Analysis
-
max time kernel
16s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
20-10-2024 01:47
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
-
Size
229KB
-
MD5
287891c31c75c7a8b313b66742f4bb4e
-
SHA1
e93f66aeddacd31b596e39dca41dbb3ff140ba68
-
SHA256
8ebba18732ca21d3a0df3c5cad95cf867de57ee57a1898e82bdf25ab1865f23d
-
SHA512
7cd8359debca9232939eeb1a0ff60fd015c19e99b1688cf9b88fd399ae3e0c1ba4c9c21c77ad744f68c8f3c3e2d5915db9195c1aafb1b72855248d52e2675a2b
-
SSDEEP
3072:7+VqqIAJ7mLUUl1mDLEdQJBrTPO84J8LyTv3qfh3OiBQIJF4LInNo1ID2Hpm:yVqdspBrLO84J8Lyruh3OhtMNo1I6Jm
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 55 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" reg.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Executes dropped EXE 2 IoCs
pid Process 1300 UKMsskQE.exe 2600 qwIscQwA.exe -
Loads dropped DLL 8 IoCs
pid Process 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1300 UKMsskQE.exe 1300 UKMsskQE.exe 1300 UKMsskQE.exe 1300 UKMsskQE.exe -
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\UKMsskQE.exe = "C:\\Users\\Admin\\NmkcgsMc\\UKMsskQE.exe" UKMsskQE.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\qwIscQwA.exe = "C:\\ProgramData\\wSIQkMEU\\qwIscQwA.exe" qwIscQwA.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\UKMsskQE.exe = "C:\\Users\\Admin\\NmkcgsMc\\UKMsskQE.exe" 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\qwIscQwA.exe = "C:\\ProgramData\\wSIQkMEU\\qwIscQwA.exe" 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language UKMsskQE.exe -
Modifies registry key 1 TTPs 64 IoCs
pid Process 1736 reg.exe 1548 reg.exe 2844 reg.exe 2396 reg.exe 1736 reg.exe 436 reg.exe 1072 reg.exe 2312 reg.exe 2816 reg.exe 1028 reg.exe 1816 reg.exe 2096 reg.exe 3004 reg.exe 2088 reg.exe 1852 reg.exe 2924 reg.exe 964 reg.exe 1164 reg.exe 2740 reg.exe 2300 reg.exe 2904 reg.exe 2196 reg.exe 2316 reg.exe 1284 reg.exe 1576 reg.exe 2256 reg.exe 2828 reg.exe 2016 reg.exe 2776 reg.exe 896 reg.exe 1872 reg.exe 2664 reg.exe 2700 reg.exe 1520 reg.exe 2976 reg.exe 2380 reg.exe 2568 reg.exe 1804 reg.exe 1352 reg.exe 2736 reg.exe 2912 reg.exe 1684 reg.exe 1044 reg.exe 108 reg.exe 1700 reg.exe 2064 reg.exe 1044 reg.exe 1936 reg.exe 1956 reg.exe 2740 reg.exe 2404 reg.exe 1264 reg.exe 1780 reg.exe 676 reg.exe 2560 reg.exe 2440 reg.exe 1540 reg.exe 2712 reg.exe 1964 reg.exe 1852 reg.exe 2916 reg.exe 2000 reg.exe 1264 reg.exe 436 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2992 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2992 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1964 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1964 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1708 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1708 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 888 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 888 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2268 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2268 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2904 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2904 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2808 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2808 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 3044 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 3044 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 684 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 684 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 316 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 316 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1688 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1688 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2700 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2700 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2340 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2340 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2144 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2144 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1772 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1772 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 544 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 544 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2564 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2564 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 556 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 556 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1140 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1140 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1860 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1860 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1528 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1528 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 820 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 820 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 684 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 684 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2928 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2928 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1948 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1948 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2040 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2040 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1836 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1836 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2836 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 2836 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1268 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1268 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1700 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 1700 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2380 wrote to memory of 1300 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 30 PID 2380 wrote to memory of 1300 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 30 PID 2380 wrote to memory of 1300 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 30 PID 2380 wrote to memory of 1300 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 30 PID 2380 wrote to memory of 2600 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 31 PID 2380 wrote to memory of 2600 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 31 PID 2380 wrote to memory of 2600 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 31 PID 2380 wrote to memory of 2600 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 31 PID 2380 wrote to memory of 2016 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 32 PID 2380 wrote to memory of 2016 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 32 PID 2380 wrote to memory of 2016 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 32 PID 2380 wrote to memory of 2016 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 32 PID 2380 wrote to memory of 2480 