Analysis
-
max time kernel
10s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20/11/2024, 13:26
General
-
Target
2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exe
-
Size
110KB
-
MD5
92f7d5f7ac3f057a1327549922c438b5
-
SHA1
7121142f80d0abfccf9a99f6d3e4fa071a760075
-
SHA256
38f8ab30ad8b455fb43a8ac3f067270df8a694aa25a1a3f1fe1b25e0175ac99a
-
SHA512
05bd1c7241a0594cb069ea63bac206c181516b5efbd137cc1f7101521fc6ec8989997993edd2ad97ecacc654e6cf2406b872ce0f459b5bf147e535b4da91186e
-
SSDEEP
3072:4yn7YTtqpeACe2whxxQHmOVM8kfebUb/7BXmMP:4OYTtqJCBIxQHmOVwfeS7BW4
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 31 IoCs
-
UAC bypass 3 TTPs 31 IoCs
-
Executes dropped EXE 2 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\ruIAgkUY\vqoMAMgA.exe"C:\Users\Admin\ruIAgkUY\vqoMAMgA.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\ProgramData\RuUUoMgg\iqUAMAMQ.exe"C:\ProgramData\RuUUoMgg\iqUAMAMQ.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"6⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"8⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"10⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"12⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"14⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock15⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"16⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"18⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock19⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"20⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"22⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock23⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"24⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock25⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"26⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock27⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"28⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"30⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"32⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock33⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"34⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock35⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"36⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock37⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"38⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock39⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"40⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock41⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"42⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"44⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"46⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock47⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"48⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock49⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"50⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock51⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"52⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock53⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"54⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock55⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"56⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock57⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"58⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock59⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"60⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock61⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"62⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock63⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"64⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock65⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"66⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock67⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"68⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock69⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"70⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock71⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"72⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV173⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock73⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"74⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV175⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock75⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"76⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock77⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"78⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock79⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"80⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock81⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"82⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock83⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"84⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock85⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"86⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock87⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"88⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock89⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"90⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock91⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"92⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock93⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"94⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock95⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"96⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock97⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"98⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock99⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"100⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"102⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"104⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"106⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"108⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"110⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"112⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"114⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"116⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"118⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock"120⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-20_92f7d5f7ac3f057a1327549922c438b5_virlock121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-