Analysis Overview
SHA256
f1f5aaf209f61e8c50313fe2356e5d2d64035dc33ab435e148ed14c821b112f4
Threat Level: Known bad
The file 2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (83) files with added filename extension
Renames multiple (84) files with added filename extension
Blocklisted process makes network request
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Modifies registry key
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-05-18 12:04
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-18 12:04
Reported
2025-05-18 12:06
Platform
win10v2004-20250502-en
Max time kernel
150s
Max time network
142s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (83) files with added filename extension
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\Control Panel\International\Geo\Nation | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\BGswwogo\OUoYIogw.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\Users\Admin\BGswwogo\OUoYIogw.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OUoYIogw.exe = "C:\\Users\\Admin\\BGswwogo\\OUoYIogw.exe" | C:\Users\Admin\BGswwogo\OUoYIogw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OUoYIogw.exe = "C:\\Users\\Admin\\BGswwogo\\OUoYIogw.exe" | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DYMUoAEs.exe = "C:\\ProgramData\\zOQcssQk\\DYMUoAEs.exe" | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DYMUoAEs.exe = "C:\\ProgramData\\zOQcssQk\\DYMUoAEs.exe" | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OUoYIogw.exe = "C:\\Users\\Admin\\BGswwogo\\OUoYIogw.exe" | C:\Users\Admin\BGswwogo\OUoYIogw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DYMUoAEs.exe = "C:\\ProgramData\\zOQcssQk\\DYMUoAEs.exe" | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
| N/A | N/A | C:\ProgramData\zOQcssQk\DYMUoAEs.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe"
C:\Users\Admin\BGswwogo\OUoYIogw.exe
"C:\Users\Admin\BGswwogo\OUoYIogw.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\BGswwogo\OUoYIogw.exe
C:\ProgramData\zOQcssQk\DYMUoAEs.exe
"C:\ProgramData\zOQcssQk\DYMUoAEs.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\zOQcssQk\DYMUoAEs.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DCsocUcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Users\Admin\BGswwogo\OUoYIogw.exe
C:\Users\Admin\BGswwogo\OUoYIogw.exe
C:\ProgramData\zOQcssQk\DYMUoAEs.exe
C:\ProgramData\zOQcssQk\DYMUoAEs.exe
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aecAIQcw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AOAEAggI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WcMEUoEM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zgsokcAA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PWIccYIE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OMIMYEwA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wksoAcUE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SGIwwYow.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AcIUsEMg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TawAEMUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RaQAscgk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lWQYEQYc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BAkowgwk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 81b14f4fdc12952f37a8f2ba4fedbe62 lIBQBQHnhES1b+MTqhFhiA.0.1.0.0.0
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WIgIgQQk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iGMYoQYc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EMAoIcIM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUUgosUo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xaAkYogM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dcIYgUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PsQMokAo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xgoYEMQs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kGYYoYwU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iYMoUwsY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IcYgAYcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BIwcMoAk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fQwggkMk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xEsoMoUI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NOAkwkQc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gGMwwMEY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EaEsMoEw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wUUAoooY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hSgkkggQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pEMgokck.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rsAcQEsE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ySAMcEUo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MKswMscE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EmwcEIYY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AocMgccA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JGAYAwsE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hiQgAYII.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\poQYAIUo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xgsgMkkc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qOcoUccI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SCwQssos.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QyMMYQgo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RkUAUMIE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\reUcYIws.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rEwkAQYs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OuYgIcQw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YIwcsocA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uIUYYIog.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IYIccAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XUMQUssM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lkcYcMYk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pmMgAwYE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wwYossso.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EiYAAsAI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eugMsEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RiggowEw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RAUsEIIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMAkUIIs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hkYUsIoE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MQoMAksM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uUYwYAks.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cugYkMAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JiogocYE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TiwQAwkI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lqsAIgUI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lyoMoIEM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mqgMsggo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qMAwUgwE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KsQgUkwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vaoYwgoM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FyMcQQQw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUEMockU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TyQIQgsw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IwMgwsQc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KGAkwgMw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eucYIgQU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUAcMsUk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rcMsIsgw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\joIMsAkE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hQIUUIkc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iaAsoAEI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aaIAIEAk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cAogkQkk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\imQsMEEY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zQEIgwUg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zewwEAIY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DCccMUUc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MsoIwMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AmkcMcUs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aqQsYksM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YyIYUUsU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NqgMYEQU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NAQEEwUU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hwYgoMIk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oOAokYwc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mAQoosAA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WgYYUIYE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YkMUoAMg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pAsQgoko.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HcQoMUYU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lAIIUEoM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\McAAgIAA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\asMgsEQs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eiEQkIgc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NIkMAMwM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rAIYwEwE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fSYQwIEw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zysYMkQA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UqkAIQYk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\egwAwMwY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YoAckgoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YCUosAkU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YoMQsoUA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vCQYYUUM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FEgkIAIo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BuAsIkIc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SSgUAgIg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ymkAwcEE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AesAIkoE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XuoEsAII.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hOAscIsk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.16.238:80 | google.com | tcp |
| GB | 172.217.16.238:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.16.238:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.16.238:80 | google.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
Files
memory/5020-0-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\BGswwogo\OUoYIogw.exe
| MD5 | 34432ba5a47050026785571de6a17aa9 |
| SHA1 | 2de1a30baccb1eaa8483aadb0eecea231e73e4c9 |
| SHA256 | adafb43ee29a0988ba077807141e6b5a0abfb8500e9dc44a27cba6742e614e20 |
| SHA512 | f2ba64418a3843c28ea117f18d8b1698f2f7cc0f61f13cd65d6ad42fdda8f28b6c672378f9d77c2b8176f021df5c2e4b1bd02d07fc1cd43baeaad8d97061c87d |
C:\ProgramData\zOQcssQk\DYMUoAEs.exe
| MD5 | e2b2eb454cc39fa47d9503ba2a4bf466 |
| SHA1 | 48e4b572eb33dbb3c696920133d3df9609100795 |
| SHA256 | 039b607991cfb0f48f3f22b6f878f98b9b0c3f0a4feb4df0f7a7b9c29782dc50 |
| SHA512 | e3d9eca63067611b4dccb65710af870df24e640037ed931ad777cd89d5ad032f333dcd58b426cb513ed55a70997142c7cd84d07d4ed4f557f34df20a1b44447f |
memory/640-15-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2884-11-0x0000000000400000-0x0000000000430000-memory.dmp
memory/5020-19-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2704-22-0x0000000000400000-0x0000000000436000-memory.dmp
memory/852-25-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DCsocUcQ.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
| MD5 | 96b5a5aa81cddc217e02a83da419a8ea |
| SHA1 | 2f005ac25837210b71780fbf0d44b1b1da873749 |
| SHA256 | 50bc79f388a6f6a3abfd401ede993aa67626207b6ab63320fd44879ef73fda3c |
| SHA512 | bcbfe061efd4a2e60ae16f0ff2432411b3a23b5644f52b596e9b47d699933683c93e0174107520b60c010504c070bbc41aa3b704798ef400c3ddd814fde271cc |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\ProgramData\zOQcssQk\DYMUoAEs.inf
| MD5 | 654c7261fb94f697ac39a48c3b71671b |
| SHA1 | a760d272e7171b8512b9acb67c023c8750a53dad |
| SHA256 | c0d7c759733bb080c2033f193fa8d0406137f2b73273bd95d7c4d2fe1badea35 |
| SHA512 | c059d4b9940ee7fb456186608a80d0c591bc752aa25ec8703d20643c05a402fe140727737af9ac2de52685cafc21ce81f90253958568fb938c57c889818eb6cb |
memory/2704-38-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1436-51-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2316-62-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4332-76-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\zOQcssQk\DYMUoAEs.inf
| MD5 | 992a37de5fa7f0ef2e55c0807695ad91 |
| SHA1 | a299618b7ca825aba98c2991d07aa4007db1eab9 |
| SHA256 | 631b32a036511fbd418626232082c9665fd94930800b57b24c29b2ced8423e01 |
| SHA512 | cff7c9f0086fdb2f8b8589607d323331df21f10a04498756451fd1f8453f6e2c2d8515bbca974e118600be4d7ad44e977e3f0c51f5e8fa54bf00914e18daca15 |
memory/4316-92-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2176-105-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3880-115-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2940-119-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\zOQcssQk\DYMUoAEs.inf
| MD5 | 95807033d5dde0880028d98d35a9a053 |
| SHA1 | 44bbfc7405694d17cc2e6744b9debbd3709e4c26 |
| SHA256 | 712f3eb63532211bacce62fec05e8edaaa8c0b5d6919270fd98cefb46c64e42f |
| SHA512 | cb568b2d97e8ce27266d6d8d85803df3de1595120ecfd197d50569facda8f16bf0fff404c414e5b35eed73db6f66f2fee85ac8c2dd8bb09ab38015b2f197cf64 |
memory/3880-134-0x0000000000400000-0x0000000000436000-memory.dmp
memory/456-142-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4000-146-0x0000000000400000-0x0000000000436000-memory.dmp
memory/456-161-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4756-172-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\zOQcssQk\DYMUoAEs.inf
| MD5 | ec6b918c578d436a2627deeb14a214f7 |
| SHA1 | 679e4f05cca1287d67831a78eb12336f082f02c0 |
| SHA256 | 3cab728331871d16457919c533dd6ff90cc406f10b21f51654ece37b17cecf59 |
| SHA512 | 19bceffe37e2e5f8b24ce0ef16c6c6d9c6b58a61f855e7f18acc96a4e46a31ac890b66a31b0cb999c98718e28613013574c1b48ab986a419a3205834d3d85e0f |
memory/2180-187-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3892-198-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1812-213-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4332-222-0x0000000000400000-0x0000000000436000-memory.dmp
memory/884-231-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2636-239-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4604-249-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2964-259-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2128-267-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2208-276-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2952-285-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3320-295-0x0000000000400000-0x0000000000436000-memory.dmp
