Analysis Overview
SHA256
f1f5aaf209f61e8c50313fe2356e5d2d64035dc33ab435e148ed14c821b112f4
Threat Level: Known bad
The file 2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (86) files with added filename extension
Blocklisted process makes network request
Reads user/profile data of web browsers
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Modifies registry key
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-05-18 12:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-18 12:09
Reported
2025-05-18 12:12
Platform
win10v2004-20250502-en
Max time kernel
150s
Max time network
135s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (86) files with added filename extension
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\FscEkYAI\GMUIkQQg.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\FscEkYAI\GMUIkQQg.exe | N/A |
| N/A | N/A | C:\ProgramData\CeIskIMw\jAYIAUgM.exe | N/A |
| N/A | N/A | C:\Users\Admin\FscEkYAI\GMUIkQQg.exe | N/A |
| N/A | N/A | C:\ProgramData\CeIskIMw\jAYIAUgM.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\jAYIAUgM.exe = "C:\\ProgramData\\CeIskIMw\\jAYIAUgM.exe" | C:\ProgramData\CeIskIMw\jAYIAUgM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GMUIkQQg.exe = "C:\\Users\\Admin\\FscEkYAI\\GMUIkQQg.exe" | C:\Users\Admin\FscEkYAI\GMUIkQQg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\jAYIAUgM.exe = "C:\\ProgramData\\CeIskIMw\\jAYIAUgM.exe" | C:\ProgramData\CeIskIMw\jAYIAUgM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GMUIkQQg.exe = "C:\\Users\\Admin\\FscEkYAI\\GMUIkQQg.exe" | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\jAYIAUgM.exe = "C:\\ProgramData\\CeIskIMw\\jAYIAUgM.exe" | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GMUIkQQg.exe = "C:\\Users\\Admin\\FscEkYAI\\GMUIkQQg.exe" | C:\Users\Admin\FscEkYAI\GMUIkQQg.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\FscEkYAI\GMUIkQQg.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe"
C:\Users\Admin\FscEkYAI\GMUIkQQg.exe
"C:\Users\Admin\FscEkYAI\GMUIkQQg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\FscEkYAI\GMUIkQQg.exe
C:\ProgramData\CeIskIMw\jAYIAUgM.exe
"C:\ProgramData\CeIskIMw\jAYIAUgM.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\CeIskIMw\jAYIAUgM.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GgoMgAwI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Users\Admin\FscEkYAI\GMUIkQQg.exe
C:\Users\Admin\FscEkYAI\GMUIkQQg.exe
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\ProgramData\CeIskIMw\jAYIAUgM.exe
C:\ProgramData\CeIskIMw\jAYIAUgM.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PAcsQoYs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tAAggIcc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nMcMEcMw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ukEoIYMI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SWkkgwIA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\McsYkEMs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GIkIgQok.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fYQwcYko.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pAgUooMY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zsEoAosU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dmsMIcMI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QKIUskUM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WAIsgcQM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IEUEAUsc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NkEEQUcM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bcoMoUko.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bQAAEoog.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XScQIcIY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qgIAcIoo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kgwcQskI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iQUQckYs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YCIUYMow.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aUMIkQgI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lOYUMIkA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rgwoQUco.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zuUQEcUI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dmsYosoE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MqoskMQs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GmwwgkMw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uiIwUYIc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\deUMkUUA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lOggQAMk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pgwsAoEE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lAcAUoUY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QAwQwMkc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iugkIAMo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EecgsQEw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xaUgUcAY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vccMMksQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lWIgowog.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZMcgMUUs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gkUwUIUM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wSMssMcY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cEssEgUM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wIcQUkUY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fAoQYMIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zqIkcMwY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XCoMIosw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tKwkUIIk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iKIwwgcw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mSkcoAYk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sEccAUko.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\psQkgYos.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pgwAsUUo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XmowgkYE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DqYcQoMI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iaEockIE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cIgwUgYA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yWYkAQwc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tUQcUAUI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rkAUcwQI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DcQwsIcg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cKQswcMk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\usQAMgMA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QKkkYQAw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nkYcwYoI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nGIEcUss.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XkIMgoMg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pMwIYkkA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GuowAQso.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kWMkYcgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OkkQIUkc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NokUYwko.