Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21-11-2024 02:24
General
-
Target
2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exe
-
Size
121KB
-
MD5
0ca1478489d45ef50ea00cc65e30f283
-
SHA1
ac3541c33fb0769655b4e3e475d4381b140ba37c
-
SHA256
f4364fae133e48bde2659e5903e133371af5e97b3cc3f84a9671a79187a7d42e
-
SHA512
fd88962164d83e0f23a49cdf54e914b7d613075a5289c94bafb5e5616b8ebcea048357281a6e37f4233d148295080915f01f66ab8a5b90f99d443b07f5292c0b
-
SSDEEP
3072:uAoxPqClJjfiPW1z12uNe+HA/40UugLSckJwd:3oxPpdz12uNS4eaSckJwd
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Renames multiple (76) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\hksgYEYM\UIcwwQwk.exe"C:\Users\Admin\hksgYEYM\UIcwwQwk.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\ProgramData\MUsQYcEQ\OWoUMowY.exe"C:\ProgramData\MUsQYcEQ\OWoUMowY.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock7⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"8⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock9⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"10⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"12⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock13⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"14⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"16⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock17⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"18⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock19⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"20⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock21⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"22⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"24⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock25⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"26⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV127⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock27⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"28⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock29⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"30⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock31⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"32⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock33⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"34⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock35⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"36⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock37⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"38⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock39⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"40⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock41⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"42⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"44⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"46⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock47⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"48⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock49⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"50⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock51⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"52⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock53⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"54⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV155⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock55⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"56⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV157⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock57⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"58⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock59⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"60⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV161⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock61⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"62⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock63⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"64⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock65⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"66⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock67⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"68⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock69⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"70⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV171⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock71⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"72⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock73⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"74⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock75⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"76⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock77⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"78⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock79⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"80⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV181⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock81⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"82⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock83⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"84⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock85⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"86⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV187⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock87⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"88⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock89⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"90⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock91⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"92⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock93⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"94⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV195⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock95⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"96⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock97⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"98⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV199⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock99⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"100⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"102⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1103⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"104⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"106⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"108⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"110⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"112⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1113⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"114⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1115⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"116⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"118⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock.exeC:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-11-21_0ca1478489d45ef50ea00cc65e30f283_virlock"120⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-