memory/700-303-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1460-313-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4288-321-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2684-331-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4324-339-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3776-349-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4304-359-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5012-367-0x0000000000400000-0x0000000000436000-memory.dmp
memory/756-377-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2736-378-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2736-388-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3864-396-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1404-402-0x0000000000400000-0x0000000000436000-memory.dmp
memory/928-407-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1404-417-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1464-425-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2328-433-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3256-434-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3256-444-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1800-454-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2380-455-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2380-463-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3032-472-0x0000000000400000-0x0000000000436000-memory.dmp
memory/528-482-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2316-491-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3604-499-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4972-501-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3908-510-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4972-511-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3908-521-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2104-522-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2104-530-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3744-531-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4668-538-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3744-542-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4668-552-0x0000000000400000-0x0000000000436000-memory.dmp
memory/264-560-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1800-561-0x0000000000400000-0x0000000000436000-memory.dmp
memory/264-570-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1460-579-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3864-589-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3396-590-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3396-598-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1696-608-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4444-618-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4436-626-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3396-627-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3396-637-0x0000000000400000-0x0000000000436000-memory.dmp
memory/928-647-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4140-655-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2104-664-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5012-675-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4972-683-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1556-691-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4436-701-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2536-712-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3776-711-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3776-720-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3232-729-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4304-739-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3176-748-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1908-756-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3892-766-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4952-776-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4748-784-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aAkE.exe
| MD5 | 3a394e4f918ed547b6835b776bdc3b95 |
| SHA1 | 652460ce3c78dc491709120b3beb6e3635550525 |
| SHA256 | 7dfb15340faf8c965cd0ee7e825abeafc74c97e5927e0decd73f572b0e9b6ca8 |
| SHA512 | 645458b2bfd8d3ae6e8f7df41fd4551f296ae77aa54213e8eb85ae83ac6dbb690db11e35811d40eb8c20306c976e1f7e2ceb239e019c0ce7f13f6a36c1268c8f |
C:\Users\Admin\AppData\Local\Temp\CEUA.exe
| MD5 | 60f4622389ae098443996e2b7e456c43 |
| SHA1 | 40b2e3841bffc5d498e44b4b68f59401a3f0b223 |
| SHA256 | e4f8ae7308ebe0282242d2ebe396e2b16c2c5a4a9d4e4c197d07b234dc968bb0 |
| SHA512 | b5d237b1cadbfcee6885d7ac1118ac97981bc7cec21f37795488f849f353a8162aa50263b90c78cc7f37d1d02ef46f58c1ba5abc5b2e1b426c2178be6640a5e2 |
C:\Users\Admin\AppData\Local\Temp\Mwgy.exe
| MD5 | 0be6e07f75b346e74867cdc9f4e7a160 |
| SHA1 | cbecea708290153a37b3ee066980b134658166a2 |
| SHA256 | 8fec1686b205cf44c33be2c63a992243f881a640d7be3da724f902c6ec69e575 |
| SHA512 | 984e1d4b779ae1a54197cd3c9f89fa798ac9509f9dc296b8ae551c6c4f8071612966dfa8efee67c39bc74c5e1bff50a23224a94caa31a56b175714f9b7dfc3cc |
C:\Users\Admin\AppData\Local\Temp\oEUO.exe
| MD5 | 3cf75b04073ae530d6a961961befaf1e |
| SHA1 | 516ceec8ca6e316634241375f24c1484b3a80f55 |
| SHA256 | 65b07e65c70a98400aa8fe153bfea5545f315085e82dd923c17b1ace686e2cf7 |
| SHA512 | f0b4ab8f1c09d0e0f7bae9dcaeb95f78ac2955a381df3b2c6236342a83ab4dbc0608af0452eaac5463e69340231b819abbe47dc12d01f811b094843e096ced33 |
C:\Users\Admin\AppData\Local\Temp\CoIW.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\Wggo.exe
| MD5 | 223ec3c19ec1dad0c45400fdaff1922b |
| SHA1 | 0bde68346606b87dd4139458526bd7d3afbf1a0c |
| SHA256 | 045a7b76bca32ef955ccf4c6e6271f0460b7fde543c6acb9d62446fcdfceca31 |
| SHA512 | 0b0a9e664d10bf3b58cdf8094055c000337fe3d336dd73c4bfde5982931ad70e6ed560ce2bbd1bf6f52d1f39054e0c7b491ece5e9d0387a443f12665116032f1 |
C:\Users\Admin\AppData\Local\Temp\ukkM.exe
| MD5 | 0cc7b69a88ce80269f4e3000e52a8003 |
| SHA1 | 3255c4770beb2cba388f411639ccd2c166b39fc5 |
| SHA256 | 0724160201612b418be3e78c9a425431c3b72507c797878b612031a5a9c3a301 |
| SHA512 | 7cf1b6ac6ca8329457e973d6ad22513091a5688dddc01d259b72bc99b123208a51c0ab6ae51771cf3c4c678f2dfab94b75b998417afb23a552e9b8a621c19fb6 |
C:\Users\Admin\AppData\Local\Temp\mIcU.exe
| MD5 | c8437d4a26d5338c06db9e12725fbe71 |
| SHA1 | c33b6b200e306bc3a2514fed375013b0c80d3ddc |
| SHA256 | c3827c1bac0f06876fafd6ba0fb4aadea83bb5f9442eee0dee475e180d08b940 |
| SHA512 | cc82e3638cc8e8cbcd5b393de003e5d61858e4b4c48695e80ba65bf7e6287adc15d975e38d7490ed1b92ff3f76c68ce0cd882f1a6e3d6228c6aa10dc2290041d |
C:\Users\Admin\AppData\Local\Temp\GkgM.exe
| MD5 | f55262340b9ac5032b2b502c44220b25 |
| SHA1 | 6c084f52ca38fc60d5938b4476f71ee60706395c |
| SHA256 | 23045133fca7fadfdeefdc74caefa22d54ab89a3ffd6b5dce297c855c810517a |
| SHA512 | 5c85a5150d1c43d67e2bc98f2cce1afa00558bc8876735df3ab2a9d4311b0de48d1bcafc35899731a6a3f3642c7ca1c6fc07b044daf1f6bb5a9e9c6ef4b31425 |
C:\Users\Admin\AppData\Local\Temp\ksoC.exe
| MD5 | 3e71c19b95c6fdf0b4157544d433825d |
| SHA1 | 61a026af54739d6fd7bd6247b1ff54e98e4b44c3 |
| SHA256 | e8a1bf4e655fff7093bb022bd95092b17c29658a95b969269ef5bc16e79be49c |
| SHA512 | 9dda33d28a9b47a0e1205aca0092ff829b868cf08d86a85accf5b92cfc78acb041e5a5e049c6736bf5bab15f322d044e49c7a1b9a797ee585801ec69d3519250 |
C:\Users\Admin\AppData\Local\Temp\kssS.exe
| MD5 | 48cab26872fcdb0924f6cb51aba0de7c |
| SHA1 | 4be6a8850f12f5657f1351793d2c58b6f6c41920 |
| SHA256 | 26740967e8a1f074c00913a7fe0914180960f5eabbe19c45f17327b1e0e2324a |
| SHA512 | 07cc2f76f9ffd0be1c145f2671a61116e10eb8f2dd4af9a87da5ecf15cb52c65d5b7caa044fa7136b94bf102e96abbb0decb217932dd22fd09075a5132a4a431 |
C:\Users\Admin\AppData\Local\Temp\KMYm.exe
| MD5 | 525c71e7dc337bb96752b48a62b5c1c6 |
| SHA1 | c110d221b7085c6e3b15fa6e38862693ec0141d2 |
| SHA256 | be8b1c14838dfe9e2e54c9480a56a0ff1c2bc0e573f8a6901b79d277872e5676 |
| SHA512 | b461f304c0563a77d283a3d8a9a1597db98fcaf6404cf5af3b1a5d58e0ce1df9d7d0be296d39013aad13006e9d4ffe5ae386dd53f40b227c3e168fe2ca861237 |
C:\Users\Admin\AppData\Local\Temp\uIwi.exe
| MD5 | 4f4b4c2af5cda4490098e430168f0ab4 |
| SHA1 | 4b46a8a7025f45928b173c959411b3efa06de219 |
| SHA256 | 13a4a852d7bd5b602b61a1f8a01511e9b41505c363d8b5c569e57b56ad4f9087 |
| SHA512 | 1aa0aade646dfee113b8939f53df5960746cd77c4675322e1b5ea06001e6fec06e666ef708101db647b2f90f82e5fde8f048a1b495264f228c6994b30539a898 |
C:\Users\Admin\AppData\Local\Temp\EQMs.exe
| MD5 | 9e90f70424b90c9058cc66e2d6b7f36d |
| SHA1 | 569fc652b204dae6f0bec4d535649d852a72926e |
| SHA256 | c6965e2a30d03739328d14204c829f5a7683705ca58f4623df97bdf0dfc02a1c |
| SHA512 | 60bf9cd0b43e6554fbe7e1c9a0ef319b33d86eafb1d29259818092146f52c72d6b3b95bbd36b25e10548b51eed6ac733aaa32bcf6b16bbcfa02b0428861dc43b |
C:\Users\Admin\AppData\Local\Temp\iIAe.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\cwkW.exe
| MD5 | 83e29205e11c28e59885b8d843d742df |
| SHA1 | a31eb712dd7e64854e835729598ed7949dd358bf |
| SHA256 | 96f9acfa59977b040c3db2765370b7b53bd1235782374b828ce7b43517666bbd |
| SHA512 | fc8d53f7ad48c79bf32158f5ce53a9982de580532be377471b4d73c0bbfb66b486bd517682a539f89cd61efca297865fe9718f9d5ca873e97c38b907b538a952 |
C:\Users\Admin\AppData\Local\Temp\sEAA.exe
| MD5 | 95714f5245e60ad8eccacdca7ded8cf1 |
| SHA1 | fefdfbb94730a8fe425f09e32d2619efe4fe1eec |
| SHA256 | 549b0eaf0d010e6a0cde833bacf70b698435cd70ef5669fe557d2e894af59d75 |
| SHA512 | 64fcf6954526cf745ecbee56f0b258e72f428108654f238386414ad147a83cea78f8ecc8d65030a478020a1ec67bbe8a5c0ecd79a33430518d556951f96541ff |
C:\Users\Admin\AppData\Local\Temp\eAkW.exe
| MD5 | 5c3d20d6e3b3139fbde7b61359213d17 |
| SHA1 | f0056556ebc167c6ccd03ce81abd46d3f90edd5a |
| SHA256 | 47d03587233c612f9f8c44bbc80b8c16445faac98c2b639049d6560438d6bbde |
| SHA512 | 5737889de572bfc0a692a9b246adbc5f8f519e6e4e2f2be69aad3dc6ba7aa65ee1b882b4182f60e39f19c407fec94a220cd6f10507471fd612ab85ae144de5e9 |
C:\Users\Admin\AppData\Local\Temp\Ckck.exe
| MD5 | ed5b3170ede2bac9afe2ca8b027ec5c6 |
| SHA1 | 54e968302ddf210ae5c4481fc40045a2a1508071 |
| SHA256 | ba4af29567d173e05ee0fd9a2c5c5ad7178f4d37900069dd2167c291d0168834 |
| SHA512 | 5bab16c7eae535db7576a9093e9a95310b543ed5dc6787ecc75f52b44e7ec046c50cbf39bc07e978c32bb7618aaff82cefe8272fa7991f919e0cbc76d9646314 |
C:\Users\Admin\AppData\Local\Temp\eYAM.exe
| MD5 | 7e46b743cfa940feccecad8615d671ff |
| SHA1 | 56bf64e92ed9403b0d3f229975a1eaf863a9f9ee |
| SHA256 | fc19ca19228d1793ed2660be0a23071733522120cc4fcbc2ae4cfc6708ffee1f |
| SHA512 | c1b9ae9e09978b671738c88beb81474ecf9b7db24e66f914eb1fd7e4d4f0a1962ec94abbb80bd414c061129e9634959edea1bd4041f380664ea9049fbbacc8a2 |
C:\Users\Admin\AppData\Local\Temp\Cwkq.exe
| MD5 | a0f5168b5e54377168c842da3689a1cc |
| SHA1 | 11a5fb30dae9e29150dd7a79acb3709c55cbe238 |
| SHA256 | 0e9caf6357f79baaded2ff1ad43c151c36bf7ce416a5d52657b569049f18387d |
| SHA512 | b5a93c248f4edabf4e3c3db985d3fa5707fceb187771207c1e9cb237c56672a4d2638b41cb3645b0b8b9b65ff94688b10e0222a0a228aff6a8ae5c366e20f3b1 |
C:\Users\Admin\AppData\Local\Temp\YoUq.exe
| MD5 | 6f9c919a09de9aa7874c2e9f1e7b9987 |
| SHA1 | a8d49227d7addf9bd0b73cb36a09809d3336e39a |
| SHA256 | c453778f522e172328278ea54b160da01256de8ef70b6cdaba49bcc8e0dd2997 |
| SHA512 | cdbd482d3616a14ce589b677ca20903e111d9c0e0f73078e12b304c4b2c7e88ea3e287c9bd23a0b9eb46d5f37325884d723831a8a66cc1a0c4f28fbb4f880a54 |
C:\Users\Admin\AppData\Local\Temp\SMki.exe
| MD5 | a3c1b839c3754ce6a539198943e5192d |
| SHA1 | d6671735f1ad959fa723014e1ae9826000413f22 |
| SHA256 | a29a3c4633bbf255f73e820c925602b13e4b9a3195242ea507af38063b0507ef |
| SHA512 | 37a09b2e776ec603f4a9232683ad9b43fd1a2b9563be239aa6d747fc57b80ddd2819ef8445d5ef4929515c59c17cf7d7061862a07158e063da1650b295275f6b |
C:\Users\Admin\AppData\Local\Temp\QAMI.exe
| MD5 | 4dc57bcf2e126661939dd16dcf738544 |
| SHA1 | 2a8c0760641ec821dcbdc6d3f3f3cc585be16608 |
| SHA256 | 1bae083f85886c51b93492d7c4713b89006c4ad3a3471f27e922fc956562261d |
| SHA512 | 2d12c1941d8df4b54b66859946412d9bd3ceae3641d1d576b9496c2e74287ee5fa80160320a888915c1b06b8b293b195bf2a16637665c6c5ab59d82fb250c99c |
C:\Users\Admin\AppData\Local\Temp\sogo.exe
| MD5 | 2a87a074e7c3073de5b2c2caefcb628b |
| SHA1 | ea627f636695704d5b6e722615980cd45de8359d |
| SHA256 | 40603fffa2b5615460662b8afcab182a8fac8ac4159db9eca566d2c1e9a8fb3a |
| SHA512 | 305290819e4351f1b715a2ed987ae205ef9ee05b4c0f6168b1655076cc9dfbde2aa325504d1bbeb39a895dbfbfbdc421ef57af5cc58aefbccde23bc20ec3b25e |
C:\Users\Admin\AppData\Local\Temp\sksi.exe
| MD5 | 388786daadb0e64ece5da4cadea98bb0 |
| SHA1 | a403fc12ea9be2aac022d814ce1e823e86b4ced8 |
| SHA256 | 6ec3b07ffa395c28d621f6ab7bdb99a596585f6d023afaef305e196cea59f683 |
| SHA512 | 03696a5139cd9d780054a257b39ec647a490704fb6e3db1119a09ff7d18c765e99e6f32b270e1c6ce88525f59b4cda206e8d8ba7e38a2ebf2650ef6f0582b9d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\128.png.exe
| MD5 | d64c5914083f2ae70faef407873666e0 |
| SHA1 | 2bb4a8d8df28314771c777f374894425a0f4f59d |
| SHA256 | ed50579e00ffa8c8b75729e8a49a92c66e615723e08b475247a4f5c614b6f55e |
| SHA512 | 1932b9dff3b295f42684480f8350334d22bbc0b39a894548fb4ad6bd534b385b0561277ab7ea21ad8580574b0b36e093ee0385ebab53b92749c1c83412e95e32 |
C:\Users\Admin\AppData\Local\Temp\KMYW.exe
| MD5 | 8c3551352ec3ec8298702dc79fb14240 |
| SHA1 | e8c86cc0d9bc63574c75cfeb09ac53e3ba9b855d |
| SHA256 | e1d3415e91a692f7f5f5360029d3fb7980ec50aa3b1602b6c0194d8a98699881 |
| SHA512 | 6484a1b89c926fd006c1f60bf0615890e320febc532dea301b452158003a6b04f6ec338caa1dd9834a9da1bb288226f1e60d35ef04a076d8bdc5569c163dda38 |
C:\Users\Admin\AppData\Local\Temp\UkEU.exe
| MD5 | ea30a89451fe93aad23a341f7fa14288 |
| SHA1 | 45cfe6f779e37db8134d2158d7c2bb60202d29c7 |
| SHA256 | 86b568a75f92715f1ca3735c62b0cd800f273539fbaf8788dbcc6fb7e3b02a33 |
| SHA512 | 9188f6e88e58ea57768732bdefac98d1e1a583ae585e55f95df08bfa46b9e3b9f9453f3b0bcf38fb927a2c6aceb9a902fc9d3b20654b6d706673a7b57e33fb49 |
C:\Users\Admin\AppData\Local\Temp\qgkA.exe
| MD5 | a8f5ed01738ed432262b51139e18dc00 |
| SHA1 | 31c31c44791a213e5af1a7224494401f3815ecb9 |
| SHA256 | 8be92c49c72086de66178d32123fb737e1ceae2194d6413ab234375f4f8502ce |
| SHA512 | 0c53fe03fc9dd5444b0bd89dc59dc20c09bc8d8f833028c682ce42f107afc45964d9acbe22c79e461319c84f6f2633c79453af70d5b940be4fc120d5bdb28517 |
C:\Users\Admin\AppData\Local\Temp\OoAa.exe
| MD5 | cbbffa153fe6d1a7f4bbe6acf0a7c81d |
| SHA1 | bd4c99ced83afc8dd402a48fac7881b3b7880d72 |
| SHA256 | e1e656fb4b63d446d102223c257b7282b5cd97e1aa4480595cf784bfdb0c754c |
| SHA512 | bc41c8e2e5adc7fc91300da5461881b0b9b5a25616bdf60f19c63f9c86490b72b748174f471479ae7d8db25597d06e775e16fed0b3f13ba8cb7be7225c4925d4 |
C:\Users\Admin\AppData\Local\Temp\SAgK.exe
| MD5 | 506d784090cd841edd0ee7aa83f1ddfd |
| SHA1 | 9d040ec38d1a2db19892be2221cc998a147b82a3 |
| SHA256 | d916f354bd852910fafd9dcdfb179f5ec1878087c8a694c4a8e2d795776012cb |
| SHA512 | a172e01db5f3f0862b775be4b3715d3bbb1a01596eb088331fabab1164ecd8c72d6716e14f36df7f832132acd6f864b5bcf724c2f89117a88764e6e15f0a12e8 |
C:\Users\Admin\AppData\Local\Temp\oAkA.exe
| MD5 | 5658dae18ad718525860ba6b6f2c4e46 |