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 34 PID 2380 wrote to memory of 2480 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 34 PID 2380 wrote to memory of 2480 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 34 PID 2380 wrote to memory of 2480 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 34 PID 2380 wrote to memory of 2424 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 35 PID 2380 wrote to memory of 2424 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 35 PID 2380 wrote to memory of 2424 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 35 PID 2380 wrote to memory of 2424 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 35 PID 2380 wrote to memory of 2212 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 36 PID 2380 wrote to memory of 2212 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 36 PID 2380 wrote to memory of 2212 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 36 PID 2380 wrote to memory of 2212 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 36 PID 2016 wrote to memory of 2440 2016 cmd.exe 38 PID 2016 wrote to memory of 2440 2016 cmd.exe 38 PID 2016 wrote to memory of 2440 2016 cmd.exe 38 PID 2016 wrote to memory of 2440 2016 cmd.exe 38 PID 2380 wrote to memory of 2920 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 40 PID 2380 wrote to memory of 2920 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 40 PID 2380 wrote to memory of 2920 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 40 PID 2380 wrote to memory of 2920 2380 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 40 PID 2920 wrote to memory of 3056 2920 cmd.exe 43 PID 2920 wrote to memory of 3056 2920 cmd.exe 43 PID 2920 wrote to memory of 3056 2920 cmd.exe 43 PID 2920 wrote to memory of 3056 2920 cmd.exe 43 PID 2440 wrote to memory of 2648 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 840 PID 2440 wrote to memory of 2648 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 840 PID 2440 wrote to memory of 2648 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 840 PID 2440 wrote to memory of 2648 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 840 PID 2648 wrote to memory of 2992 2648 cmd.exe 260 PID 2648 wrote to memory of 2992 2648 cmd.exe 260 PID 2648 wrote to memory of 2992 2648 cmd.exe 260 PID 2648 wrote to memory of 2992 2648 cmd.exe 260 PID 2440 wrote to memory of 1804 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 47 PID 2440 wrote to memory of 1804 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 47 PID 2440 wrote to memory of 1804 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 47 PID 2440 wrote to memory of 1804 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 47 PID 2440 wrote to memory of 2096 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 49 PID 2440 wrote to memory of 2096 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 49 PID 2440 wrote to memory of 2096 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 49 PID 2440 wrote to memory of 2096 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 49 PID 2440 wrote to memory of 1700 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 50 PID 2440 wrote to memory of 1700 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 50 PID 2440 wrote to memory of 1700 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 50 PID 2440 wrote to memory of 1700 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 50 PID 2440 wrote to memory of 932 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 52 PID 2440 wrote to memory of 932 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 52 PID 2440 wrote to memory of 932 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 52 PID 2440 wrote to memory of 932 2440 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe 52 PID 932 wrote to memory of 1992 932 cmd.exe 926 PID 932 wrote to memory of 1992 932 cmd.exe 926 PID 932 wrote to memory of 1992 932 cmd.exe 926 PID 932 wrote to memory of 1992 932 cmd.exe 926
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Users\Admin\NmkcgsMc\UKMsskQE.exe"C:\Users\Admin\NmkcgsMc\UKMsskQE.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:1300
-
-
C:\ProgramData\wSIQkMEU\qwIscQwA.exe"C:\ProgramData\wSIQkMEU\qwIscQwA.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2600
-
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"2⤵
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2440 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"4⤵
- Suspicious use of WriteProcessMemory
PID:2648 -
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2992 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"6⤵PID:1196
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock7⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1964 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"8⤵PID:3024
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
PID:1708 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"10⤵PID:1692
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
PID:888 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"12⤵PID:2100
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock13⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2268 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"14⤵PID:2212
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
PID:2904 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"16⤵PID:2092
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
PID:2808 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"18⤵PID:2872
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock19⤵
- Suspicious behavior: EnumeratesProcesses
PID:3044 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"20⤵PID:1340
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
PID:684 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"22⤵PID:1476
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
PID:316 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"24⤵PID:888
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock25⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1688 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"26⤵PID:2128
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock27⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2700 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"28⤵PID:2096
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock29⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2340 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"30⤵
- System Location Discovery: System Language Discovery
PID:2816 -
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
PID:2144 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"32⤵PID:3008
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock33⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1772 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"34⤵
- System Location Discovery: System Language Discovery
PID:684 -
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock35⤵
- Suspicious behavior: EnumeratesProcesses
