PID:4568
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock47⤵PID:3612
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"48⤵PID:1364
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock49⤵PID:4824
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"50⤵PID:8
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock51⤵PID:820
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"52⤵PID:3192
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV153⤵PID:1628
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock53⤵PID:1988
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"54⤵PID:2784
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock55⤵PID:2236
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"56⤵PID:4480
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock57⤵PID:1580
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"58⤵PID:4196
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock59⤵PID:4172
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"60⤵PID:2104
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock61⤵PID:3472
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"62⤵PID:64
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock63⤵PID:2336
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"64⤵PID:3292
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock65⤵PID:4868
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"66⤵PID:3112
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock67⤵PID:3652
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"68⤵PID:852
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock69⤵PID:1856
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"70⤵PID:1920
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock71⤵PID:4964
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"72⤵PID:3436
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock73⤵PID:3636
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"74⤵PID:3012
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock75⤵PID:3448
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"76⤵PID:840
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock77⤵PID:4516
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"78⤵PID:4920
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock79⤵PID:4468
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"80⤵
- System Location Discovery: System Language Discovery
PID:4404 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock81⤵PID:3572
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"82⤵PID:2792
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock83⤵
- System Location Discovery: System Language Discovery
PID:2216 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"84⤵PID:1168
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock85⤵PID:4048
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"86⤵PID:4328
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock87⤵PID:3576
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"88⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock89⤵PID:1008
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"90⤵PID:3692
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock91⤵PID:1072
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"92⤵
- System Location Discovery: System Language Discovery
PID:4760 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock93⤵PID:4480
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"94⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock95⤵PID:4804
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"96⤵PID:4796
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock97⤵PID:4672
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"98⤵PID:3604
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock99⤵PID:4612
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"100⤵
- System Location Discovery: System Language Discovery
PID:1980 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock101⤵PID:2296
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"102⤵PID:4948
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock103⤵PID:4808
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"104⤵PID:2712
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock105⤵PID:4400
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"106⤵PID:776
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock107⤵PID:4824
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"108⤵PID:3904
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock109⤵PID:3720
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"110⤵PID:4872
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock111⤵PID:2164
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"112⤵PID:4044
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock113⤵PID:1680
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"114⤵PID:1308
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock115⤵PID:2712
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"116⤵PID:4612
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock117⤵PID:4828
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"118⤵PID:3524
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock119⤵PID:3472
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"120⤵PID:1980
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock121⤵PID:4948
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"122⤵PID:556
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock123⤵PID:4416
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"124⤵PID:2712
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock125⤵PID:208
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"126⤵
- System Location Discovery: System Language Discovery
PID:8 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock127⤵PID:2920
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"128⤵PID:2440
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock129⤵PID:3572
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"130⤵PID:4816
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock131⤵
- System Location Discovery: System Language Discovery
PID:4880 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"132⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock133⤵PID:4044
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"134⤵PID:4280
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock135⤵
- System Location Discovery: System Language Discovery
PID:1920 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"136⤵PID:4628
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock137⤵PID:8
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"138⤵PID:3388
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock139⤵PID:3532
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"140⤵PID:4052
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock141⤵PID:1524
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"142⤵PID:2100
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock143⤵PID:3716
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"144⤵PID:4916
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock145⤵PID:2884
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"146⤵PID:4080
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock147⤵
- System Location Discovery: System Language Discovery
PID:3484 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"148⤵PID:4468
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock149⤵PID:3468
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"150⤵PID:4052
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock151⤵PID:3932
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"152⤵PID:4172
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock153⤵PID:1008
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"154⤵PID:4688
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock155⤵PID:4100
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"156⤵PID:1484
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock157⤵PID:3436
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"158⤵PID:4680
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock159⤵
- System Location Discovery: System Language Discovery
PID:4608 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"160⤵
- System Location Discovery: System Language Discovery
PID:4560 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock161⤵PID:1416
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"162⤵PID:4572
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock163⤵PID:1988
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"164⤵
- System Location Discovery: System Language Discovery
PID:1096 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock165⤵PID:1896
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"166⤵PID:3900
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock167⤵
- System Location Discovery: System Language Discovery
PID:3956 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"168⤵PID:1396
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock169⤵PID:1272
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"170⤵PID:3484
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock171⤵PID:4560
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"172⤵PID:4068
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock173⤵PID:3192
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"174⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock175⤵PID:2944
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"176⤵PID:4832
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock177⤵PID:5012
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"178⤵PID:4920
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock179⤵PID:4680
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"180⤵PID:388
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock181⤵
- System Location Discovery: System Language Discovery
PID:220 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"182⤵PID:3716
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock183⤵PID:4608
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"184⤵PID:2828
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock185⤵PID:4040
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"186⤵PID:3632
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock187⤵PID:4680
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"188⤵PID:2024
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock189⤵PID:2264
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"190⤵PID:4316
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock191⤵PID:3828
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"192⤵PID:3864
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock193⤵PID:2268
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"194⤵
- System Location Discovery: System Language Discovery
PID:3012 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock195⤵PID:2396
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"196⤵PID:2832
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock197⤵
- System Location Discovery: System Language Discovery
PID:4764 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"198⤵PID:4468
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock199⤵PID:556
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"200⤵PID:372
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock201⤵PID:4564
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"202⤵PID:1580
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock203⤵PID:4416
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"204⤵PID:3632
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock205⤵PID:1688
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"206⤵PID:220
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock207⤵PID:1620
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"208⤵PID:3600
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock209⤵PID:4480
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"210⤵PID:2608
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock211⤵PID:1880
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"212⤵PID:1728
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1213⤵PID:1972
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock213⤵PID:2252
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"214⤵PID:640
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock215⤵PID:2832
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"216⤵PID:4840
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock217⤵PID:2700
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"218⤵PID:1004
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock219⤵PID:4652
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"220⤵PID:4060
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock221⤵PID:1072
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"222⤵PID:3704
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock223⤵PID:2052
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"224⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock225⤵PID:3472
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"226⤵PID:1168
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock227⤵PID:4652
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"228⤵PID:2204
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock229⤵
- System Location Discovery: System Language Discovery
PID:3064 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"230⤵PID:4172
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock231⤵PID:2192
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"232⤵
- System Location Discovery: System Language Discovery
PID:5004 -
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock233⤵PID:3112
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"234⤵PID:220
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock235⤵PID:5008
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"236⤵PID:1856
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock237⤵PID:4624
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"238⤵PID:1904
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock239⤵PID:2792
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"240⤵PID:2944
-
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock241⤵PID:2052
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"242⤵PID:4840