| SHA1 | 9638072dbd5fe0e7653d5fd63abaeb1396d35825 |
| SHA256 | 7ab754111315d319502e9e31eba75a2c366d4e7cd401fc33208374fe64a40eec |
| SHA512 | a558789569ee8fce49c8da56206c3468c411b437219e4fd273eed053c080c656ad9d35e4036ce7319fb3bbe02d1311db467e6032890cc8f5322ebb31e687cf2f |
C:\Users\Admin\AppData\Local\Temp\AMsS.exe
| MD5 | b13c5958312012f3effcc5ef1195c504 |
| SHA1 | c04a94535046b487ef64c12fc224fdb376a4d85d |
| SHA256 | 01d533eb60d3ef3e6340d820cfc878698bf00b0c1775f688e5513c2bba72aef9 |
| SHA512 | 8d221d84cd3cd4fa7bdbf6639bf1e9a98f6362d517c894170b63c494b4cb3be56d686b4be77870061819abf8e2a778d501da0ed1414bd7a1f1e0709f6f5304ec |
C:\Users\Admin\AppData\Local\Temp\EUsi.exe
| MD5 | 345df869c867df114491c2b76203e31e |
| SHA1 | 693d4aeef720ac65d74598a6f347fb8f779627be |
| SHA256 | 683f1aeefccd9ea64c42fd6970c3240f9a085597b2177209d798ada6173151c0 |
| SHA512 | bc982b309ad555edda486a0114b0066b99d73fd4a6b10404ba34fa48f756452797377c48c623900ba975a447754f79b693a64e330fde00f4bf7ba576fdc95c3e |
C:\Users\Admin\AppData\Local\Temp\kMYo.exe
| MD5 | a0be0287948578f34ed9e110c729ce57 |
| SHA1 | 7dca3a5ed84df7be719ba4ce0a2fc465405e3bcd |
| SHA256 | 304fc0356ba8b32387c2425d339ffb491c07a97f39a27fa1001ef01165cee9d8 |
| SHA512 | 10d024929a3c07c26f38eeb85057b32b83f70ac55b6beb9002556bf29eb8e93bc94c504aa8ec64b3fb1f7047167af7f1b84ae6f2938bb8435a753dd7ab8c79cb |
C:\Users\Admin\AppData\Local\Temp\qssa.exe
| MD5 | f1e680c7be082f358d25235fb231e46a |
| SHA1 | 9bcb6b45bd41d4ec4b38d56dc3b9e9b922943cdf |
| SHA256 | f9cbfac630f59f00c5f906203e77579f889d131c959e756d7378f4d0755d5334 |
| SHA512 | 5285401133d4a2a8b66b360e57ad5b0f7ad584e30ab3ee782d4d35569213e168c76f4b1a4c43af8209190c40acbe0378eb07fef8a1afacb56fb2820462296b2f |
C:\Users\Admin\AppData\Local\Temp\ascy.exe
| MD5 | d15dbb0758796504d4dd6f3ecc410aa9 |
| SHA1 | 380b797ea04048620e490a09ce144f9242bafdf0 |
| SHA256 | 61d2488eb89c48d68a34f36d2a26123c388ab6f9f2bc306a9f0ebf9f6b55f51d |
| SHA512 | 76b44c8c7a2bcee450167d1f71560fa1738846ed0be5b4fd411dff141e1da84618c2ec76e11949507aa0f0d938a422ce044f51885db2b7b689e9198222107f37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\96.png.exe
| MD5 | 4561d6d04651701ca98a1646cf182186 |
| SHA1 | ca929e8f84e36f9833c2d3253676c9d47763e81a |
| SHA256 | 58555316ea70037c02bd2818c121c974644a6114471bf0cba0561720448ae8b8 |
| SHA512 | d537b3c1dafd192cf62b9bdc39415049c68684d1584a5a75042d8865b41f441310180851be6835563389a879ef4cd85453f2d8d13b7f0a81047cd2ddad7a00e9 |
C:\Users\Admin\AppData\Local\Temp\mgwe.exe
| MD5 | c667dd6deb213a8aa1ce5c5a4e7f2999 |
| SHA1 | 682530404406c826847a2750831c0a48684cdef9 |
| SHA256 | 2b2cee76f824cfd3b6a770f8be28d4ba31847ca76823d9d46f3fcd23e2183b7a |
| SHA512 | f69b186d120e4d12152c453c640fdf095b81ebaf5e35f31a837a4a17f0caaeb7675d8b459f3e58e91249593b8e4e413ff1c397ba90048e1cd8053257ac330652 |
C:\Users\Admin\AppData\Local\Temp\QQUS.exe
| MD5 | 055a0767fd7cc5788e80177cf1fe434c |
| SHA1 | 30c2cf719cc87e0d10e427f172a01036c8e45c1d |
| SHA256 | 780476703e94ba01c94d98896ba4e5ad57a35d6e3b40363d94792edcac57d046 |
| SHA512 | 30bce0aaab327b729d3276c3c5641fb9740746a56555a3c2dbcd9dd1b6ab7687c1d7e05ad47d34ad5062f54c43c94510804bf95cb8ceca0d77bb3719af625717 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\96.png.exe
| MD5 | 8863a25609bf4edde4a0f13d4faee9c2 |
| SHA1 | 3077d1d321bc681a2e8e8347ea25c9554d4640a5 |
| SHA256 | 044e4ede9db846beb3fd6ac5bc0b6f435e9a3a2daea90555f0687e4014fb0f57 |
| SHA512 | 75572da518e3719cc9cd16ceec58cc716232ed7c53c9a641cf066c61094219def73179bebbece294d34ab2dcc892fdd70d3f60d4358f13b333bb007988e8e19d |
C:\Users\Admin\AppData\Local\Temp\cgcg.exe
| MD5 | 89e9cfb4388e7d9f084616552b3dc506 |
| SHA1 | dfb540ed566111c5114dc98a4f549cb02b3d4698 |
| SHA256 | 6ffcfda96198e74fc20e006a8c4fd788df486bc775802025f99d639627043a94 |
| SHA512 | 80383e5d2b273572508d132be903e7afaa5c4ebd24b18019441a3326d2e6133de3130a593ffc57ec346c13e0e257ffede89cba612159e06501c19e6be708ba26 |
C:\Users\Admin\AppData\Local\Temp\CAsq.exe
| MD5 | 69bc99a56b4fa6ea04169f4ab006909c |
| SHA1 | 7823a7005e8e9934349dbbfc741dcd60f3f2b71d |
| SHA256 | 895d4fd52f6430fc622ccfbadc4a8b4cb49208168d9d29068b08c41a50c8e2ef |
| SHA512 | fbcbc1c8126d9f77f490a31a5a424e8af35b660babbf60299f31a7c4bde72f2d53068a58a931fe3c230105f65fee1dee71d8c8038d74c772381aad048b53f3ef |
C:\Users\Admin\AppData\Local\Temp\AUge.exe
| MD5 | 1a8cc7e5b5ebc59a5c6b867e17a616a1 |
| SHA1 | 49ddb55cb08fa832aa01e9f99afed82804363b64 |
| SHA256 | c82b305ac5c779a27934b74770b4dba26bd29af6f8c876507f1d78a1091fc7fa |
| SHA512 | eb121fd372aa848f47f033959efbe39bfa07f088c107e7bf379a76d0db885ae79d348b7cdd9629fbfc6c6e9460bf6521e851b30f454de60db2a2fb527c563428 |
C:\Users\Admin\AppData\Local\Temp\CgQK.exe
| MD5 | 678b8fb1504568fa159fe64cc4c0361d |
| SHA1 | 3c2c4316b94665562a18259f2b45a7e5992a2512 |
| SHA256 | ebbed2172e7b0aaf7c6f190deb888452d985e24fa96341a82249535742213d5a |
| SHA512 | 68c2ebbd87ab1d78c11c1e6f49426842b9e6f7c7dcd749ea3bd659dabb4d22228e4bbc2b0653e5ffa66312a3e1118ffdf743026476be8b30bf748642da69bbe7 |
C:\Users\Admin\AppData\Local\Temp\CAsu.exe
| MD5 | 93cbfdac49d4c7809d750eae6e352706 |
| SHA1 | 7ab5cb2b469b7c34c0200e948a969d57e4d5b770 |
| SHA256 | 6719c530a32dfe43db0025a782888dfa60b041dd4048edcae3886d36b6b81370 |
| SHA512 | 928469f3bcef73ae6a691326528060774fbb1dea62623f211b690daa8c7ad18e694ceec8ebea92857fda2ec01340c6d84ed54f45e25df0e60c74b5cb3520f25d |
C:\Users\Admin\AppData\Local\Temp\OIcc.exe
| MD5 | fbc989583b138afa46746b5e19d5e5a0 |
| SHA1 | b139a6c8af7e61d171bd5f2ae26c6e4b0e7eecc3 |
| SHA256 | 857fbd441522e6f9e6037b9e31e665451f213220109320bb31faf5fadfc0bf0e |
| SHA512 | 6dceacb35b11b2136b176203f9857c4bae742f0230a20a335e0b7830084887cd45a33b0a65ea9c8e8ebc1c4945222b1f8f990f7b09bdbc18e8dd26037c866dce |
C:\Users\Admin\AppData\Local\Temp\MIMA.exe
| MD5 | c60778eed00439f4ee33b61a6e923fac |
| SHA1 | d96356fc2690798193c47f586550178876c6e1d5 |
| SHA256 | eb7f96cab929003f11f4fe890152ac7cb52b117ce34de05ee07d6b110fd5e570 |
| SHA512 | 1e08aa9a2a45308459d8bcd68e1e0bfa90bee8bfb6b0589b717f2d9843fcaee32851ad4d711e7cb8f9ccfd57d84cf8052c1742a8cdd8b19664780f9c7f178ef4 |
C:\Users\Admin\AppData\Local\Temp\moAQ.exe
| MD5 | 4069b6a79fd3e73fc2ade0050aebee32 |
| SHA1 | 0078de3aae6c912715d5b896bea200927b47f916 |
| SHA256 | a6a3481e43a45cddbfc4c7eba612ba94322a546a591dba17ce8332e143f61005 |
| SHA512 | 3d93efa5b49125b4f58fa4b47aec90a2557600180ceea2d4ed10fe550c557820d2fbd6d102a8e4c4de5d3e389aa27199f664cd985f3490a722fec8ea2491a6f7 |
C:\Users\Admin\AppData\Local\Temp\yEwM.exe
| MD5 | 7f1e667bba2ba71c6f570d2dfb85752a |
| SHA1 | e42de50d5b2d436746296d53322788afbdb1d466 |
| SHA256 | 8f2f82da0fc27eabd202b3c475e9c8dbec55c95fe157a04af6be5b8dc6ff89b9 |
| SHA512 | 18bcd947cdb3b7ed40cba2e763fbb5a54b490cbf5df4da03e38a143a1ab11f06e9d0ecf87434c512724868943c059579276eaa11ce1c323153066032ff5dfcde |
C:\Users\Admin\AppData\Local\Temp\gUMg.exe
| MD5 | 7c0c8c6951ea651bcc984aebcd7fc0de |
| SHA1 | 93932a86ecf43bcf53dde2eeb8dd108a8b1c6799 |
| SHA256 | d246669d10497e4dd1bfdef36791a0b56cb621db4478fd64e0a00b43a101fd76 |
| SHA512 | 735755b0d9a06400192095455499d0a5ebc77d8c4660de3c47890463fdca0b323354b7d545ec59c0a11d93cdee075eb9ac0e4442eff8bc6ed6171c8bbf840fe0 |
C:\Users\Admin\AppData\Local\Temp\ykIM.exe
| MD5 | d9872bb9c3671dbabc25ba8a9f3ca21a |
| SHA1 | a329c4f392fb2eb36164025169bd438b3f6ab7ce |
| SHA256 | ebc694a4700a5eaaf6f2542f94871c84cddb026da94c0ac31613983cefc0a8e5 |
| SHA512 | a10179ec7a6b8ea30497c0e1c4196e94ab2f9380527dfcf58c658c264160e67c8d360abc26dbbfefdc0c623f38222bc982abd41b5dce87c32810b8cd34b4d66a |
C:\Users\Admin\AppData\Local\Temp\MAAY.exe
| MD5 | 9b6d98448b2b47ea092bbf8fe7516561 |
| SHA1 | f79529e2cd4a480e27ae73998e0165c279cbbcc8 |
| SHA256 | 8b42673b223da088e86058f8f8ea6a3c727db4aa643df8ea01064aa09d723ac2 |
| SHA512 | 2ba164fed91bd6c8d9bcc7f51683b0a3509923c12c2e78bef9b7b9200f7a1c294f53e916af2f101eaf79593d15ddafacfe4655f2698718899fa21fd59059aef0 |
C:\Users\Admin\AppData\Local\Temp\mkko.exe
| MD5 | 6853898bc40193b055eca5ac3eff55ac |
| SHA1 | 01327cea1792fbff3464c0c0540f6360b0ab86f8 |
| SHA256 | a13aaa3b5faef7296aaaf9460c03c68ed3536a4860c92fd7266248d9c4be2da8 |
| SHA512 | 729112f7c50b2dafbad6cdbf1632d55183fc947ef891a302b6251060a081863dcaed286c9b65328e41145ca996b46dcd7e351ddabe9f514b24d884e0e81229f2 |
C:\Users\Admin\AppData\Local\Temp\eEsG.exe
| MD5 | 1ecd2bcd4f23263148a56e81f4ffd763 |
| SHA1 | 5597a2992d9d7cf421defc7ad074ec9b38656928 |
| SHA256 | 43d8b566b90baf7cd96a1c57241eedeb87657a2ba1a1ed7474b5f54fb0fa6e75 |
| SHA512 | 4fe078f07823cf95c5d3e620d888476169ff02226d548d5421545355febd4717cf1f5664663fbe948275a649a8566dc4fb110d46959ea5b8fcdfbf4d75d24006 |
C:\Users\Admin\AppData\Local\Temp\ksIw.exe
| MD5 | 313e0a546f01e781cf074d0f0c608845 |
| SHA1 | 4dd60753cbd19f91a2f94c96ab1777d27ea4c1be |
| SHA256 | 236205b792c4ecd7aa6fd4f98ab3b9c24ca082e7aaa5764e48dcfaf5440450b3 |
| SHA512 | ac62f2857a11120c176f45ad69e4b2774155fe7e4146dbe3c562ac074195a83ff42af9a2a61f011d7ea90f08d7e6a5a6e253b40edd9ad26a35072d8e3d8473b9 |
C:\Users\Admin\AppData\Local\Temp\ogcm.exe
| MD5 | 2d604a1faf50a051de4f93e90f6515ca |
| SHA1 | 711f9c26825ba163bcbab2596ad2817ccb95c46b |
| SHA256 | f963a729c49fdf90341ae2d9f8c57f2dcf802d1f141d2027d6fd59fe57263ae2 |
| SHA512 | e928d438463b0a4ff0895a054dad98bdc4c521d6a22625d03348fb04c1f271bf36fe4df92249202c1c6702f9314a76c3c29125fb5f6703155a36efc48bbf5e77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\256.png.exe
| MD5 | 06dcc79eac97370f2ecd2aa1d08f229c |
| SHA1 | 1acae3b1c5f7e758b31f50442572a966066ce4f6 |
| SHA256 | bf79eb35a8bae74dea924822cd48c8853d1cb99cb06283aecec306374b9e1121 |
| SHA512 | 648755f3b340c47a27bbfaee6ad44c31774c5f31c6e12c0485ae33b06aa0e5c98a2d6f971a6b0feb53fe82fe534255edae5d4eea01c17be9a28574ddef08d9ab |
C:\Users\Admin\AppData\Local\Temp\akIS.exe
| MD5 | cbdbef5c7cfe9824a44951d0d43d3961 |
| SHA1 | fb4bcb0ea2c01ec96ce0e98a2cc4b8136c0a5611 |
| SHA256 | e7eea547366cd629882ab38b97bccba297baff564b18d4103b1bc44c4e3afbd8 |
| SHA512 | 8956ac26a4b5952301be0348ada4bb3e4669b6602915e7d42251cb15036e6a6baf33e9fe9aa55a987a3cbd26f8e77db6973d5457943510830d4b817f0966bbc2 |
C:\Users\Admin\AppData\Local\Temp\AQcI.exe
| MD5 | 7e160a9acac73c65e68f6d16dc45b6fe |
| SHA1 | 6e5e3e2f80670eab1e89a468ee8a3561a18442cb |
| SHA256 | fca3c1b210de9be00add3336948a81e59e1b6a68385853df1f2fdb4a92f1d55e |
| SHA512 | a153ae1639727fdd2cb5b3a4a55ad22d69c8e6c604d5738bcf5250b37d83d03b3682d5da21ef45fcfdf04a699ffb2db6080faa48fc14d6fb81f25e3442dca14d |
C:\Users\Admin\AppData\Local\Temp\QIwA.exe
| MD5 | 0f45e13acaad52eeee20f9ad308c378a |
| SHA1 | 229878158cec78c05a464ebd339e8a698202144b |
| SHA256 | 8f3113acbc4e27b585fc5d58ad30212904d4633f42c2ef0d3e47a588b3289be0 |
| SHA512 | 1e37a73f05f5cf405621ca88c5ebd877f14c35009266ab0ee142789174d35b7abd85b6fd0391406c34d3bbdb6f8236f0bd0a5e2f6e259f3c13062447273e5ed4 |
C:\Users\Admin\AppData\Local\Temp\Uokg.exe
| MD5 | a1975b9215e2a429a418ff4d7f816c0f |
| SHA1 | 9889ece44e1e8b712b7c5ef2bd3853ac1b89d265 |
| SHA256 | 1bfa4436477e164ca9661f04633ac01651a8d77190bc0f3f665ee716fe15e5aa |
| SHA512 | 21ea5e440914ed4b0a20ee63c217c33a71d51cb94f53aac68acbf8cda4cdbc10da2b4921a9d50de2d9f78bf2ef0fd6fe7431fea786ea2b06b9d0240e096eb636 |
C:\Users\Admin\AppData\Local\Temp\Kwca.exe
| MD5 | c90c9888c0e2a660663e54b9de5aeaaa |
| SHA1 | dc969577c3139a09f41fb0797803622b06b53207 |
| SHA256 | 0db62b345a8138e52317b1d475c8472f57d96c50139a9421d3ccd76ef54a4d26 |
| SHA512 | 6d5afd8cf40532e9a18d5ba2f1ec57315e66d419ca3f5fbf77f6600557f1de891e3bb81be854f8fc9336d6b543dcb9230050c910ddab48ee8b6d4481ead8198b |
C:\Users\Admin\AppData\Local\Temp\yUsW.exe
| MD5 | fc196b06cf0572f0c2cc88001d5a14fa |
| SHA1 | d0a84e6957531ba1f2b052d9bea13a229a94dd7d |
| SHA256 | dc93f95e11e456299220637bf0a6db5304df6db0fe9f2e824570fb1191a8842e |
| SHA512 | 234e7deb0770a7f61850a2442bfaf5cde476aaf99399bef37ee13d9cdd25ff883dc5fd157d1a47fc14174c5252f02f780cb6bd08b4a77d0aa0fd800fe71df78c |
C:\Users\Admin\AppData\Local\Temp\uMkA.exe
| MD5 | 0b5feb6138f1611f75b3012e111a84fe |
| SHA1 | 682bf45cd66f4b0e882db49c39192b1dc2e91cb1 |
| SHA256 | 88bf4ad32d6195c47aa072f38ed3224dad33ecacf829850e46799d9763e0270a |
| SHA512 | e7a1553eae8d78392de64173f3a676bb1a27d18f55ca34e4705c886feac1ba61b65b9b5480d860d61b1ee258d34d3d1974e3cf97b4e43da7cece246d78fa31e1 |
C:\Users\Admin\AppData\Local\Temp\iwgE.exe
| MD5 | 7d0305f5d371e3c84c9f380fc12b577b |
| SHA1 | 446da70f744fae4718fe4093d756b3ca38836c24 |
| SHA256 | dcadf0de0f107551b78c98c546d4be3f214960cf33f7f273aa476123287d7905 |
| SHA512 | 30b344871819273e1cc3b49d15b46fcf6a15a1f736b28ac64598f78b998a721d2378581ce2089fc70dae4716bdaa26e4fc6654f91ea4b2bfd4168a498909ab83 |
C:\Users\Admin\AppData\Local\Temp\SAUs.exe
| MD5 | b55f3336272a80041555f05350ccf7cb |
| SHA1 | a8c989a4fd9dcc00aee3b3ddeb843a3419c520cc |
| SHA256 | 3682cd1be1d93e8ce92bc9b2affc5ea71e266c29e1bf92768da04cd7dcfeec9a |
| SHA512 | a407953ab57cab820150b8d784ae8a59f665c44d6e514e6f7ce69a27b4f42fac86042979f487cfddaeea96b4db7bf83ff8b91436b2fbe5405fa0e17ee1332e68 |
C:\Users\Admin\AppData\Local\Temp\ecIM.exe
| MD5 | 1a4a5cde6850fe5e8355a49944f2e520 |
| SHA1 | a58cc012e2f6ca4c8b53c0ecac133da88f9e7685 |
| SHA256 | a5397940d383b29fa3d340ae578e87a55d05b434557f983b615f298608961e19 |
| SHA512 | 02d6828b93a00f4636584c085056ea285a4817efa12978c0a2de2250ef9631ef5cee832c08bea7b5783a8ea5b4285db09c02346b3f5e45c3f3272add63903331 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMLockedFileToast.png.exe
| MD5 | 2e28ce4640d05b3faa21ba64b53b9f9b |
| SHA1 | bd1ff7b3034e7e4b2101e93b556f74c69ed606a7 |
| SHA256 | 30cd6785edd518b74d8ceed07baded5627e8fd42e33db3238ef25e1098b1d3a0 |
| SHA512 | b4cf64a6341da5d5458b213b95cf2632b6521e90aa098d825069fc9b5f4027f6a49d966969547b910fcdbb5bcc275250139485ec2fb8213b3a449773595625bc |
C:\Users\Admin\AppData\Local\Temp\mUgI.exe
| MD5 | 306b99b490a8578bb0848ff35c171900 |
| SHA1 | b0c79ad8b049c2b608581351e6a333dd53a6c980 |
| SHA256 | 6ee67528bfca6aa7c711f4a7a7a8cdfe455ade2c772fa3994f5c4c2be9fbe592 |
| SHA512 | 79a61cbd2e28c3569629418ecee3db3b8f99cb0d45fb92fbbef820f36987538abbfad7a4e992b50f5b75abcd9fa3786ea14b82850d52d68c677df71337daa25d |
C:\Users\Admin\AppData\Local\Temp\sUEI.exe
| MD5 | 12cd80b56605a1dd1e5c710b850e795f |
| SHA1 | fa6ce5fd1795513a5e2aecd60b17c9f508c95b95 |
| SHA256 | a475e11d0d647de81e54542f81c0071e128338fbce3301bbbef8f7e6f116becc |
| SHA512 | 93f10f9ca7fb5fb53e95b7c7966d4dca5b1866d35649a3baa757426dfda7fd44859b2f98a58e1466e009c5990f48637910c35db0eeedfa1b8b8cd4fd25d180d0 |
C:\Users\Admin\AppData\Local\Temp\WIkc.exe
| MD5 | a310956ae72f236b5449fab602ceb742 |
| SHA1 | c15fbd1805942960ccdcb878093a7810eb6a04a7 |
| SHA256 | f22a0640f4e841c8954b5890bb5565fe84d96569095565f8d22a0a7bd105d484 |
| SHA512 | 3b510b11cae440181063567253d1d0fb3ced55c443e0f5a0176c877bf57d8534a464d7c5c4b99b9017602a9b1b6087476bf17e84dae377f40f8854fe7a5162f4 |
C:\Users\Admin\AppData\Local\Temp\kIQS.exe
| MD5 | 85a28038ed91cfc2f011590802413345 |
| SHA1 | 3598467383913a686f123b139cd49a5076264765 |
| SHA256 | 4d018a7eca7ff66161a7bff5389841ad46c135dd911755c83d4437d97ac19dff |