PID:544 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"36⤵PID:2508
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock37⤵
- Suspicious behavior: EnumeratesProcesses
PID:2564 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"38⤵
- System Location Discovery: System Language Discovery
PID:768 -
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock39⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:556 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"40⤵PID:2992
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock41⤵
- Suspicious behavior: EnumeratesProcesses
PID:1140 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"42⤵PID:2296
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock43⤵
- Suspicious behavior: EnumeratesProcesses
PID:1860 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"44⤵PID:2412
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock45⤵
- Suspicious behavior: EnumeratesProcesses
PID:1528 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"46⤵PID:2316
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock47⤵
- Suspicious behavior: EnumeratesProcesses
PID:820 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"48⤵
- System Location Discovery: System Language Discovery
PID:2764 -
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock49⤵
- Suspicious behavior: EnumeratesProcesses
PID:684 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"50⤵PID:2652
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock51⤵
- Suspicious behavior: EnumeratesProcesses
PID:2928 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"52⤵PID:2840
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock53⤵
- Suspicious behavior: EnumeratesProcesses
PID:1948 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"54⤵PID:2664
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock55⤵
- Suspicious behavior: EnumeratesProcesses
PID:2040 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"56⤵PID:2852
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock57⤵
- Suspicious behavior: EnumeratesProcesses
PID:1836 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"58⤵PID:2488
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock59⤵
- Suspicious behavior: EnumeratesProcesses
PID:2836 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"60⤵PID:1636
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock61⤵
- Suspicious behavior: EnumeratesProcesses
PID:1268 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"62⤵PID:1388
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock63⤵
- Suspicious behavior: EnumeratesProcesses
PID:1700 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"64⤵PID:2860
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock65⤵PID:1352
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"66⤵PID:852
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock67⤵PID:1744
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"68⤵PID:2348
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock69⤵
- System Location Discovery: System Language Discovery
PID:936 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"70⤵PID:1980
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock71⤵PID:2124
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"72⤵
- System Location Discovery: System Language Discovery
PID:2660 -
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock73⤵
- System Location Discovery: System Language Discovery
PID:2560 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"74⤵PID:1692
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock75⤵PID:2776
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"76⤵PID:1728
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock77⤵PID:1484
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"78⤵PID:1584
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock79⤵PID:3012
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"80⤵PID:2228
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock81⤵PID:264
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"82⤵PID:2492
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock83⤵PID:3008
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"84⤵PID:268
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock85⤵PID:2952
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"86⤵PID:1804
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock87⤵PID:2804
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"88⤵PID:1852
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock89⤵PID:2508
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"90⤵PID:1752
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock91⤵PID:2720
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"92⤵PID:1888
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock93⤵
- System Location Discovery: System Language Discovery
PID:2164 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"94⤵PID:3068
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock95⤵PID:2496
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"96⤵PID:768
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock97⤵PID:1388
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"98⤵PID:2360
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock99⤵PID:868
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"100⤵PID:2708
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock101⤵PID:2536
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"102⤵PID:1636
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock103⤵PID:1940
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"104⤵PID:1620
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock105⤵
- System Location Discovery: System Language Discovery
PID:2260 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"106⤵
- System Location Discovery: System Language Discovery
PID:1004 -
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock107⤵PID:1072
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"108⤵
- System Location Discovery: System Language Discovery
PID:1572 -
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock109⤵PID:2888
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"110⤵PID:1388
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock111⤵PID:1476
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"112⤵
- System Location Discovery: System Language Discovery
PID:1980 -
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock113⤵PID:2632
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"114⤵PID:2432
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock115⤵PID:1680
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"116⤵PID:272
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock117⤵PID:2748
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"118⤵PID:308
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock119⤵PID:2464
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"120⤵PID:2072
-
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock121⤵PID:832
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"122⤵PID:660
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-