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JqwcwMAM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HAIwIgoE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CEYEwkME.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QUYMYwwI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qUQMscwI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IoMskMYk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NkoUwQkA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rEQowAcA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NMsUkskQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BqgsMMYw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DucUQEMY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oGsEIgwY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EiIkcoYw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SmAcMgkM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TAkgowsc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tcwEQAYc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fwcAsIUs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HggAYIsM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AgsogEkM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UsQgoUYc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mKQgocUo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qqEAAwAg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JCIUYkgM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jMowccMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rsokcsEs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YMgoQwEo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SQQUkcwY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oAEIEkAM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GocAIwIg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hUgsIUgI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JoskIIsI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FsoEgcwE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VOIcUAEw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UWIgIAYI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kyIwUAso.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sWooocUU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nWsIsUgE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zuAAYkQM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\toowMQcU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vgAkkowQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KsowwIIY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUcwQEwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CIwsYQQM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dQgwcoIs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ryMgAwsw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bkEcEkkI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aiMcUUYY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AwsQIUgE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kIIIAoMc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\soYoIUUM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rawccQQM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe""
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.16.238:80 | google.com | tcp |
| GB | 172.217.16.238:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.16.238:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.16.238:80 | google.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
Files
memory/3084-0-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\FscEkYAI\GMUIkQQg.exe
| MD5 | 9b519a83a3d183dbb21b52d4e13d095e |
| SHA1 | 5e56cb041ebe61d4dbf769452c496afed8e0e8c5 |
| SHA256 | 03ad0420e438c2ac803e41dd6a34746343e2056300773276e05ddf98ded528f7 |
| SHA512 | 303b780a955f671c1fe894ba03b8953c3c864e33a13462db808076708c466510673a4a36b3015af63477e11b8738131ce972b792fe49edfb6f9f6e6a22fb68ae |
C:\ProgramData\CeIskIMw\jAYIAUgM.exe
| MD5 | 2184ddbe6bd1c7f7dc580a168ffad9c8 |
| SHA1 | aa2868ccd8a60195b1b71dbb523f2eb7c1978b7a |
| SHA256 | b9d1102fc63c71ecc5a7dee8f944e29c54ec5760e5c173f79b4e3c4c94553087 |
| SHA512 | 89192d28315ef5aab9ba43a859f745ecd6c4f3183954478bd77b5e96265722aabcbb4c6332fb145afbdf85ce2f2b02c4b0f15b46f13f2994d39a7ae8b745a42e |
memory/2252-15-0x0000000000400000-0x000000000042F000-memory.dmp
memory/3084-19-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2900-5-0x0000000000400000-0x000000000042E000-memory.dmp
memory/4764-25-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GgoMgAwI.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2025-05-18_b77e4537856ca9970675e2cc74539e4d_elex_virlock
| MD5 | 96b5a5aa81cddc217e02a83da419a8ea |
| SHA1 | 2f005ac25837210b71780fbf0d44b1b1da873749 |
| SHA256 | 50bc79f388a6f6a3abfd401ede993aa67626207b6ab63320fd44879ef73fda3c |
| SHA512 | bcbfe061efd4a2e60ae16f0ff2432411b3a23b5644f52b596e9b47d699933683c93e0174107520b60c010504c070bbc41aa3b704798ef400c3ddd814fde271cc |
memory/2528-36-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2684-32-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2684-51-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\FscEkYAI\GMUIkQQg.inf
| MD5 | 240859ea1a2002a64e3e657b919be0ec |
| SHA1 | fea0f5f6671af64d30c0a04842a33cd358a31675 |
| SHA256 | 4dd67b7d6c15df792eac64730dcd5376130728deefdc3243a8a0b77a9b870ec1 |
| SHA512 | a35cc1e9abd7566c758e64bed2f4fe66a333da5564b3f6dd7f159ab64d23e5788f6a57fa3423eccc285a50ce3066dd32adcb0f2b8bb2e934c82bf2db56b7d008 |
memory/628-66-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3448-77-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4156-88-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\FscEkYAI\GMUIkQQg.inf
| MD5 | f92ca36a3f8c6b30004c078323013624 |
| SHA1 | 0f178fc554f19fda6a2b1370ca0eba0c4f15af16 |
| SHA256 | 4502ce65501ad9d2780a900467c0d5ab84161956ff8cc6e5d4e863041414f51d |
| SHA512 | 0a9d4555cd2e8014d342062a81943d5402453b37b8808cc45c84086a38e5d3074edf0dde50eda989ad6411a7c3aa54ff60a9d6fa22536ef79ac09885b6d6f4db |
memory/4872-103-0x0000000000400000-0x0000000000436000-memory.dmp
memory/368-104-0x0000000000400000-0x0000000000436000-memory.dmp
memory/368-119-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2908-130-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5044-141-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\FscEkYAI\GMUIkQQg.inf
| MD5 | e4d2b4baf24bfc8a0eeb056dede48cd0 |
| SHA1 | 5ed957bcbff9dc2edc87d85a485bb24a02140c9f |
| SHA256 | 0bf275ca25b06a15deec6aae347c7e23025412bf250d2898a7ad6174fa6fa583 |
| SHA512 | 319eeec058dc533f27b6a65cbf1e446d1ebae73420b572a6a0c8f7c03582e3dd043dcc8882da29ef3e7a86d5acbf0194fa5b387b2fcd7b1e303218c4d5a6bd29 |
memory/4816-156-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5088-171-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2536-172-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3452-180-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2536-184-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\FscEkYAI\GMUIkQQg.inf
| MD5 | b0be8288648c7126b98bda4d54363ecc |