| SHA512 | 27ca75b54414a2b8701bad8aaf33edec697d823ed200a81d1bb958aedd9adf45275c8abacf15e1550fc933af91795d85096d4783c092ba57f599050c65b3a47e |
C:\Users\Admin\AppData\Local\Temp\UsUW.exe
| MD5 | bce31c41059c98e8f2ce9c6eae0b00ec |
| SHA1 | 6ce1fb751c34c351662df86ff1ca97f1f001e581 |
| SHA256 | eeb7de53f39e069a349cceeba119e3044f6730e0a0574b5fcb8fe7a20fbb827f |
| SHA512 | 55f4764c8db9a0d6519aa86f84c438d31c23a3a7d0e3f335bae0e2fc315a7fd5d4fc6ffd276b52ec6caef4f3b302bc0c957884dedde41b5b3fbb1af5094ea9fe |
C:\Users\Admin\AppData\Local\Temp\YMUo.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\wUEQ.exe
| MD5 | d31893b6e57f8be60d05526d4a0b0d64 |
| SHA1 | 4a1d857c7221b493f90daa6122db363ae95c92c4 |
| SHA256 | 852c54e6854d7f1875e5709c763ee1f062d965da419770f4fa21d1456ca7b0b5 |
| SHA512 | e03500b5b76d3b8eeff812594426bd4e419375041b31766e54b4059bd288524ef23ac5253265ad5dacb19e0d043cc561ac6b9f4ea4ab4ce4bebef35c5849f211 |
C:\Users\Admin\AppData\Local\Temp\mQkO.exe
| MD5 | 535597e09b838d3a11e5e77038fecbef |
| SHA1 | 6520e6331758dc418412341be268731d4f887961 |
| SHA256 | e59a32a6a5c2a3ff9ca1f5e3cadd8bfc617da83ca3be3df19d7d9e686aa53c2d |
| SHA512 | 3a3539cce240f3933fe91347871fdcba5bd58a6beb5746008df686e61a28b69d480bd33db3622b220fbbf923a984507664b440ec5194b4807ec67e914260b198 |
C:\Users\Admin\AppData\Local\Temp\iQIW.exe
| MD5 | f9d7a58dd452ae83ae2997491c90f612 |
| SHA1 | d166a53dee0b9df25a1ab32a8709c964bedd6e71 |
| SHA256 | 558275aa5c2d6dd041f4cbf99412136ded84bbe881351f0bcf6b363ed76821b8 |
| SHA512 | ce9f5d47c73bb823136018bbc2821b348857269f6e7d9818b6c40c42c25729e6c7fdfaa6358710a19fe730702f93a9a6f00fec991763adc96c4955bd04dd721f |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.exe
| MD5 | 2ac6e3aa3c4a1f69be0c94e0b9ba8bfc |
| SHA1 | d12df934627e399c099a493dd7c340a423ec8441 |
| SHA256 | f53d1521b573da1f460d16128ce07e7b6f2331c2e6af3add22e57974566a994b |
| SHA512 | 2df421e9512dc9d30a7f5f4338b562ba7cb6f236726b6adbce45a70911675a1fd4351ef8a757c327dc344c1b136802d5aa451d7d982e1228af7f179c83af7989 |
C:\Users\Admin\AppData\Local\Temp\mQAW.exe
| MD5 | 0e798069b5bca36b48ce8aafbcf6ceb0 |
| SHA1 | 1d391184336bb27537e6acfdaf9ed1fec094f264 |
| SHA256 | d0967a92ba5eb1b69c158214e1b1e3100c3ed0b7e5e3381716387862952b6a99 |
| SHA512 | 17eb746092e35c9d11037024e21d84596d61838315166f4fd88db0ede6d155ae600922aef002063092906591e651c1e44452bc11916fba6d3e2a7dc0422c8560 |
C:\Users\Admin\AppData\Local\Temp\IEwk.exe
| MD5 | 0f1ca3916c2342113284f810d50a2f7a |
| SHA1 | f0ea815fb98e9dd1836a5cb9ef17073f873b1f86 |
| SHA256 | 8cee9a6d154c99b936d03e2c5cb524a54dc37ce4d3a1ae77689553c284fc6478 |
| SHA512 | 6c9928703cb8c3312789689a3c528aec0edcb2df196b5403b19cda905644ddebf7016cc54339195a9142f1dcdfb9c57aa03a911569cec332fd19818fe88d9259 |
C:\Users\Admin\AppData\Local\Temp\QAMy.exe
| MD5 | 4119276c2c060e1be77c1c70ed7c003a |
| SHA1 | 030d7096e5d098e2bf8253203b413e113d94e404 |
| SHA256 | e603be4ebdd4d0532973d6af4c771024f88d2a5cea2862f0c47b1ef25369a99a |
| SHA512 | 80dab1f018a38a6e6af2496f7a4b7da585ab31394ed3046ff1680b33e96d5e578a804e23c55640e1349ab8fdcde43d8df8a3919bd95781405f4e0f7772384057 |
C:\Users\Admin\AppData\Local\Temp\aIoK.exe
| MD5 | 268b821e55c2d5bfa476189e63f7d78a |
| SHA1 | 3bf8baf02f7901baa57f367588595c1779405862 |
| SHA256 | a085979105086f251eaa8ddcdec2e8909b3b9dc605bee5dd331534da7b93ed6d |
| SHA512 | f6550bf592a02eaf679ff3efdcf0db4fdd86e3eb289169a806a3736527dd1b3e9e13bdc5cfe40bd999b48eaa433447a91bc23b0ed4f2a898d379f30470ee0318 |
C:\Users\Admin\AppData\Local\Temp\QYIk.exe
| MD5 | 86a61acafe3fee785dc531d86aceb79c |
| SHA1 | e0cdbcfbb1633e9cd6b0362215d1017a0abd5eb3 |
| SHA256 | bdd3e67e8e05fa8db0371cd0a8c912edad4519be735f5615d28796fafc9b0922 |
| SHA512 | 25cfd4c095c80a58a2f2a6029768ca8dc3315ba2e4e9721ced69305412164889d5eb829a8d48cf56baa38f6b19d69171ccd7f8931694a70bdba871cb65cc2562 |
C:\Users\Admin\AppData\Local\Temp\SEMy.exe
| MD5 | a92f895beaf7c61fbdc7ec898b2270e4 |
| SHA1 | 90a999012f63a376d33c781547329d79cba248b3 |
| SHA256 | e26c6cac5b93b8b9541552b41ae3a9d43130934d4a1c3637afdb9f3c07298faf |
| SHA512 | 1ae42ee3407317785e86de17644dd73441262ea60132fdee0de105a91be30a958bb5442ed05dd8b3035cbb3c4550aabeb641861b182494a725368b3cfa8f3593 |
C:\Users\Admin\AppData\Local\Temp\IkAs.exe
| MD5 | 9a229974a5fe0c844abb51126a62d8ba |
| SHA1 | 29ba4d4d0454959bd27a3e44a5dff1a809f0a305 |
| SHA256 | 290396ec42d82bbaf7a7e6865ad2329059ac11802ad4bd06033340a5b3647e77 |
| SHA512 | b9744e026a0ec28343e3f7a853e6f1b7bfbd2462f460c8fc0550571613d7ee386639b323e381aa7624071b844c72b6a79e8da2a5869f92c10808f1f1bcb0228e |
C:\Users\Admin\AppData\Local\Temp\ssYA.exe
| MD5 | 3b0e86a833e757ec38916106c1d9e06b |
| SHA1 | 83b2ae1a5da80ef6bb0daa7a53e4dca74bfb47c7 |
| SHA256 | 57231f7991467cc6823824f064536ab533711d2e62a74ba0a1318956a9e0ae0a |
| SHA512 | c0a59f02944e29073101047447f15ddc0d3f141df00bb249f40ae93871fb73a1f2ab24f290ff6dc0060bab84936a87359c7ca3eb27d6fe6ff337f4b30714a85e |
C:\Users\Admin\AppData\Local\Temp\cUkS.exe
| MD5 | 6113f03c7dcb843beb9cd900eb5a4569 |
| SHA1 | a8bf970aefa72bbd7d26dfb9a6a1e576030b51c8 |
| SHA256 | 6a69a0ffbd4b83e132c736d61b4ab5457c15e059dc99614a5164b4f64e6348bd |
| SHA512 | 03c0a0eb06df7e13eef586b6028ead7a10b4c9fa95e2ec70e9cac042e7fe36527365759738d4ed3475c270e4cd667edb8a0bb243a8beb9e26b8554a565220879 |
C:\Users\Admin\AppData\Local\Temp\mkAS.exe
| MD5 | e6070f56a1bf39e448e53d065a294398 |
| SHA1 | 67d4affede3f735cc6f536e02b8fe72365680038 |
| SHA256 | 4f629f25a8504659c70770e94b7baa2618a1e299e65d603b830c41a02c9dbc0a |
| SHA512 | fb727a38e9421e26dd5aef0f2179492def072bfde50861d9672d311544f4e317b557f63281cb835ed14f30484982b555764802db3725b3282b5c4567d7f68551 |
C:\Users\Admin\AppData\Local\Temp\CYcM.exe
| MD5 | e34dcc1af6e9fae09baf4b8b6ebd0777 |
| SHA1 | 371d438d10bd55b0e9dab8719bc2d4ef313b58ce |
| SHA256 | d69d6347f2ee595d38132a1c172a344bfc872a3168aca8e74d56d3a24983b7ed |
| SHA512 | 11934802d3eec0e2011db20a5dee2e775b21994635ce3b60543adb6ea4bf9e434cdb56bdbcc91142b488e98d03cadd54aba107cdb2c7875d1d44dad36aeee25b |
C:\Users\Admin\AppData\Local\Temp\agcO.exe
| MD5 | d07b15c31abf2effaf803464fd871576 |
| SHA1 | a2342504f1336edc61e362ac6875e8525d0aa029 |
| SHA256 | 910f0fbab2a192aa02648331c6d2aa5755c23d02f2eb2df75518369b4dffa7f1 |
| SHA512 | 9208b2670f2d69154ab102f7e48843d12945124d6d89ae933dc69fc4827ab44fad95c1b3cda0acd7884367a595d3dcfc78f51df1b931bfbbe5b58ad963747b35 |
C:\Users\Admin\AppData\Local\Temp\cIUk.exe
| MD5 | c4d0fff6f1bbb55ddebd3ee123531bc9 |
| SHA1 | 4bdf9ff4d9e6d16a965ce9690529735b92cc78b9 |
| SHA256 | aaef2d1669e7d99dd25dcd7090f2dfcaf5c516088a1165434711a563d6d56134 |
| SHA512 | ed790b0fc53cee9944c6d655d541323857ea711cffaaca9cc5ba4e0e973c04e16cde0320a369d16f62ef2f6b5d753119ccdadb7398557371104d3de0edb9fa61 |
C:\Users\Admin\AppData\Local\Temp\GkIk.exe
| MD5 | e7122d67a4bd15ea289b14c29698f2ed |
| SHA1 | 157b1678e14534ed13291c3230f2c521c7e4debf |
| SHA256 | 5e7c613f578107dae8a4306d7a8c6423e04f2cabf63b3f4d2c42490ef593a250 |
| SHA512 | c5b18c53f4b4e27d531c5f8e984ea1c1a9eefa551386a1a6f80a3d1930074b9567f21f1c5e5e7fde0048fbbddc044445afa071ba9cbb55a42133b510dd1ffd9a |
C:\Users\Admin\AppData\Local\Temp\mkMc.exe
| MD5 | 176022a1e16cb813fc577e1986aa3b2c |
| SHA1 | cdc89b03963c2b7fcf5cfb7495d018d800ae223a |
| SHA256 | 6aa2bb34cc6c804e08e1c0324c1b1cdd0ea9971fbdda0c943942ebe712f34ca3 |
| SHA512 | 429466c78383e381b17cb1268b96415bc518723c27def450dd45854feb33410a488f2211d248b3a020e90fc4f13a453faaa6d5e5f1908913fbfe0fea1deafdd0 |
C:\Users\Admin\AppData\Local\Temp\GUEY.exe
| MD5 | 5f1b01a11f8ce443eecdfcd854242a05 |
| SHA1 | b97267f255499a11e340edd84338dcb8d8dc8a6b |
| SHA256 | 0d14e870bda76ddfba5ad669d436f00462724df36a8c49fb2ad788e7c9ccde78 |
| SHA512 | dbce3507f4a8854bbf7b31d75e0bece67c9dd7edecef35cecd35fa2654ad9b6be944a632c063daf4abc5edc8de3d25b19cc6a34953f7d4655ac885440d3c971d |
C:\Users\Admin\AppData\Local\Temp\scYK.exe
| MD5 | 74fc2c204999bb80d8c9bf1cd81817c2 |
| SHA1 | 7ec1fe0ffa9666652e39dce78d884a85a57c1274 |
| SHA256 | f1cc9f04ac1b2e86b14ea69427791ba4fe72a90ee763a87ca7085186c3031ba4 |
| SHA512 | 3f5f28b3c2b56e69ef1ff75ecd44cd5ae354e9e246ec663e03048d7c55b2c513c43ad7fb258bd132f74a65fb3551050c138181e9282c6e1dd9f673aa86eea8e4 |
C:\Users\Admin\AppData\Local\Temp\eEME.exe
| MD5 | e3ed97223711f6d4507d60146a50de6e |
| SHA1 | ee059eadc80404dda9718988ba86d59706e1dcf6 |
| SHA256 | fa19be588f04ff22043d2bb4235b70d07d9ccfd746c31daf77f3ac41740180a3 |
| SHA512 | c29ed2c89c9dc69ee250612b2e9aae22bb979da6da6c837ddb6fab784c448662426479ac9a8b2a370cd55c90d51e4ce658adc9dd736c881e09891d4a001f16b6 |
C:\Users\Admin\AppData\Local\Temp\scEW.exe
| MD5 | 2e1ebed78be86c978de136cb31b3861f |
| SHA1 | 529e15b6bb17cb4f016cacb3163f57ed3fa4299b |
| SHA256 | dc35f05ee74fd072e75c1da926bbbb7dff24833660cbe121906e6ec59b9480c7 |
| SHA512 | f135ea4ed469886d71fa8c962cee1ac52031210a3fae036d78137ab7009bc51848ef464c0b27ac8a61cd06e69eeb3d1eb378734e7c68ec90c1fb25fe5d664697 |
C:\Users\Admin\AppData\Local\Temp\SIog.exe
| MD5 | ab827dfff77a80e778caeb58437e903f |
| SHA1 | 3568f6506b1a52720c423f8419f8b686a2fd6469 |
| SHA256 | d605d24a1a3d68fde283c7a1d2dbcc16cfe5b226688f3e2d23e29b1575c3b9f4 |
| SHA512 | f467b58bf6e59bc99813f9a55d3e520d7bb3bf8cac3bfe9bd070770265c11627dc538bb5c15e323d172b6fc0fe9514f063fa025574e8564e3771d0d3f7bda24d |
C:\Users\Admin\AppData\Local\Temp\QQAc.exe
| MD5 | 9366abd387dd398a527e62dcba2f465f |
| SHA1 | dff8806d1bb559a1c772332de31cdaa941672193 |
| SHA256 | 6e1e0286d66832f97c67746c85ba64ac92c98ddb73bfada7110bf7be789653d1 |
| SHA512 | b9351e543230c76dd16288e87285a21fa65f11ee1617e3976dde46adc707fd5cc42f61605fcfac5020a0f6bb9753c8a8541b383be9ea4a0df5b8a21253e7c380 |
C:\Users\Admin\AppData\Local\Temp\uEsw.exe
| MD5 | 4a7e236c1343480d48e8937ada843b8d |
| SHA1 | fcf7d27cb67042e63b98fd2c52d422f84939364a |
| SHA256 | 0eac094d732890c17025fda678a723ed98c9826cb68c7057f1995838051849af |
| SHA512 | 8ee8480b7431c8598b002f13c836157cdcdc2c40416f1438c8e7fd74d569657c91abf44b02cc9bcedbb0c79549bde35840895d25a1a8c4950b29007ba820db72 |
C:\Users\Admin\AppData\Local\Temp\YQEu.exe
| MD5 | 1fbcefb81b0de67ea6b32844659e57e0 |
| SHA1 | 8c3035f2a28e101bfd50f5691e8c639a664f0a19 |
| SHA256 | e7bd3496c751ce64821a5377f7cb2295a204b03a6dd2862d16db72538bb84138 |
| SHA512 | b7edbbfaacc808a2c27d879da54c9459b8d14e8431e3b9eefe5bf601a1860d648ae5d3e69abd65596388e7095d16d337b41850eabd987516b2e6ad4293b3dfaa |
C:\Users\Admin\AppData\Local\Temp\mwQC.exe
| MD5 | 8f2ec48dc28d7fb5e125c8c1ba9a48e6 |
| SHA1 | 09b235d7032e0ee935f78c8a743051495a00ae43 |
| SHA256 | 32ccb0911e6e83d8eac37e0258c679c9019a58973d1a4306288f2c0b1dca2a19 |
| SHA512 | 0038297584a291038d243f38f576fd2dc1a68dc4e877b99a1596294bfe3c5aa1941b4135323c0a45c8962d05d82a38b9664c87ab6081c72ef5a54ad6fc472d2a |
C:\Users\Admin\AppData\Local\Temp\yMYu.exe
| MD5 | 391a1b673ca84aa119c6a892f3f3a346 |
| SHA1 | af93814291aa642c882dddd525ea56bfe9993727 |
| SHA256 | c06c1a3b0e0536c5ebd3d01a0a0d4783b54b345359a9ad8675c34b4718b8cd34 |
| SHA512 | 88ace4b0984334190aa93ce2050e707941a2ad9eada0111015f6276b9ca064a2b02ced4158da53067fdfa09dc4d35fdc1a8835358ad264278fed9834c4a66e66 |
C:\Users\Admin\AppData\Local\Temp\IcIQ.exe
| MD5 | 09b30ef9cbc778e914df06593f5060bc |
| SHA1 | 60f3d333d5bc72c934ce1c8fc23d7b37e4c91d78 |
| SHA256 | 87b0a759b07bfbac4cbcf9271350f1afaba0e3c572bec1b806013c80a1348d4a |
| SHA512 | 85048e4b217d48323fbb0e14d4dbd465b24f793862f213b6fe62659c2fc55aaf60fb6bad896a9862cbe048f5df361a662de386e82ea2a388a28abfd9e2bf6b0a |
C:\Users\Admin\AppData\Local\Temp\UcQG.exe
| MD5 | 8f9c919d7583acf21bfeee7ca03e0df5 |
| SHA1 | 519ebe8b344fec76223d4e6b5c5d1f59cef8aa0f |
| SHA256 | a13a9b92c16d2061636b9b7d9849210e07ff61d5e33993eec20bbe28260f8e7c |
| SHA512 | 3b869cf4aee5e0880de0c319e949b15c50242b01ced71b58c32e03ef7f61fc10e32f3836d3a29355fe5ccff5a4a38e146a37c99555db2be8eafe48572d112daa |
C:\Users\Admin\AppData\Local\Temp\skMu.exe
| MD5 | 6ff25cbdef3a9d3d8645980eef4a991e |
| SHA1 | 5483da422ad30fe35ff201d2b255f11a98ee89b5 |
| SHA256 | 16d6c791b2eabefc238c7b8649f59e277bc6571900296c4c080c55ceacd17209 |
| SHA512 | 58451e525fad2d64031d2a15aef2bc7c647524c56c777d82ff54dd6458b5c826e29425288a43ed527b5434a643b3ba419ebc389c3933d55ca06a480a9e62dcbe |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | be3879ca1115fc04a5bd9b1c9dbbc76a |
| SHA1 | 23e7390aad674bcfe9768da8fb3641f1fd39c4ae |
| SHA256 | ef4d82ee87be27ff9f5b07389ac5c141c3484ac74df9b19730548965eb7e633b |
| SHA512 | 401a579d10677ebc82be8271703d56eb06c52407585331755b8220b6d1e6105d94b36ab8e07f3d4050f6cc1fe0d8c70fb3ca8000c6358b3e23c3077afb1f720b |
C:\Users\Admin\AppData\Local\Temp\EoUo.exe
| MD5 | 9f9bcffba7573938a9fdf14f9885ac93 |
| SHA1 | 2e56c46f186d2fa187e4e86f5aa9bf2fe87459f3 |
| SHA256 | a730358b3ddd713fce8cff4c85083514a126b0914dc683e2b5d248b73f33faa6 |
| SHA512 | d2c61819883d8e7f53f99550049ae72cc37424fe78721aa1e376b5986b0fb6b7dc5ff7f3c768ed0ce82571eb960bf9fdff4c0f7be9620b4b6b8c30ae5065dcfb |
C:\Users\Admin\AppData\Local\Temp\WQgO.exe
| MD5 | b6ec49f27485e8aec3acd8275580e10e |
| SHA1 | 0bb0c8c41e343bd5cf387f6998cf9a356d3413d0 |
| SHA256 | aaaa2fb51647e3667a1062cc07307561266fe0406b0cd8ab569af377182c7822 |
| SHA512 | 07a4cb9c8eac4507bc3e17ca5d4112aa715fe8aa99efd04db2664877b9c2d90ca3479c60d93bdc066e64ef0adae9907952a68e93feb3e952459a775f4f71706d |
C:\Users\Admin\BGswwogo\OUoYIogw.inf
| MD5 | 30dbe54848f1b9dd349ed09229edaa52 |
| SHA1 | 309acbdfd533776d88d4d6b9eb8cbbee5f6e1b45 |
| SHA256 | e7a2adf134b59ea6fb2e8c3367d478a02e82524d862b679cbf687b502047facd |
| SHA512 | e9d93776c8736490119fbcb0c1a19fd44abcfead6173b4a6472049b7e4ee985b6278342a13b53f88e9c6d1d7beeda54d7ed91d12381155aec7e2ec4630166e66 |
C:\Users\Admin\BGswwogo\OUoYIogw.inf
| MD5 | aec36a8a341105d4f09b084528a382f3 |
| SHA1 | 683202185c4e2d8d8b706bca45099457d6239526 |
| SHA256 | b128a28207030357d6f3534ca00568c9d683315166ac4d08579c9f337a325155 |
| SHA512 | 55dfe17acbc4fe114d70338a146188828e183229abad02408834102d000684b11d9e2be176feaa0f34b9e464fa09946c178a637bb525a83d43daf2f6485f590b |
C:\Users\Admin\BGswwogo\OUoYIogw.inf
| MD5 | 16962404d8ac0b8810ff93666d77fc0d |
| SHA1 | 3f843513c9a18fb821567a631226a7f5fff52416 |
| SHA256 | 529705d920b132086aa981ae0e4a7af62ee1f015b083a7205e441f56b51a72c0 |
| SHA512 | 36f74aaba6db839794096122ec9d2cdc4271e3fa9325e30a377e64ad6bf529be0ced0d86c3064afcf6a79ba17665ada6c570b2958da4175743dd6cf6996f5c75 |
C:\Users\Admin\BGswwogo\OUoYIogw.inf
| MD5 | 29fa93d6a35ce8842e9b59d7921f1abf |
| SHA1 | 7216e0823e063335f99f6efa0fad1071fc85d489 |
| SHA256 | 05805d17eb6f429054e9f8ceeef513c64de9eded700daca9c14a8dd9b97e8887 |
| SHA512 | 5e8ffd71646644b696eeaf67ccfeef14970bfa838fd27a8366efd8dcd809895e28622b668d4f398550e07f9dfbd7c877ef50de01949fed61dff407fbedea2390 |
C:\Users\Admin\BGswwogo\OUoYIogw.inf
| MD5 | d3f55f7c5992b21f02f5313794265d79 |
| SHA1 | 952f3a0c5dbf32f9124ced524a99edcf5a7c2146 |
| SHA256 | bd46e7c6614487defbb582acb0ed2458c14c7932e5b2dda9c17707a1af8d5bfd |
| SHA512 | 342acc03d82d49ab00d8c0fc8ae9bfe45da4fe6de5ad5c726effef0eac25aa7ce996f9827847953e9ae28314c0bfbfe69dda9408faeb9ffe41647eb4f8ff5882 |
C:\Users\Admin\BGswwogo\OUoYIogw.inf
| MD5 | 2a800ba50b63e640f5fa1432e24d7722 |
| SHA1 | 94e55b96e2f80b684ec647d56814f8e3fadaddda |
| SHA256 | c0a25f9e046a684f130c6558bd2734893f68795bfbb7351cce9929bcfeb2424b |
| SHA512 | ea275ee9474f6f5b47ca9f30ed0fcdde336250c9e9375a49b505b0217632feb05d4cbd20e3327ed24faf6013949bedbf6320217b55f644248ea8f63562e7d01a |
C:\ProgramData\zOQcssQk\DYMUoAEs.inf
| MD5 | 0f818b956dfdb527a5957a26b8c96f84 |
| SHA1 | 2cc857d12f433945128642e319e95a9af1806cac |
| SHA256 | 52fc79f5b31bbd5ce2cbc5b31fd5b16ba12f4d7ea5b9a6ddd37232c95b0ea986 |
| SHA512 | 03c626ad4f6e0e0a6caa577c5b64bb234d55c21e0eafb762b2a2bd117ff8b495a8cee3e239d6e04cd2abd95d932d1516dfef98ac7a2f7b64a569db29ba3c9510 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-05-18 12:04
Reported
2025-05-18 12:06
Platform
win11-20250502-en
Max time kernel
150s
Max time network
103s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (84) files with added filename extension
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\BmsgoMkE\amggEAoQ.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\Users\Admin\BmsgoMkE\amggEAoQ.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Run\amggEAoQ.exe = "C:\\Users\\Admin\\BmsgoMkE\\amggEAoQ.exe" | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CYoUsEgE.exe = "C:\\ProgramData\\xOUkAggE\\CYoUsEgE.exe" | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Run\amggEAoQ.exe = "C:\\Users\\Admin\\BmsgoMkE\\amggEAoQ.exe" | C:\Users\Admin\BmsgoMkE\amggEAoQ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CYoUsEgE.exe = "C:\\ProgramData\\xOUkAggE\\CYoUsEgE.exe" | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3588213599-686740421-4058676312-1000\Software\Microsoft\Windows\CurrentVersion\Run\amggEAoQ.exe = "C:\\Users\\Admin\\BmsgoMkE\\amggEAoQ.exe" | C:\Users\Admin\BmsgoMkE\amggEAoQ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CYoUsEgE.exe = "C:\\ProgramData\\xOUkAggE\\CYoUsEgE.exe" | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\BmsgoMkE\amggEAoQ.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\BmsgoMkE\amggEAoQ.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
| N/A | N/A | C:\ProgramData\xOUkAggE\CYoUsEgE.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe"
C:\Users\Admin\BmsgoMkE\amggEAoQ.exe
"C:\Users\Admin\BmsgoMkE\amggEAoQ.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\BmsgoMkE\amggEAoQ.exe
C:\ProgramData\xOUkAggE\CYoUsEgE.exe
"C:\ProgramData\xOUkAggE\CYoUsEgE.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\xOUkAggE\CYoUsEgE.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lgooogAk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\ProgramData\xOUkAggE\CYoUsEgE.exe
C:\ProgramData\xOUkAggE\CYoUsEgE.exe
C:\Users\Admin\BmsgoMkE\amggEAoQ.exe
C:\Users\Admin\BmsgoMkE\amggEAoQ.exe
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MEQQsIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uOQQgEYc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cicAAUAY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pWkoEssQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dgwgowso.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BmAgMYUg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qAUwEIEA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YosUMcIw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iSEsAkAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AYkIUUcY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lKMMAgQo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LuoIwwcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lasYMwss.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SMsoEUYE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EaskQAIg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\soocscQw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KAgMAAwU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NoocwsMY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JeMYQwsM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FoswMcco.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VisEAwwE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KiooMUss.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IIYQUEwI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IYAsYIEw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xyAIYgMM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fqEcwwwk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PgkAoYoE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TMUoccoM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MAokEIME.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uMIUkoUA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uewowskw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fckQscks.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RqIsEIcg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vkgQwIIw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\psYEccoc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oGMEMUYs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IakIcEAM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CagkYcYo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fOwYwkks.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DgMoAQMI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jOAkwUUc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BiogoMko.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QuwAkAAY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OokkgYwE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wKgooIYg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\teAoYYwY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zSkogggg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bUcYQgMs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zCEwYkEo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WkAIIssI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YcsoIkoM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QyoUkEEA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xigQYUco.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DGQsskwk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lGoYMwoM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bUcogAYU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oyEIwcAs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YEYoMQok.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uukEoIUw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GYQQQsAw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zYckgwMI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FegAkUUc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nYAUkEEU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PmAAcAkw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OOEwIkwI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iqskAAsc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WKgoUAQc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qeQcIogg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VkcQcgcU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rGAsAowg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jwgIIwEA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vgsoosUo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aQgcocwE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UQUQkUQo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uukYIAMk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rwocMMsc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nYsIcwoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xeAMogQE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jaEEIMMU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eEoIwMok.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EIUUEkYo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GqIcwgsU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MeoQYYcE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BAAwQAYg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LAsscQsk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xyEUAgME.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OqksocEE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IsAokcMI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GcgUgAwI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aKMIIYAw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\legkYsso.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DucgMUwY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JGwkIgcs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iWAYAAgY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qwQMwAgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aQIQsQsw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bsYUEwYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xkEIoEAk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\loIUMcUk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XSkgQYcM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iYUMEssM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SwQsQMIA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\goQMkgEc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TuocEIQM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TsIcgcUo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HUoIUIMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JQQgogcc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YIAoMMwg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UgQIcwMs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eSkEgksE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cMwcQckY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RQkAAsAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZKEsooEE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZsEwgcAg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bmIEQUEs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mgEQkwow.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uyAYYEgg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UqwkUIoE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qEoUgMwc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HgMgMwAo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PEUYEYAg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\taAAockE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\viUMEsUM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sUIoMMIM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yewsIYQE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AagYUYoo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Tiwcscsk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jwocQIUw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RokcQoIc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BOYUskoA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ewEAwIAk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYIsUwkU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GMMYAEYI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\syUsAIEU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nIcIscwA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.16.238:80 | google.com | tcp |
| GB | 172.217.16.238:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.16.238:80 | google.com | tcp |
| GB | 172.217.16.238:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/5992-0-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\BmsgoMkE\amggEAoQ.exe
| MD5 | c8c4875f53f2199bad7a11a5ff1a6f35 |
| SHA1 | 5f0b1b9a3000c5d1e416c11524a0e43fdce5e49d |
| SHA256 | e1ed983a7c5b56add508390221b4a86d4798d347ff818aa72085b7497b3a6127 |
| SHA512 | b84144f945d3b7e7d078d9dbd3d1fce44a865f585fb9135ddd535018c1a642b09dd1c51962aa4150b7236dee047ab4faa2f201dd43c43cf131406c2710249ee6 |
memory/5132-5-0x0000000000400000-0x0000000000430000-memory.dmp
C:\ProgramData\xOUkAggE\CYoUsEgE.exe
| MD5 | e73dfc6c5a5dcec0afb0fbaa45e33206 |
| SHA1 | cf56ea6db53819f30d0dd960c9cdc45c903f83ec |
| SHA256 | e180528e5d6ae7b0b5a04473aa5c881b8eb09779f9b0a1d39b29329fe245eeee |
| SHA512 | ef54662d654152e1791e3b994b5e84a81fcd5be85a439bfba184d0fd92faa822a8e9005a3a96c14036806e8f4464548c993c47b25caef19cf99fb3682a5e2b58 |
memory/5388-15-0x0000000000400000-0x0000000000431000-memory.dmp
memory/5992-19-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4880-22-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4980-24-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lgooogAk.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
| MD5 | 96b5a5aa81cddc217e02a83da419a8ea |
| SHA1 | 2f005ac25837210b71780fbf0d44b1b1da873749 |
| SHA256 | 50bc79f388a6f6a3abfd401ede993aa67626207b6ab63320fd44879ef73fda3c |
| SHA512 | bcbfe061efd4a2e60ae16f0ff2432411b3a23b5644f52b596e9b47d699933683c93e0174107520b60c010504c070bbc41aa3b704798ef400c3ddd814fde271cc |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\BmsgoMkE\amggEAoQ.inf
| MD5 | 654c7261fb94f697ac39a48c3b71671b |
| SHA1 | a760d272e7171b8512b9acb67c023c8750a53dad |
| SHA256 | c0d7c759733bb080c2033f193fa8d0406137f2b73273bd95d7c4d2fe1badea35 |
| SHA512 | c059d4b9940ee7fb456186608a80d0c591bc752aa25ec8703d20643c05a402fe140727737af9ac2de52685cafc21ce81f90253958568fb938c57c889818eb6cb |
memory/4880-38-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2712-51-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4796-62-0x0000000000400000-0x0000000000436000-memory.dmp
memory/240-77-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\BmsgoMkE\amggEAoQ.inf
| MD5 | 992a37de5fa7f0ef2e55c0807695ad91 |
| SHA1 | a299618b7ca825aba98c2991d07aa4007db1eab9 |
| SHA256 | 631b32a036511fbd418626232082c9665fd94930800b57b24c29b2ced8423e01 |
| SHA512 | cff7c9f0086fdb2f8b8589607d323331df21f10a04498756451fd1f8453f6e2c2d8515bbca974e118600be4d7ad44e977e3f0c51f5e8fa54bf00914e18daca15 |
memory/2300-92-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5912-93-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5912-104-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1352-119-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\xOUkAggE\CYoUsEgE.inf
| MD5 | 95807033d5dde0880028d98d35a9a053 |
| SHA1 | 44bbfc7405694d17cc2e6744b9debbd3709e4c26 |
| SHA256 | 712f3eb63532211bacce62fec05e8edaaa8c0b5d6919270fd98cefb46c64e42f |
| SHA512 | cb568b2d97e8ce27266d6d8d85803df3de1595120ecfd197d50569facda8f16bf0fff404c414e5b35eed73db6f66f2fee85ac8c2dd8bb09ab38015b2f197cf64 |
memory/804-134-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4656-145-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5488-146-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5488-159-0x0000000000400000-0x0000000000436000-memory.dmp
memory/992-172-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\BmsgoMkE\amggEAoQ.inf
| MD5 | ec6b918c578d436a2627deeb14a214f7 |
| SHA1 | 679e4f05cca1287d67831a78eb12336f082f02c0 |
| SHA256 | 3cab728331871d16457919c533dd6ff90cc406f10b21f51654ece37b17cecf59 |
| SHA512 | 19bceffe37e2e5f8b24ce0ef16c6c6d9c6b58a61f855e7f18acc96a4e46a31ac890b66a31b0cb999c98718e28613013574c1b48ab986a419a3205834d3d85e0f |
memory/1924-187-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5692-198-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4720-201-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\xOUkAggE\CYoUsEgE.inf
| MD5 | cd270a7640a686e6f6712f929aa7fe19 |
| SHA1 | ca5b3f6f8a943954768458bc5b5067965f59588b |
| SHA256 | aed7608c97cfcd1a1d2a39b84eda82af52c4872e062163dcb10c7d5245221cab |
| SHA512 | e84bed575b6ce816c2baf4b328c89fd2d87074f3c845d898244a6a8bf9405ad7716c3bd90ea12b24980ba2bfab61dfed52c5b4b46a25fddda6f1ee45040107b3 |
memory/4720-214-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5808-224-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5896-232-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3080-242-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3212-250-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5148-260-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1340-268-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2728-278-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2624-288-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5708-296-0x0000000000400000-0x0000000000436000-memory.dmp
memory/668-304-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5628-314-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5160-324-0x0000000000400000-0x0000000000436000-memory.dmp
memory/6088-332-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3104-342-0x0000000000400000-0x0000000000436000-memory.dmp
memory/6020-352-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2656-360-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4848-368-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5380-378-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4140-388-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2376-396-0x0000000000400000-0x0000000000436000-memory.dmp
memory/804-397-0x0000000000400000-0x0000000000436000-memory.dmp
memory/804-407-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5264-417-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4308-425-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1784-433-0x0000000000400000-0x0000000000436000-memory.dmp
memory/6020-443-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2364-453-0x0000000000400000-0x0000000000436000-memory.dmp
memory/672-461-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5380-471-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3616-481-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4460-489-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1828-497-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4852-507-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4228-517-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3432-525-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2940-535-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5648-545-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4652-553-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4040-561-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3996-571-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4460-581-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5012-589-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2388-597-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2772-607-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2492-617-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1992-625-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1740-635-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5624-645-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3392-653-0x0000000000400000-0x0000000000436000-memory.dmp
memory/716-654-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3392-662-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2200-673-0x0000000000400000-0x0000000000436000-memory.dmp
memory/668-672-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2428-683-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2200-684-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2428-692-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3268-700-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5684-710-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4416-717-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1796-721-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4416-729-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1580-737-0x0000000000400000-0x0000000000436000-memory.dmp
memory/504-747-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1204-757-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5040-765-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3424-774-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5132-781-0x0000000000400000-0x0000000000430000-memory.dmp
memory/6088-785-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5388-791-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1260-795-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4088-803-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe
| MD5 | c68cb63a5f7c534fcd1a03e606ea43c5 |
| SHA1 | 2f74681224afe76d72228f5e0df613f35f708900 |
| SHA256 | 83d6ef509b8235a2d1785370a6787e5249d5721e64ead6331d106cf743dc4066 |
| SHA512 | fbd80a67c71a98348ba1dbd32875e1138f0c2dbed44a1e3dba4389917b9302c5179d8561490ac40a80f154a6cbdc39f14373301489d95b3b59ded3d96d2916bb |
memory/4980-824-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2940-828-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | 0db7099d09c7a91911d924a11e687132 |
| SHA1 | 1df6d5c5574e2fc4da489876fbeb6a6b2cc8f656 |
| SHA256 | 5144e1eb9b3b79eaf23e15b48531b81cff2eb5195b1393ccdadd419b9ef2f4d1 |
| SHA512 | 1ce7afe11891917d68773e540a220091ea971b8967204b38a9457ee4d8e449fa843beaf2f4d11bef5eb7b0e873ce499d29e7541c7a37f8641efbf1fbe5ca6881 |
C:\Users\Admin\AppData\Local\Temp\sUAY.exe
| MD5 | dcdfc15e218c2b80099cd8fccb8e2d85 |
| SHA1 | 86ab3a951b70c7870b75d13a08b4e9addbc65ca6 |
| SHA256 | 910fde6279502184b2a9b93f7f0319731cdb34726e77b9ef631d135ce4a6341c |
| SHA512 | 7a77c5a125ba65c19882e31ae7305a95be3e94110624582d85744e9a75705bfc4ce9a288e8aab433e773cc89770028d4a0d7619d77ba9fafb9a858cb387242f0 |
C:\Users\Admin\AppData\Local\Temp\cYsM.exe
| MD5 | 44fdfa0c2477bb1539f9a81c6231959a |
| SHA1 | adcfdbec4e1bed3edbdcff87148990b1062ff8ff |
| SHA256 | 932e70e7a411e5d95e27be52711366e90d4dcc6a23a9d1cfa39cf9ff254a5264 |
| SHA512 | 54d32bd4482a89114a7e5088488aa2def077ca0be7bd2f7dde4893f5d46cb162bb2f53e738cc3d420193de4f8ed51a925e3244f0a9a6a74daaf650a12db65de8 |
C:\Users\Admin\AppData\Local\Temp\agEI.ico
| MD5 | 9af98ac11e0ef05c4c1b9f50e0764888 |
| SHA1 | 0b15f3f188a4d2e6daec528802f291805fad3f58 |
| SHA256 | c3d81c0590da8903a57fb655949bf75919e678a2ef9e373105737cf2c6819e62 |
| SHA512 | 35217ccd4c48a4468612dd284b8b235ec6b2b42b3148fa506d982870e397569d27fcd443c82f33b1f7f04c5a45de5bf455351425dae5788774e0654d16c9c7e1 |
C:\Users\Admin\AppData\Local\Temp\YQco.exe
| MD5 | 4b3adf1138986619c7d17b1b0c77ceab |
| SHA1 | 04387887dcfb7b8bb46ebe4adf68fe16927918a7 |
| SHA256 | e0f2573b9bc7d0f84615cab555f1f033053c85f7f67686c02ec58c9be91dfac4 |
| SHA512 | c1390dc1e710669f8b7a1197c329ca1222aeb605b46efd910e8a28b2dd29ae9c271e303bef2e9e87d3882bcdb53958aeee5be3a7eef2d21e6d4c686841080077 |
C:\Users\Admin\AppData\Local\Temp\mQMo.exe
| MD5 | db6104ac6da9e853c9a3a961dfe531b1 |
| SHA1 | 1e827c7fbf3aaa7ec9ea8f59c181f5163dff1cb8 |
| SHA256 | 2e375c102c5007cba3271514411361318530cfb519c21bd35838e35d68ddb154 |
| SHA512 | 273e7db33c91d4e52adf3ce32afa0bcdefd525c3ba3b4722e37433ea2c28381a7ba038c988b7ea2003cb862d6d991400b476adab143375fe8bfd3f88c04bf836 |
C:\Users\Admin\AppData\Local\Temp\csEy.exe
| MD5 | eec88d1f9adb2f37865c28daf6f8205c |
| SHA1 | f6ef54a0ba63bdf320dc56fd68aa874508520507 |
| SHA256 | deccdc5dd1dcfdef903b993fdfc0cbb2f5f6617c5dd6e6af8a5756c23222c127 |
| SHA512 | d65f1b6b1c5a42e33c23dddf59cbd763bcac7d330a5bfab35ea34f207640b948bf76b659d9cb5533ac68bd5dbb305e2715883ac33bb2d911cc1b34022ece4b17 |
C:\Users\Admin\AppData\Local\Temp\QAEy.exe
| MD5 | 9cb60ab9b4933b119ee6459b28de9185 |
| SHA1 | a181770ce3479a506e2bf9e5acfeb74e48993c9e |
| SHA256 | 62a7fc9481229f87a68cd04687ba12ae499d46ce5a38ea714e1449375717fc45 |
| SHA512 | 3ef5f53bde092db777b401c51512d6116e888c23655ec3dec5cc9ef60479ad4a8aaeeb75eda798e38d48bbf90d739be3e3a37dbf55e6f3eeb97ce45f1cba92c5 |
C:\Users\Admin\AppData\Local\Temp\sYsI.exe
| MD5 | b35f9c82c0cf6afc43290772c44ca3ba |
| SHA1 | 567112a84977b048d65bde501ef6301ca5e0f68f |
| SHA256 | d82c8cf2b75a25027eca85f8a00724d12bf531c1eace9c5693541118ad427d7b |
| SHA512 | 5dacf9c706cb653ea4b5508b6ee396f3109a4c2d588adb2fec1e839aba922aa4d1eef96b4a067bdfeb3c8c9545449893a2ce73ef65aee1e520df5e179576210f |
C:\Users\Admin\AppData\Local\Temp\wEgG.exe
| MD5 | 5fcca7b0b6141bcc6cc985eea6d1db62 |
| SHA1 | 0f6cff790f22affcaada79bb1a9613a677a6de9a |
| SHA256 | bb99b660daa3deda833f4406eb6ec90c7957bcb0b6cdf5b3c26f9197a6ab7857 |
| SHA512 | 091a010fe2639a4a575f9f6a54e0f8a7492ecd46a6642cdd4289a18b1d57cd7c0998012cd1d60f1bd89921e3a506cca9013b1005c3f0cd3c664e8dfd2f9f2ea5 |
C:\Users\Admin\AppData\Local\Temp\Iggq.exe
| MD5 | 79cef09e67bdd994f4644bde45ad565b |
| SHA1 | 0429fbfdbe81295706a87636e5176262c799adc5 |
| SHA256 | 3340d1da46b6368ed3409bb5a71f58bba4af819546c95c1df38dd69231596107 |
| SHA512 | 436700267bd7eb3a854671aaca1201b88424680ecbec01db8010a5303b01287c354605053754c330f108f2388271810ea15295d4a98b650dbcb5a634315f2fd4 |
C:\Users\Admin\AppData\Local\Temp\mkwG.exe
| MD5 | 231f4fe0afcf71d989275f866706f2fb |
| SHA1 | 2be2cc2a7dbfdd98b09027ebc2b2b0101550eaa2 |
| SHA256 | 9c39719f26b65e12daf9d3d53ce1ce78ceba4f3911d2cfd53cfe027fa58105f9 |
| SHA512 | 71f1627e65efab10982f7dbe2d7a3e06afccba41c11eb3500cc8cf7a2e671bbdb96da5992a44fff1a8cf936938ed6954cf7a74455fe88b92a5dba80b940f7d71 |
C:\Users\Admin\AppData\Local\Temp\cwoy.exe
| MD5 | 7cace563d964ef73fb74796f07a050d6 |
| SHA1 | 4567acd5df3d80dc5cdff50075fc7023d9ce9980 |
| SHA256 | 8327614a19d7afd318dd8e92283e757748e6042ad6e357d39d0f4431fdfc8ea1 |
| SHA512 | c495b79fd7d6a1bc22251f703adb0d0143c2f42f5cfe7c730164c5ebcd475274a6d6b4bcd9cc139bd4eee69625b9ee171b8c02da8582a07e66e649b91e6261d2 |
C:\Users\Admin\AppData\Local\Temp\gkwk.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\KcQw.exe
| MD5 | 8a36a588df94b0a9ed8af56598058fbd |
| SHA1 | b4576b398a615dbd25b9ab353f2d4fff44b57ffc |
| SHA256 | 2061cea1e39b3427d74690f81c2bca3fb3e471503fda548be7c7a5e2b9d375f5 |
| SHA512 | 6df82555c5abe66b74428883e042b6bd9db16a1d2e185dd4113b5ed531cc7c9291827545bff263ee5ce2da8dedced877f6e11e0380171c90960c89fcb6c03218 |
C:\Users\Admin\AppData\Local\Temp\EgQI.exe
| MD5 | 044e6bf5ba9427e1a61e5c2b86fac49d |
| SHA1 | 28ab64da3ba3fa9a32b83bf6195a255a43c9886c |
| SHA256 | 5b68d8672471db6b21df5f390fdceae5a6f1417f8ca3502266f589804b607d04 |
| SHA512 | 89832062f6a9f0dd0fb7dc196caea82d38300b35d5ef9fbec020060342ec6ca059e2ed759d92cef6e6a235f5cce96d50fb643ec24e8757a4810d2eb980d8a3c2 |
C:\Users\Admin\AppData\Local\Temp\oowK.exe
| MD5 | cc82ac7dd91cd4a37fd98d6803642ae4 |
| SHA1 | b1d4d313195135d2c412b34d92af90804bc831e5 |
| SHA256 | 293d74d0fb0517f82351491e094c4a16ba501b8648cd0e9c76ec142b75cab84b |
| SHA512 | 757bb42475f6a0656c58e1fd59b01a0a0c0570e494c81b716e3e32f6890383b69342e00e47e547f6820dd6260f02afd9a1639077cd3be2066e328b6aced5569e |
C:\Users\Admin\AppData\Local\Temp\uocQ.exe
| MD5 | 02a0920da1b889c30bb988859b37db90 |
| SHA1 | 21b3884fb2cd8d857be9ec76c3fddc02b6554287 |
| SHA256 | d712fa53f2b4c1fc0e49dcfd5a4bdb337cd30b1cf8645856883c68f464d18871 |
| SHA512 | bf20c74318d308479368b899e630a416cca7bacbf46d8eb05e4e0e6cc89e28a422acb5ec6b573bf0882d8fda744ef90f126ebed3ca58c36e75822b0630241057 |
C:\Users\Admin\AppData\Local\Temp\oMEM.exe
| MD5 | f39c6ffb33ddb0d7a26da1d16c9bc823 |
| SHA1 | 6c3aaf15d644a3aeeae41d4ebb73d9a24e0bdc9e |
| SHA256 | 7ec48c4fe081ec2d9b19d7d161c215dd655dd1f4353a093c59f1edbc3832514e |
| SHA512 | 2b9b0abc580818af2d618e3247364215fc828b8de3dfca2d0a3023fc94ebec30cc22a0455089f0d18d8982894f043af228c0d262efc00fb77e582e94eca6c970 |
C:\Users\Admin\AppData\Local\Temp\gkEq.exe
| MD5 | 385dd0b321d4cad20723e1043e12cc82 |
| SHA1 | c484c22dc06546ad440865c9cb48525aba5199fe |
| SHA256 | f2f1bd709144a52fd14d74b0147db36794677b8ccd5e229a3f451d607f48b24c |
| SHA512 | 4e2416485883e38e20abd4592fcd1153a0c02aeac91eecacce18411516e3bebc2227b42b9ca1f75ce192da71941aef1e224631b62c0ac29a1f6d4e259b0f6594 |
C:\Users\Admin\AppData\Local\Temp\uUAs.exe
| MD5 | 195174b03509b393262a2d2d8af310ba |
| SHA1 | f8399023b049eadbdbfcc6bd2f52e86a22060d76 |
| SHA256 | 82d43126801244162cabce174ef47d16abebb39384680812dc09157126132831 |
| SHA512 | c970a11458530c7d46b88ad5b8dd7e6e7475cd38b3c6d30dbfbc3188e303c7459ca909ba221acd4e2d20e74e1ab9d95d9088044a10f269c9200f5ca173baad60 |
C:\Users\Admin\AppData\Local\Temp\EMcm.exe
| MD5 | aa0600b0825522d40efd39a1870b2b0e |
| SHA1 | 2886bb6956e43d0893bebe327df23ff8c6080dbc |
| SHA256 | 9eab4fed66aa3b84a4744d7642bd5adbefe16580dfcaa14ca027c1741905e67a |
| SHA512 | 53c2d49b3b90457ff8b9c1a789b38745ae8cf9d28050e810f51df8a3e85108c21e407497c1aad6e250013364afcf259755c7f41e4843a784c9b1922d410a7961 |
C:\Users\Admin\AppData\Local\Temp\MEcM.exe
| MD5 | 2d5a50db5d99dfe6fbd9a936bae88f5b |
| SHA1 | 337ac56c34ec41cfc8be5eb9372bc8ab2388f67e |
| SHA256 | 547c9554f66c6747740bb50eb367dd4088c8cbd3244746a39c20d0718eb6cd70 |
| SHA512 | 1b53cc5e4124c0ac9185f365a9a42bfa218ea1572b9a1f580cbed705e3112c6df26542f94d2cf873dc9d430ff15b44b20b61db1471a9166ee93eb898950e336c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\flapper.gif.exe
| MD5 | 8e7ee8fb3324c432da1bef1a8c0ef707 |
| SHA1 | 063ed005bd69f58182ed28336ad4fbfdbaa0962f |
| SHA256 | 87b57ffdb37c374da7b21d0c061061c8c60c72db5bba015dbfa74129f7827b04 |
| SHA512 | 16f728f4eca40285c7761cb7cafe4416943590aa7a8ffc16a9ad22e88d2680739d1bf392cb80188534b0682688db900cb10ec2f7fb9a533e90e522ac16a1ac72 |
C:\Users\Admin\AppData\Local\Temp\kEso.exe
| MD5 | d26e62a5024f21f295ad9f99d76ae560 |
| SHA1 | 15874ebacc155bc9db9f8ef37749bb711134549b |
| SHA256 | 4f23bfeabfde861f58c604c4307bbd2b056bc99dd02c71ad2d8b6f1ed239076e |
| SHA512 | 5ce67a641f3f9b14d7cbcc09a7d78656d4dfb7459cbda83994dd2d9b7c3889cfcfa803851cbab99650e15c50e68338ef366974672a28b4b3aab319ccbfee772c |
C:\Users\Admin\AppData\Local\Temp\IAMg.exe
| MD5 | be4876c48c469cf1d894ed2c5baa984a |
| SHA1 | ac07909dfa043345625be44ee2f64b69b761f91b |
| SHA256 | 655b9d9662260f11a449ff44d07178a427b0a4916564eecd72794ba25461a087 |
| SHA512 | 9b0658bbbe1edb155abc8d694d145b87823e95a4816eba15b75f0fd5120704eca8c0299d9f232c6d5a387ca3526f85c76f740218cd80d3bec8424c2fa71c9a5f |
C:\Users\Admin\AppData\Local\Temp\KkUK.exe
| MD5 | 2382e0b4ffeb1ef6badb7b477a4396d0 |
| SHA1 | 59c0ceff281f6496a2831dbcff7d1794ce9def91 |
| SHA256 | 440f8adff324a6ffcb295342ba4cfe67425fc19658d34e2a436aaba28637d5b8 |
| SHA512 | c3673596c7a615ab913ca47570411adf8838b5898789da3c601d5b735d2617294f81313f0b122dab648e10c07a07dd340b566929cfe7b99af2a831ec258f7a1a |
C:\Users\Admin\AppData\Local\Temp\IQUC.exe
| MD5 | 846960f9ecfacbd44c1e01e1a8c19993 |
| SHA1 | f3c2219f95bc1ed367414da42006c151c458fc65 |
| SHA256 | 0e44ab197990516fa91980f1d2e95ac3263a4949fd18037a2a67065a8e1221f2 |
| SHA512 | af8771e92d5c19614e8ac708efc4f74b4a39b789a31f3a41a3a1e9b909c1194ebc2ed7dd929a546ca134d7353ce23bb773ef62b140034e9a98bd14e2184e0054 |
C:\Users\Admin\AppData\Local\Temp\ecMc.exe
| MD5 | d07d0b58670b5f6c779220636faaba38 |
| SHA1 | dec3c10be24d30f6806b711ad95737291674b286 |
| SHA256 | 2f9731388a744eaa5636befbb9810f112d6bcb34b97f624c950ef9c560137acc |
| SHA512 | 5537074eaf68f66af9d47367cc0dca232775ec3c14b9fd3caba027e7f1f92ce01a55c8ea1fe07535e999812f1a68b32e2d3e3c08860ff177b5df9889ac6ca622 |
C:\Users\Admin\AppData\Local\Temp\Woog.exe
| MD5 | ae73c9481e96b06efbccf7cf7fe97f29 |
| SHA1 | 6c84d7269be85d18c68d35be8b0f4bdfa0e338b7 |
| SHA256 | e7666591a5f6abc76f5abdbb22efe230cfa6264d0a742114128f726d80e2eb1d |
| SHA512 | e5e59613d1ecdec7a17a01cdb03dc49ba002cd047ddeb2ff7bbd2b78bbf92f17d72b11e7f843639670201d9ce4ce2f56cf35e86bae7a6c70a422b92463ba463f |
C:\Users\Admin\AppData\Local\Temp\uIAg.exe
| MD5 | 12cd64015c4ebdc3383abeca291d5d52 |
| SHA1 | 180b63f0c72ce7d5aff8d72b768dcb4dcf1a869f |
| SHA256 | a8898df9989f60b71c2427d1f5b03f9275a0ba0f8ebc07cebf9c2c4cedf37f91 |
| SHA512 | fa24a812921b4ad4656ef02c5322c55a36a6cd7616d8ad1abf18686501e70da710d8a022ce79f2fc3cb6c365880c780cd80c1e84654bb6522d0d957407636620 |
C:\Users\Admin\AppData\Local\Temp\ugYM.exe
| MD5 | fddfd25ac78eaed9461a9f73b72da90f |
| SHA1 | 4b66076f03e2267abc5271ae13198dad8f87db05 |
| SHA256 | 69ecd4f2d65d9a7e8433ad4c93eedb8f61bcb849af6b3f59df5c2984ae2e65a7 |
| SHA512 | 114b763f595b66da721183045d63bde7547d4f335719cad6aaab717cb32cc297a10e67154d16fe47cde2727f79528603f2a3b5495f72898232aca39bac27511f |
C:\Users\Admin\AppData\Local\Temp\WMQO.exe
| MD5 | d770f4d43af996c92a4d8a9d0f21677e |
| SHA1 | 7df546d370e3ad854f0f1ae7bec0e5cb9000c715 |
| SHA256 | 644a31cbe917fbc289515aa590b9f4f00a0e9a94f5a63fcd49a4d314923aa414 |
| SHA512 | d9ecf3d34c0c55fb7ac082086b81e1a93abdf8616cfc8ae9d34c5cad52ba1b9fb7c60724b80a0a1a8fe1d84d2b578c52ef30a842fdfd5a308e6686b909feea74 |
C:\Users\Admin\AppData\Local\Temp\sAoe.exe
| MD5 | 8a9bdccef1f1e944d9ddda9793699eaf |
| SHA1 | a77027ced98594fe7cc041cd9ea8a675545dbfd2 |
| SHA256 | 011b8dd8b78d7239be2220a6c3e0116dc44e6185921f89c6948d63ecf8fb97d7 |
| SHA512 | 0ac7a4ab05280f96c486fd6f26a91db28bb3b3d16695b94d7fba8541431ab50588ec78fddfdb65de849f0917f290333bca36df8ce32ec8f0d2bb1c07e5f26e29 |
C:\Users\Admin\AppData\Local\Temp\cYkI.exe
| MD5 | 97e0859f104c30abe3013a720224afb2 |
| SHA1 | 79115a446e9556d9f008396a3947e1ff0b143b03 |
| SHA256 | f75ac8a4c45b67aabcbf27b3647deff6460047d439e4d76ddb8948bb0d18954b |
| SHA512 | 0cbc27f09dcd7f93bb9aef99d39de0644c391b28a83c2021240423660439ab10f9aab39a724aa518709219d7faa6657084c66594fc18505ddff2341f6a1e7f4b |
C:\Users\Admin\AppData\Local\Temp\EAEI.exe
| MD5 | a269d551b1294064a2f6a2d528f0ca9a |
| SHA1 | 22f205e4b25d665e9a8ac150b8b47024f749176a |
| SHA256 | 4861bf5ff914187df6ea1af6f47fd5a3b85095e1ef96dc0b231e7a130f3d39a0 |
| SHA512 | 58756bc8c93bc3309b7cc20f4f0113436376650a38cfd32079eadf335bcc272db167dece1cf963fcfe2ca150bebc7ae9eeae85e60486b8934c687dc2a519faf4 |
C:\Users\Admin\AppData\Local\Temp\eIYa.exe
| MD5 | 3fce29821bbf82b0ec0482de094e681b |
| SHA1 | 4fec6ed58d6249797277e61248eed2825bbba954 |
| SHA256 | 2e2b6950fa12da246e28fef64fb519911539e84b4b099c8052da5445289ed207 |
| SHA512 | 405fd6c7042bf3bdbcc22fd3b01c187bc38d3d29c611c9999992919b4c8d46201e1a5ad0742b251f2b033a00b86f6141d5337f7f9e37591c9633bfe87d76a7ba |
C:\Users\Admin\AppData\Local\Temp\kokg.exe
| MD5 | c07a85f606302a63e2b9c3d28a9ee3e9 |
| SHA1 | 50b6aa82eba16cf9790cf8e732dfd539799e7cdd |
| SHA256 | 25e4c6ff88dfd032defd2b775d18586ed586fc309c74dd3c2ac60f658d740007 |
| SHA512 | 019efc717995422105ebb459d8f1d3ec1bc15a93ec4479a80e0a57d8bc836b663a5dfbf857e6decee5474a0322de089d0f128d1d1cb08e81ff71287962ba8e78 |
C:\Users\Admin\AppData\Local\Temp\wAQI.exe
| MD5 | 46355e810364769057da178334bf4079 |
| SHA1 | f1cd217d713fbac40b66e9f91e976fc3f5461eed |
| SHA256 | 479f61d068eb92c848dbeae9ed6b117aabf1705768b938852fd53fee3ed0492f |
| SHA512 | 97b9b5f851280f241ffec7cd33249cf8ae3043731199b3bf574e3b599eab5a2a0e26b4ddd7212ddb0973956b35b8f7bbb0c8ac5de0166b9f1558914b5a37b1cb |
C:\Users\Admin\AppData\Local\Temp\EIcs.exe
| MD5 | f092023727fea1670b8f5ef65e7e42b4 |
| SHA1 | 5a1f22ab3311e6784cb57a305d81bb100dce8a7a |
| SHA256 | fdbde500af30e1d185402a77b0fe23bec8f4fa66a7d2e25c7b4414544205993c |
| SHA512 | b38fe963cbc12495271ae41891bfa70ec2cc901501e234ad96afddc28d6873f0c663d927efcd1b787475d86fee9deac18b4f35f3a44a6ebd2877053de8a09176 |
C:\Users\Admin\AppData\Local\Temp\Qskm.exe
| MD5 | d13a182f6c068d0d76e390b1b96a3ddb |
| SHA1 | 5b6b625db71041b3c3572e1f6d96e18ee3beae1b |
| SHA256 | 88b16ee840b92d8fccccbc2621f34af1de36488fc72b3348375df09a6acda3de |
| SHA512 | eda332315f014d876757f73a6bbc1dd1bba94d33d66c07c082b757f237579d5460aa48f88c60be07348b315f42e9e2560dd59df531b1ab9f654f7f8141f66396 |
C:\Users\Admin\AppData\Local\Temp\Okky.exe
| MD5 | 4c4620af782ef5d9653f74e22dad1980 |
| SHA1 | f33d1122ac3d55640647e357df87101f812e5cec |
| SHA256 | 2c3b6cdd8b0904fb577eeb7938bf656fefbe01869757f28fba745a2aab4a0b32 |
| SHA512 | 940ccf82428ec2e5492781a5c016101e740485a4cdb659fdfc78952c5eec7be28da3dee519ca2a48e63388a5c5538931d3f436ab747bdf05a7a37d995b585bcf |
C:\Users\Admin\AppData\Local\Temp\iooA.exe
| MD5 | ec3bf599428eb75b5d6010f65425a153 |
| SHA1 | 1cc063cd6ce300027f90b07b0b43fc1af3858d99 |
| SHA256 | 7922335b13d39029fde2dea4d72ba239146c71a649c306ff7aa2b16a67483d81 |
| SHA512 | 833b7c46f6291b3411bb2e4a2d24b13b1a6fa719a3160f552f1e4a9ddcfd8677e0ad9bb68235da9f59b9963ee6dc965ee60a0fa06c373123390e6204b00f1e13 |
C:\Users\Admin\AppData\Local\Temp\uwgw.exe
| MD5 | 356de95ae68cac7b737b6e3b3a7197a1 |
| SHA1 | b4409072a70f149d0e0a2e7ff7a7e45af26bb479 |
| SHA256 | 50587eaa3c79f40b2ec105e809e6db708161cc43d80280d8bc3b15fec4e0c8ac |
| SHA512 | c902748a58c7db54eb99c2f333df3cbe90ba78c923c470a86a76ccc1b2283ba3ed3e84d456056e2d65dfaf7704858088421553fd7965671fa56a7030a248d4fb |
C:\Users\Admin\AppData\Local\Temp\kQgQ.exe
| MD5 | f84febf2de8f22ee361601a1783ff95b |
| SHA1 | 2ea2407625b1b5e6e2ca23683c1cf11b6605590a |
| SHA256 | 781575feaa21d6906e3ad09d13fcc936fb47d40d1513216c7a65ef9e0916c1f0 |
| SHA512 | 3726f548faaf059d603511bc4cf114f46c95f3770ac045034e7b4fc4a87ec52683542157a2e0a29034726530620d03dad9362c7371a03cc88c795d1e9d0b738a |
C:\Users\Admin\AppData\Local\Temp\yIgK.exe
| MD5 | 05318cf984e1bf969175de1f48277706 |
| SHA1 | 1ec5b28558989832b24a445ab875113f7303d3bb |
| SHA256 | 3b184eece3f2135819df21ec9390d53fd2ed571c491a365c056ae76016b1d4d2 |
| SHA512 | 460b1984453951455e1fb6f8f63b708e92933ab8e871657ea7809e227cef6936707f609acce0a13685215711132c44ff799ab44960fee757bb1f87ecac6b9392 |
C:\Users\Admin\AppData\Local\Temp\gEkC.exe
| MD5 | 6bb4f5b629cf4d3e8cbe703aea1404ee |
| SHA1 | 5cd589aa26b9782091c57c4a12a75db77c70f238 |
| SHA256 | 7fe4349e6ab8230c138a82818402f5c0ea97b9f18b9db05f879f4d81023f9f5e |
| SHA512 | 8b13d8bc92a372dec768d3412893106f36b4e48d2c0ac548cbfa0fc1089e2a5709001faa261ebab19993f735de428a31d7e084248542445a56b1fdeaabe452ff |
C:\Users\Admin\AppData\Local\Temp\Mkoc.exe
| MD5 | 3949be0d45fecffbc5bedbb2d9e22e94 |
| SHA1 | 8f37361c023cf86cab2886618a58e8780b1d7b2a |
| SHA256 | e006b196ac25cb04cebb4f32ad9d3946dc5f7044d31ae343e1128decf79c7bfe |
| SHA512 | 804635a9921fd6e1e3bf01c6a26efef620c3f33d11f3468026973e0b305ae95f5ed6b4704816162d549925dfd559e1899288b23ed05390dc693ae560b44c9eb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\128.png.exe
| MD5 | 1f4e7a687b85711711dac39fd28865e9 |
| SHA1 | 6a603d4c7c1ed5993b1d309731611bc77a3fbdcd |
| SHA256 | e30211c45ba854c9b146f7dc6cd65f3628c634400192bb03b921ee3d6440d03f |
| SHA512 | 83eab4e58483db9e3fcd3c36de17367a195181608bb6feb9554dd84f89f3b4034c35a7d595ecb256f39c01d9b3279018cbac29eaf1f0464da0b1510ffe8df95b |
C:\Users\Admin\AppData\Local\Temp\ooIY.exe
| MD5 | ffbdd2bdbea6b64af337b74820c14aa0 |
| SHA1 | 028f905af3aefdab9e3857d92acf46bfb5ea1360 |
| SHA256 | 8d53b82e05f6caa426ae5917883a2d8eff5abc01122728299f08135c3ffae0bb |
| SHA512 | ab379d79d5df0bb2ee6d85d92c95a1b5ba7fc3c0b5e19294bb4224ed73db2fd44640f87d8e7e4ddea50c10a8a87fda80ec68f432d2dce14e1c3b0af2341cee43 |
C:\Users\Admin\AppData\Local\Temp\ugkc.exe
| MD5 | 59973ee1f67b2efe00095eb0ac8795b4 |
| SHA1 | 02badd4d976287b3cb3e7a2c2bc845ad3306bc70 |
| SHA256 | b5446e872553d48c5aed13ea5fa5d6065161b968b888c03904fe2177bcfec3cd |
| SHA512 | 9143d31ff15264df1af1da08d5b1aa6575168c97918e73d8768ae16a9000dd3132c1ca8e132abb7fa1a97e118bd2a278610383cd7d62a898e272a7e4921e3829 |
C:\Users\Admin\AppData\Local\Temp\kIEG.exe
| MD5 | c9d987d8f793e09e0987fa6424c48aeb |
| SHA1 | 4d798394dc6540ae1c1d629c58e40054dca83062 |
| SHA256 | 1986e58248977cef42c248ed0c21203b42beee760bcda54c34c6fef30b6bcba8 |
| SHA512 | 35a724ab69b5cdfbed511d29c2fbff50a927559c8fac6dbd00ec3e7a8f9588f6bebce973f6ca56b44d8fd41992ca7e6541fe530a304fbf801532107abd716646 |
C:\Users\Admin\AppData\Local\Temp\IkoG.exe
| MD5 | 161f0ff7061d83a402f232b919268dc3 |
| SHA1 | 64be699e3667fd0ccb4dd290e1e122218a0a861c |
| SHA256 | 59c03bad1cc15fc7e297270c43712751d9b2b1b61d8d84282f8d2be46378088d |
| SHA512 | 9f359da63cec5e0e90f132c513f02ce3aff76276edf4f09ca59e6e22dbf47b913bdee8fb35071e5710a80aff6ce56398b761deb23d59e26e0bbd4120e2776858 |
C:\Users\Admin\AppData\Local\Temp\MQYG.exe
| MD5 | 437309cb060771b0d4debe27d71bacf4 |
| SHA1 | 1148927091b4a3e40726fc3c637ebaad81a9c559 |
| SHA256 | 3658cd5d25c1000494259bcc87d0f084ee4eeb73b0e76a4a369bb9c51e0ab6e7 |
| SHA512 | 71e5862605fe459c4ed2298376b03917005197555cb60e4c0b67e90e83ed92b7389f3764282344ed6d3cb3cf05c36f00b2d2bcc875368668449f68c3b058bb5f |
C:\Users\Admin\AppData\Local\Temp\IMwQ.exe
| MD5 | bcacd3b3d17577bd85e84a01bad36530 |
| SHA1 | 4451da5dabee2f7a89d51dcc4381908464808350 |
| SHA256 | 0949ed82b32d60f72ffc38a053bbc5c0eea87ab34070494764e18b446ee5cb3d |
| SHA512 | 9053288f26147a4b2f15cd4a00309ba5dd56f9f14aa69089ab00ec78573aec65bd938c76ad7890bb1197e12f0f7a56cfb00cb835bf9df3d1dd003eefe4c98374 |
C:\Users\Admin\AppData\Local\Temp\CUcA.exe
| MD5 | 13cc4cb8351de9c509db7aba161665cf |
| SHA1 | 6a78601ff61442cdc154b6983eb0d6c9f0e6c2b3 |
| SHA256 | 3cdeb078e1ca9f284a6553fb9160f472862081fa55b8118d59a81003ef14992e |
| SHA512 | 351cbc4c79798b891793ebd69cc30645894edb21538bdeb717743402c500c0f13dd3fbea420bd8543a88499a5866f38d64332368be14530ec9a6f399e19ac5a5 |
C:\Users\Admin\AppData\Local\Temp\MQYa.exe
| MD5 | a0646b47991a698a258458419ef729eb |
| SHA1 | a3a3f18dd215961a5cbde44a0afafae7acea2580 |
| SHA256 | 7cea71e23158813ad751fbe23ab55293a6b880a42916d073c38d4caa4fa4c85b |
| SHA512 | 344eb5685ed008738e073fc2db328916377d7042380033fdb85fc228e716152e036466f0c0e5bc0f0bee3e5c58be98fc8bd7c395b83cb83af27d5a862445df77 |
C:\Users\Admin\AppData\Local\Temp\qwgE.exe
| MD5 | 0187542052c307c4e16978872345c86a |
| SHA1 | bf1faeea0fc15cc0b0f450a45efa433973d64977 |
| SHA256 | 0b378cd81e77ed21c6091849a58f480ee74a736561029ba6b1cf851c419126e4 |
| SHA512 | 844f827f67885f8b483d1a52786c77bb40f6df73b864838cda258d9fc98bf62afcc540e3105b68fb970b729db2ce79e69fecf82eac83d6e7a06d2b9920d91219 |
C:\Users\Admin\AppData\Local\Temp\MUUY.exe
| MD5 | 47d21d9689a1b01040eb199a4175f006 |
| SHA1 | 438264b38428b53f96379c3e5b6021e891457e9a |
| SHA256 | 994d7e3443b53c16d5bd3b86c987cdb442aae06c5c07e93168033438aca2e6eb |
| SHA512 | 46cdd1068de9c7685222cb15974ab62da073ab419cd2d040f53bf417f626c668fdc7e8b401c002ec7048c4d4daa079e042d5c1d42814a082148c8e73f2b46e91 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppBlue.png.exe
| MD5 | f6367e448426ac5acf8996ae1ca4d15f |
| SHA1 | 800adc618aa4760255aa6b26e184839fb4a26c6e |
| SHA256 | 1880f2c7f84d646f3fe51691d7846118b558d94dede31d38eb91234631856fdd |
| SHA512 | db1d40b22c85b120daba76f07d79fb5dc556931386b4c6354d07013128350ccbd8e8704dee084f743fc0f46c39a4b8aac04fe5217c6ce3a3b323f0f5a96e0b1a |
C:\Users\Admin\AppData\Local\Temp\WcIq.exe
| MD5 | 2aac6826b12497ad8b8fe964d4a53142 |
| SHA1 | e74cc2c1448417de96d6409d38d8b09cd87ffb14 |
| SHA256 | 5048fd513857d9e0f586e5ad471b57f07a0bbc600751b97262d7c4b5a5b052dc |
| SHA512 | fb4a9d197659fd245bcaf352581b08283527cc21ad4b937fbbcf11b8fead258808be9e979e92e04ea8d2e0e3a8e36668c68d8ce4ced4a4eb7375923ec6052d10 |
C:\Users\Admin\AppData\Local\Temp\qcka.exe
| MD5 | bd9b3dc903ce857ebc95cccd9f95cedd |
| SHA1 | 7c7a30c36045c2a04e3006d3ab373ced85942ad4 |
| SHA256 | a99e5ddd011112ac009182a7589fc8eddfe4d7f26b4d51446446db719a2b4c4c |
| SHA512 | 89e58d7bfb2da5d2c15c80be7439d9465e169f333a451b44443ba6577b19a34e9915e6cf13d79d48654fc48058605bb7bfd36fc42dbb052858945ec0e317f6bb |
C:\Users\Admin\AppData\Local\Temp\iwoQ.exe
| MD5 | 22fe66b3308b01af18e8cb7a9da3d55f |
| SHA1 | 49766689a574a287f302ebef67bf4079c3fbf99b |
| SHA256 | 1add2c79c8563b3bd58d957730742afad04d9ab36d31ced05cf71f897e61d009 |
| SHA512 | c1ce00e166283a1d8eb615433cfda498a6275ca2e950a4aa7833dad85ddf5a4c51119da7f22862199e812a64d0dbf3e6f51a75174a06ff3cfb6537327feb2ae7 |
C:\Users\Admin\AppData\Local\Temp\aQQa.exe
| MD5 | da57dc1eaf7411626de38f0f7ea444d2 |
| SHA1 | 361f387445475200c93c0166975b3f88d61f4d43 |
| SHA256 | df4ca526813719f13df5d69c6321f3322c6f604e3e42748525be1b524143c36c |
| SHA512 | 7590e969011e36da5621d516f343d2d853c3518af2c571cdb8910a14288ef55e2ab34ddcfe483408fcdd51bf54d818125093ecdba9bf939e01fb65e85bad0928 |
C:\Users\Admin\AppData\Local\Temp\iYgK.exe
| MD5 | 307439f1e79211e4743414201857d7d5 |
| SHA1 | 14c6c8898fc55d99abac835ba2d351b2f4d31ed1 |
| SHA256 | 343820f8db31045bc322607ba8726dcecf12fcc186fc2830ec89eee467fc3231 |
| SHA512 | 2fa39dd11dce177fab67385ae3179c505d4e0e982144203289e4f5e14081f6db50cefc7e7cae92caffcce0718db93334900d9d0a3ed0be06e7a3c19bcb7894d8 |
C:\Users\Admin\AppData\Local\Temp\GwYe.exe
| MD5 | e3d1523261ace415b6135d260af225ae |
| SHA1 | ed0233a7ff831047584109d99d3c83fab7d6430c |
| SHA256 | a208dc6884a2a5e07721fcb708ea5d2bccd636c54aee48d1ff2cf88c68aa8600 |
| SHA512 | 1010ddc56e45347378a14129dbfaf68409e77bc24d789ea5579cb2ee85ee06a4c97bfc6dd82f5a0a1ce99fec39ce09b7d73cef27d4771fa502da05df1da46180 |
C:\Users\Admin\AppData\Local\Temp\KoEM.exe
| MD5 | a5eb4fe0fce9842247e06e3eb11d9c11 |
| SHA1 | d39a60ed8b2f9c78e2b022c54fa880ffd482670e |
| SHA256 | 42669fd150e7d3bea391447f7e3d588ee50e5345fc4388549ed08d2a54ebb358 |
| SHA512 | 22c383a575171c4da551ce52738c98d2490e46b5df86e235f27d1f09a59243b7c0c14cfba9847c34fe583e49c720693a69ba444c10aaf4a2273d51bbef5a150e |
C:\Users\Admin\AppData\Local\Temp\ckIe.exe
| MD5 | f1093f60ebfb316a31e3b3a3342740c0 |
| SHA1 | 58c9928b909c17c5252c311b560afddc0c6c38af |
| SHA256 | e9dc02aa4c77bec4156eef3bd00870b5ce78907ad62af5523d075955778591da |
| SHA512 | bd83ab0fab992f03a836ccb2ffa0f679c2e35744aad51c0d68640857999ff236d72e9456e8c89aa48a5149cbd0c26ee6d5d6506433aaa599d911db379b5847cf |
C:\Users\Admin\AppData\Local\Temp\wYgy.exe
| MD5 | 5820166f5d40cc1f7720f6a239a8f211 |
| SHA1 | 9986e11057d57fcafc043749b7ebe339800c7d77 |
| SHA256 | c52ca439f9b374ce4fe454ba37961f8ce25a9d99b804c6c0a7341a4bcfda02e4 |
| SHA512 | 29237d18f37399a218070b1b87bd7ef4f5625196dbfafe02b17dd685b353110cf46e855ae2e5c5fa61bec44b50d1649222c4288ddda5088177b055c2a3e6b061 |
C:\Users\Admin\AppData\Local\Temp\Cggg.exe
| MD5 | 3e3cd95a63da179519dcf7ec50318ebc |
| SHA1 | 23898a328c5a6d7065805a24767153909d84870c |
| SHA256 | 1fab0ee0a4a32bd4268d4b58fee55e5dfbf2945ada63bf90c8821f8413fae9d7 |
| SHA512 | 8a4f38a4cc4ba50ae52a412a8c4da7da748f74e193d64f552f485598df6fde26e1d1103deada2ee968023fd93e801d908cefca332b86c5e43e99f0796fff5d02 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMScanExclusionToast.png.exe
| MD5 | 3dd982e56b41e66f0fcb34e3a738b717 |
| SHA1 | 25ee257e7de058a8b39b24e604d50cf8069bcdc6 |
| SHA256 | b261aa7511cc438c249ffd1ff5798338cab4b29bcf6efe5261b399496f06952d |
| SHA512 | dac66c88e9c5e506ba831674aab44b73429a14588d0b1f016b063680de0bd55ba076eeeca1176e69a68de4466668b3f41edfd434583489346118b3e8ec4f78ee |
C:\Users\Admin\AppData\Local\Temp\EYcQ.exe
| MD5 | 16ea45904036d68a726937b42c46a0c3 |
| SHA1 | be81de280ecfdb726731027ef669c20c943263b9 |
| SHA256 | 687404dd1fc708345eeea543d188f9bd7d550f638970decca3dcd5a167d94f3e |
| SHA512 | 66410e0d00656230538da04f8ff54157b6863f2ea69fbed7454f074e8fa90dd09c17d21d854b56a4acf5bbc8ce63a1d3314a7f8f571d64658ee5bc3b221c1663 |
C:\Users\Admin\AppData\Local\Temp\MooS.exe
| MD5 | 8be0e4f26fd2488876a86f1e98892c07 |
| SHA1 | 3c99a7a3e33a5fbb1cf847194c189b2fdb0313b4 |
| SHA256 | 0eead9fd9e78646832b8e4191a261bcf0bff255d72e615147ede6645f6d1c080 |
| SHA512 | 71f2db8d6a504855b3d4842750c6c3ff3041ad81b76fb451e6469415aadaf5c6d398ab7e4f5627407413a8fd3f5310b9e64c0e99055b65b944dd7d0563c2b80e |
C:\Users\Admin\AppData\Local\Temp\Qsgg.exe
| MD5 | 4a8947fa37f6a6ce43baca0a895acab8 |
| SHA1 | 53f03f4dd4f5027e94352d558ac0b7b5507bfbf2 |
| SHA256 | dcd7393650a95ecc2fa861565012e56688aaac9670c3dadeed3d9acdd31a8c27 |
| SHA512 | e131f210dc3ec15f8bc6329668a1b7e1c388267b5024aa71a4d07e134c312558ee257689a8ac4e35056f14a376c9624798c3802c9f3c6868ac0415119e5b32b6 |
C:\Users\Admin\AppData\Local\Temp\AgEg.exe
| MD5 | c2e42e1b5a5cf7dd8fb4aecf18acc716 |
| SHA1 | de55971a16cf342d8e36aa82287119bc30ceac26 |
| SHA256 | 05d2a0ba3fa76ffa81c5af91ea48ebd7755263d7b27db690acb310ca2f6b30d4 |
| SHA512 | f86a4656e2d02a027de2f671f050c378f18a90609b0369aeae017acdfdb56fb68888ec5009e104d975f0eb1b0d8566fb6266b34ed0a203abed03dbab83e20160 |
C:\Users\Admin\AppData\Local\Temp\qYsS.exe
| MD5 | 77eab9f5767e244b07e8c010ea77d426 |
| SHA1 | ca419f21394bc99e6628bd4554d5819db7039b67 |
| SHA256 | 496324d757048e5ab8123b5d28d87f4ca24aa280cca0251534357b5228770f23 |
| SHA512 | 3a41d2a23e8c32b8a945f91eaff8460c3ebfcb577a7e543f688882eb64895dd759b32225c6c4f1ffc6ed7c391b4ceccb7c0ba377eccba17b2c57f6444e65ce4d |
C:\Users\Admin\AppData\Local\Temp\SMAG.exe
| MD5 | 6a9570e5702e10679c3c845337e757d7 |
| SHA1 | 0da1467d0bf15a800b1afc31b6da5c899afa3472 |
| SHA256 | 5ad6556ce50b236fd53d08d77fd0291038cade9b543f4f4b24436f7d058c38f9 |
| SHA512 | 1ed0c88b3aadcda9363e950a26a10ae924b58878e131988b620579eb1b1c1c7f5802a6d784037f9a4b77c091ae42d0b08182d7b80df5042ef367738d398aee6e |
C:\Users\Admin\AppData\Local\Temp\UoQg.exe
| MD5 | 56bee5f1b2b76c5d994fb8d92f059425 |
| SHA1 | e7e16be240c68102e41f84847ad32833c3ab59f1 |
| SHA256 | 6137b3e48578f1500625a24100391d4bd7b81c49d1610ca384a55b9f68febe43 |
| SHA512 | e2ae9e78ebf44fee7c1b72e13951e9d6fabcbcd94cc898d68b5cca9f474de98672a9225d9867200847982d748dde282f47762471c51c897b705169cae2026a8c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.exe
| MD5 | 7c4a19bab9ffe9acfbc120cd2213e930 |
| SHA1 | 60ed0c18be70c47b03ac1b8f393c4bb98fed8732 |
| SHA256 | 48975f477607bca15537c3607fc493bccc5704b94af7dd8f0c81c65ea347559d |
| SHA512 | 9522015bdefd2a72a32f7a36c4aaac72c6550106b8a1c6cb1f7dc54e5f6129759425e34160c1b303c1d9e93dcdc62dc8a1b238a5ffcfc85bf4c06809223f5211 |
C:\Users\Admin\AppData\Local\Temp\IAUq.exe
| MD5 | c0f18fca54e8f84825cae1d2660cc0de |
| SHA1 | 39a20230526a14a5168c22009b4c4f38a38c112d |
| SHA256 | 5a5db53b20274192497d328ac640111417bcf66263ec8b1d634c5ce7cde05675 |
| SHA512 | cb1e9b1e3ca70981150a855cb807d8ce8a779ed0d8cec0829889804e67daa43d7378e81db55d0c6bec47c53d8b0b1eef407963c20595dd795ee56372d131d86e |
C:\Users\Admin\AppData\Local\Temp\wwYG.exe
| MD5 | 5d0a7531e8fe5d44d3ee36ca41916a3f |
| SHA1 | c7c052698c361f7916fcb6c64b5805980bd19cfe |
| SHA256 | 49930059438468dff4ff4a4d452e1c88048d0fd1093d4f1b1e0866cb29f1f238 |
| SHA512 | 991bb3a6cc6f35e1627e0e0a7736e68b93d06992dbba81cb05f1aabea647410a7cdbd12673bd0fa060fff9663cee364af3d499e607c5f47a800972a317b31c38 |
C:\Users\Admin\AppData\Local\Temp\eMYg.exe
| MD5 | 264060ff2feeba103004ddfc6b55ea56 |
| SHA1 | 417e1a67fafc8cb754479bdfab8c642865bc5d64 |
| SHA256 | 265b60d79b8c5f0a801080e19fa38dd8a33154ebd5eee3a1e71efa23445fa235 |
| SHA512 | 4a02cee307446b960c72b3ca3a7a615ff96cb49aa2ca1b22017332086373917ffb73767e08d1330c767a7519b6715b4846f81ae30f32b242dfc6d3e7d7265c91 |
C:\Users\Admin\AppData\Local\Temp\MYca.exe
| MD5 | 08bb8cb74f4911e17c65befea4166dcd |
| SHA1 | 35d94e29e6326bc1c5f6ed066ba124530ca9491f |
| SHA256 | 287cb70d839585270676dfa9442034b1c72cd85c5cf42a53218d8193b44e94e8 |
| SHA512 | ce7afc9aa94a215b11bdd831d5fe3c0aa1ef3cb4371d35afd56002f721de85c229febde928499fc7884614c1942a825edf69b817562d56d28f3f08b64f10e6a6 |
C:\Users\Admin\AppData\Local\Temp\okEU.exe
| MD5 | e26285f7990bf252127ec8bfc5aede76 |
| SHA1 | 594f50fb01d6d1ac31818a9681311b5cd7391b1e |
| SHA256 | e4fc5d6a77fb69db7b87dfdbc15b122c673bd94ebd010c6e5d37f634963a3976 |
| SHA512 | 914c1385e3e11dc660bde9587f5bb8af90db3d128bd1dff7b7a578aa3502ca65773226ead0bded0617ee8571d3d3d8c64ea717e1687b1f8a738ba8ba6468872b |
C:\Users\Admin\AppData\Local\Temp\oIgc.exe
| MD5 | bd5cc01457f35b3c170ecd8e6543a9a4 |
| SHA1 | 3742f767e82a483ecf87c7803dbaebcbb0dc8388 |
| SHA256 | c158447ecbe4cb13f5a5db6b4df83a1fb4ca46ce019b896cd0e5fd4557085c76 |
| SHA512 | f3d037a1875aa06dd64fa085d4f9cebfc47bc9c684e8353c2952bbc37b2ce930942bdcae958c39e61e40ba00eaf1584c5333b2c6945cee0410f2918690cfa675 |
C:\Users\Admin\AppData\Local\Temp\IsMk.exe
| MD5 | c0e1f9897c03f1ab1211b0ec59d4c5b4 |
| SHA1 | ee12444ec77bed60216075467a7d7f3208d1a70a |
| SHA256 | b2876cbbac84323a6a27caed000286237fe929de29b25a13aaed84e791e5b301 |
| SHA512 | b969f8557d0397922700265807ba9fe05996d5eec008159e61a813adcbf2e5dec4086a26f367c391bc060242ac6a444ea75c22139a1edf00b75d583e6ca6cc95 |
C:\Users\Admin\AppData\Local\Temp\IQQo.exe
| MD5 | 1021581706da64dc51704a9b1ee5f57f |
| SHA1 | 3364a549d7406e1589615f7c20d9bef1d8bcb7be |
| SHA256 | 66e8f4c8e77c39359a6e83a4c5c679722629c513f31fa9e079ed288446513e87 |
| SHA512 | 547f7de9005794d39c976efb60a497e439801c73ae4687b133aadcea6e0fe990dc5c91b19681f8836745747ffc518ae5a9baa20e00a9f98b673b6cf2fdb7bf4a |
C:\Users\Admin\AppData\Local\Temp\MYMs.exe
| MD5 | 7d7ae93eb4465183d458d6b8461929aa |
| SHA1 | 37bc432f56d8cab63a0217dd6f50e8b51357b3ac |
| SHA256 | f477d4e52c0384807dd2f755e357e0cf8ce2d85a9ee348fda9db86e8d78f71c4 |
| SHA512 | 58c6f4595154b46242ed8043601232f9cdbfbc3e7b272bcb75138cab35e1287783d05cf3c9a2cae9aeb6c35d91783bf95d6adc06241ea36e91ab56d2a1247e88 |
C:\Users\Admin\AppData\Local\Temp\uYgU.exe
| MD5 | 846f729c891be3aca942a077eb3ef2a6 |
| SHA1 | 0d12e47eaf42b96da48a56a6d83ac420f0657967 |
| SHA256 | e4fecece898999fd631c082405d63b93ffc4296caf12f0b0ca0985fe970df652 |
| SHA512 | b7560add65efa8d9ddbe625da3d90a17b891fdf093f23dfed91e2578536468d4e3a15c8f0f126d7972cf0eeebcd511f329a24bc570095d441950dd496c1323cc |
C:\Users\Admin\AppData\Local\Temp\yAIK.exe
| MD5 | 2fa1b8161764cbf95aa04c25081de7f6 |
| SHA1 | 6d39e633434997167b7d3da17bedcec114d604e8 |
| SHA256 | 828b0d47ac4bc31ecc9772202a554bfeb867fa91ca588c6fd4d113ae01d2f144 |
| SHA512 | d9747150964cae5f04f65e24a0ff35578a77b81ccb5d97914f4f1dcfec340e790560dc4789c41aea63d2ba36ccd9fe34e263010735f9e76801590b8b8db6491c |
C:\Users\Admin\AppData\Local\Temp\CkQK.exe
| MD5 | e4cbb45bf4ff3c21bd846e4867e3d0b8 |
| SHA1 | 6923567be25976ad704bbe313a0644ad5e594e5f |
| SHA256 | 58321823167dac852c25c94760f81c5b2044bfb33aca2fd8b73734e884e859ce |
| SHA512 | 0e93289931702ff888f622f6d90191d9f5272278629844ec2fd0d523afd64f8ef774c5f39e643586a5dc43919a16c5de97397ee114b9e69c1d5b8e0c3f6dbdb0 |
C:\Users\Admin\AppData\Local\Temp\AgME.exe
| MD5 | a0d47ed3a30f232fbe27513fc1905619 |
| SHA1 | 5bb1769d5180742ea0d86d53aefbd6e9207bbdf1 |
| SHA256 | b8ebb5caec29912e5c24a015a1277f1440feaeba27aff016af336629f04bb6de |
| SHA512 | b0172172c69ce4b76306e94c36529f3e2fbc38718049c8fe6a8c059d5162595a7ddc9792ade974bd5d577dfb3567e38ef61a12f6766c23329b3e1ac651294fae |
C:\Users\Admin\AppData\Local\Temp\IEEm.exe
| MD5 | 74b5105fe863d9e97d44086276836267 |
| SHA1 | 1dfdeedb3babb81f37769c63ef0371af8e9caea1 |
| SHA256 | e46170924b805e6dfad0c473f21d3980cb2d01be53a1221fb33aef191c816eaf |
| SHA512 | 389868d9568766b2a364beeee5545deaf70f0e171a25941c42e5c5c6f6d490719e64b9978b9fdb3662fdcc78c3f5606707a01990de3e0dc2a68a1eff56642739 |
C:\Windows\SysWOW64\shell32.dll.exe
| MD5 | 2de096823e34462f586d3e23cc714e21 |
| SHA1 | 5bee84f2a65c494aab0dfca8eb07fd3a7aa4c064 |
| SHA256 | bf723aac71986704dfd11e1c42c000f2434a3019dd561b467d4c637378553b17 |
| SHA512 | dc4a931003216f4e956c5a8ba8e1a1457e3caa15aab3afdde57631393c57fee6a62995a7a71f48779ae587dca8ac4b61322cc81711b0016f6cabc41e79f8a858 |
C:\Users\Admin\AppData\Local\Temp\YIUE.exe
| MD5 | a77d17c2fef08086398e3196f172af4e |
| SHA1 | 8fc3ca575965d08ee1b993c87c3c3b015c03a159 |
| SHA256 | c42ef76d884ae43fefd6ae0a99b7587873316ec52427be1935a9e98e72f5a87e |
| SHA512 | fa8243b8bd64d7b42ee68d51bc32bca5c540f863ef23a5347dd52b39ceebdccc28a3617eeec03111cd988e220e612320cad9740d9f70c5ff3e12e1e3b5218402 |
C:\Users\Admin\AppData\Local\Temp\AUEk.exe
| MD5 | 69bde01bb925332543ce965c0ba13e3e |
| SHA1 | fd37f589b84bd98812dd98b26c24d440b2f88855 |
| SHA256 | 23626631695f2c4ff0582f7dbe715d0aea38219ee2df5c93c05aea601372e1b2 |
| SHA512 | e749efb9ef79aa527e6462ae12c98aa69d08267c3f2c1746bef2a9abb26b75fa948c8b41ec24feb6e8057c7205801db23355abf34c0f1da10a0d4166be0f1e89 |
C:\Users\Admin\AppData\Local\Temp\Mksg.exe
| MD5 | aaadf12bf71c297db98e2fd7de056db2 |
| SHA1 | 7d869d096a7bfd5f43c2b3238e1a04db5596b641 |
| SHA256 | 00998f3166489004a96fdd5b8d5f4be1a1c128e79a02d6b3bf2074fca57e06db |
| SHA512 | e0eb18e50126217dc14da7ad14a115e81455535e15d60e945008926ba5b5204067b878ebc8f3a063f5da8ef8c0e954875c7d8e36b44fc853c8f56c2eb61e51f8 |
C:\Users\Admin\AppData\Local\Temp\OocK.exe
| MD5 | 6d1d0c6cbf2d6ee46951b717a1f2d036 |
| SHA1 | db2fdcc683e17b89123ecadcf6664f33e6008b76 |
| SHA256 | 855119727c70440df418d3bf651839a93f525524a947c8dc0b160c8c3ed47c65 |
| SHA512 | 0a16dac67ce6859258818ac58ef6b1c8fe4620e82231278d2426f57c656801cfc02ee981e0089e15303485c79a9c4e2238eba27f9ff26a80583e0c6dd811e766 |
C:\Users\Admin\AppData\Local\Temp\Egwg.exe
| MD5 | 04f0111065a3e3d55b8e2643de6bce9f |
| SHA1 | 198000a96c8ddd03422d95a24e9ec10db4befb0d |
| SHA256 | 8f7f0c7b822e1d2e1732629884fa456189520af035013a0912ad5ef3ab3398fa |
| SHA512 | c9ac0b271f206a3d52d684952fbbc461a7104388138e2ec24977adec6fc658d1b8d1559d57144100a3000c1b33ca10634e02d9bebb6c891138643aeca0819e47 |
C:\Users\Admin\AppData\Local\Temp\UoAM.exe
| MD5 | 9cd02c420eb4f21b51f2ff8972952cc1 |
| SHA1 | dab8c0d6d3c168d9dbc5ac094f7fb60d41b6cffb |
| SHA256 | df3bd5176636f2185b60c00b0a1046238105ac246e80207830dad01ad3774c5b |
| SHA512 | fca66f569a34842853ce6ed8f474fc5a489157e6b813f000a23da9b78e453bf6433788ba13f7688096f3b52761ba7f809cd4ee66c8cd34f0690858f25d328ebf |
C:\Users\Admin\AppData\Local\Temp\wIUo.exe
| MD5 | 6f5f5a0764ef298fdd42a2deb3ae7413 |
| SHA1 | 05bac763c3b5ccbdd418019e44fc6b25d964aa63 |
| SHA256 | 3aebb085d350383536d81b0af2c250ce8f82605c89a1b510ff6fdaa4bb2c787b |
| SHA512 | 01bf7d56fa8834a721f2e17e387e66776b87a12d3991b7a98d8dc6a795bf3b27d7d334796601ce20690c26249934e92642fc35241a7f5a2225ee389aadc13c04 |
C:\Users\Admin\AppData\Local\Temp\aQAQ.exe
| MD5 | 83041b745b4a181119aeac77af145fe4 |
| SHA1 | 4cd6d993bd67e0173e9e62b159f032075692f0e2 |
| SHA256 | 0db927be4beda88768d2fd00bf8a4fe377769dc75ac66d929f1bfb7f8d7e74ee |
| SHA512 | 6e9b98f8c4c41b677239b3a55ef634669b42f99bf7a680308e485970f129fe7143ecde73f42de82c9e9cec5ff639fccf70ae4365417b3e638032f65c20675067 |
C:\Users\Admin\AppData\Local\Temp\Ggwc.exe
| MD5 | d2e0168a716c3e17ce2f3a884f6c6d4b |
| SHA1 | 1e6cc270316e13b9896acc9826d0e4f186defaa0 |
| SHA256 | b27202d2a72d38dcc28ae94e8f08e56b9ca6ab5e84688cdb1640f47b3906ef0e |
| SHA512 | ecbe0dbf3e4ff4fd46116f4589a53ecc0fbf5429ed12606e2e5bbe65c496c4319988f838c0c189400ae578fcd57b776df4b75ac49995941d4304f02076774fd1 |
C:\Users\Admin\AppData\Local\Temp\eMAU.exe
| MD5 | 4fb242a8175fa18b37d0d636794453a4 |
| SHA1 | ce37598e11c54c26a1f79c66468f239a5c6fb30c |
| SHA256 | 02499a0b3f7aeefe069367954c4a9ca1e129e08bf735df2094c23c9760ceb82b |
| SHA512 | 8964b45d00df94773dbf063da4e67b6b28aea3556e1a154229147c99ea28fe41b2341660ff2d53671b9030338f8ab9100d31c7666ae5e71c4684c4271dbd7e5a |
C:\Users\Admin\AppData\Local\Temp\AwMu.exe
| MD5 | b39466e5c3d34c01536ad91abd9bd56f |
| SHA1 | 5eb10d18227754f4708f85dcd60229c0f77ee7cd |
| SHA256 | 8eb82c52aa6ebc451dac3bfc415f667670768d685baa1d584f608febe426af89 |
| SHA512 | 57d8dae169167359a4dbac7f14db68752352b3bc43cfabcf81772d4b5ca1d779e37772e8b00ca9d63d00a8ccce943df59237b19a326dd6878c3da480c47dd2c4 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 13654587cd378303df8e8665e5ba8b83 |
| SHA1 | 5aae2701f4213802539a32b8493cfd3ddfd6dfd4 |
| SHA256 | d34a33276ff3a9a5c3b6700959c7d6ee6713f481ab4dfe9b672ae24550ff492f |
| SHA512 | d3f5b701433cf376c92ef3693676c4ffdcb65223a54f727527e751950ffd99a19dc6972658429a49f1e694ef0ee789dfe4ba34f115775e444a90d6f29aa450d6 |
C:\Users\Admin\AppData\Local\Temp\cQkg.exe
| MD5 | a1bdc90553e3b09744005a5dffb7a1aa |
| SHA1 | fcd6fdc9d33c3a3a9b2f8fc76a0c133ce71591f9 |
| SHA256 | 8ee2e43b5e75122cefd38d81d14fb2859ce62e62a57315fb4e99aead51c36458 |
| SHA512 | afb286345afca061d7bf91b20397fd1f8607f1781d6640806102a0d4ab4beb04e9583986728096762adf7d9617a48414f6362042d50da8f8e1185c6990641a74 |
C:\Users\Admin\AppData\Local\Temp\Ywss.exe
| MD5 | 83a24d421d93979ca4e3a7bc62ef41c2 |
| SHA1 | 328eb0d5aea7e182856ad7df957d11975ef30040 |
| SHA256 | eea1973220e0c26d131f0bb943394ed3020e64efd260d7f5daad24bb0b0c0f18 |
| SHA512 | 3fd13e943b9fed76bb8527a93a2c24d5e0e9d2636f392a9d6e71863911c21317ca86f6ca2c74499204471782f1303ff2aa7c97ceeb5bebbfd1cfdeb227f0276b |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | f9bd2fc860de17dc8e5da252cefb88fa |
| SHA1 | 03e3af924b69c14333fe290df55a70fb05a04458 |
| SHA256 | 033c7143466333aa416f80aa58549ae7a3638c34280fe0de30677db4494c0522 |
| SHA512 | 83039a148ab821ea1d818bd76b80608c8daf2af062afdb29c8b1b5708a6ff346b1c1836e632b156204cad790ae0cc42efd73907ba47db9e468501e7c0daa883f |
C:\Users\Admin\AppData\Local\Temp\aIAK.exe
| MD5 | 9bb44b75d309d118a1cdf10ce6e51fdb |
| SHA1 | e96669d58abff3ae43dbfbc4dfa097991b258801 |
| SHA256 | 7b43a52ba08978cf77f28fd6f983ac5d2f947bf07ece40a6d5c38a1edcb7211e |
| SHA512 | 97d9fbfe902dcf3c7edcfe6c61047d49d3e24dce4590a4f2b390f37f5bd83c626fa16795b7716a55fe90ecb4eefaa522735a5ecd980b049734e01b68d16803eb |