| SHA1 | 4919a5651267af25465540413c9a8b252f032657 |
| SHA256 | 833d321fb4509cd712221814058a3fdd6adcbaf06ec8b4477683d0efc407ecc8 |
| SHA512 | fcb1b9557b74027fa76dff1404623076487e1f4728e2fa0e4d2b5b38ed6180d0498569164bed384148623f9bb7dd347ea1cae53a90e125dd3480c61d3adcda29 |
memory/1160-196-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3452-200-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1160-211-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1440-224-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2536-223-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1440-232-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4648-242-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3144-252-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2036-260-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4184-268-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2768-278-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3068-286-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4360-296-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1964-304-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2260-312-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3932-313-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3932-323-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2176-333-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4056-341-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4584-351-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1528-361-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4628-369-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4564-370-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4564-378-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4828-388-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2012-398-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2780-400-0x0000000000400000-0x0000000000436000-memory.dmp
memory/784-404-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2780-408-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2732-415-0x0000000000400000-0x0000000000436000-memory.dmp
memory/784-419-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2732-429-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4424-437-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2876-445-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4576-455-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2156-465-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4872-473-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4296-481-0x0000000000400000-0x0000000000436000-memory.dmp
memory/736-491-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3452-501-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1352-509-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3488-517-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2912-527-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4628-537-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3152-538-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3152-546-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4872-556-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4224-564-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3896-571-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4704-575-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3896-583-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1064-593-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2752-603-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1196-611-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3644-621-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2428-622-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2428-632-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1104-633-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1104-641-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1408-651-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4352-661-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5100-662-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5100-670-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1220-680-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4892-690-0x0000000000400000-0x0000000000436000-memory.dmp
memory/736-691-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4576-699-0x0000000000400000-0x0000000000436000-memory.dmp
memory/736-700-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4576-708-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4424-718-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1044-719-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1044-729-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3016-737-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4820-738-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4820-748-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yogI.exe
| MD5 | 9546ef93d354c6a3d6bd4dcdfbce8c45 |
| SHA1 | 2eda637420bb3f643f5cc7f52e4b9a0767b95b87 |
| SHA256 | ac96e7047ea994f59088589a1a8e41549d55dcfc71a7046bd40df3afe2cb3515 |
| SHA512 | 44ed79939a967983af270f72a6d400472816d9af37b6bcc121e64ef5e70fa677e09db8de595d6f6df65c0d8fd26cf28898c300c490238d1f786d33905914578b |
C:\Users\Admin\AppData\Local\Temp\UMgg.exe
| MD5 | 62fa1826aae1e87b3bfb0829461c5db0 |
| SHA1 | 817529db0750d0c50b3d44bf57b9bf06edaf998d |
| SHA256 | 149bf225c57cb7bc2e3852fabb0b997e7c01602b7488e639ea638a5beecf3ea9 |
| SHA512 | f00e28d833102ed17c26fc54cbd091954ac1dd38abf0e116f65d15b6a2915dd541ae4b8725b48cd35d782c81bcbf3a9e9c4638ef0098275ff94424b1c7cedbd9 |
C:\Users\Admin\AppData\Local\Temp\ooMK.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\iosG.exe
| MD5 | acbd8d465ac63f0dcd863373889bacda |
| SHA1 | 3b89005105b60018b2c4f92ae64fc4bdcb219511 |
| SHA256 | 418ce6d01b7c2eab2924867236f4df0ada80dfbf457523e2becb2aa9ccd57634 |
| SHA512 | 4075842fad6e385b378df930a7b064563ca7ee2b27ab9a1f4205e688455d2cdbe1b3660c8047bff9844085ead6f9b080747ea9798f2bc4d779a74fb242bbc6eb |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 3fe7190afaf0ab76d84a9325459730bd |
| SHA1 | 50b253842f326e09e50945e55d0eaf357c57f69c |
| SHA256 | 53939abcd2ec765758be1584d582c1b13983e22b70bd2786084261ce86a91793 |
| SHA512 | 707561df1c8695ccadf3bb8a1c7b566bcdf00fb93ee6929254f581ccc3f661c63808374eb1eaabe30639b72b55847a26f7af46111d3e7a34163c1c14c6775f09 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 1a00002b7e29047e8b442f8e796eb275 |
| SHA1 | 4e483cd6b931167bb6c0c99f932f63065591ac24 |
| SHA256 | c65f56475a212be51391052f09a8cebdd9954e2395f384176f1be28613bf9712 |
| SHA512 | 444f37b0fbbf8a904da4f640a26f488b4cf36e1d804abf0c9bfcf7b2967c4527548644d107f549805a597dd1ebfe02cbc4d5badb9d53a64d899debb462f25cbd |
C:\Users\Admin\AppData\Local\Temp\moUG.exe
| MD5 | e3f1e56c29bd727c1d161c5f10b37dd7 |
| SHA1 | 0b9d72a930cb775b44fb1fb4b391b4be0fec80e7 |
| SHA256 | 828849f953aa1042d763492c250c44bc8b8c5fa7b398fffb7992740140694189 |
| SHA512 | be9e16780ca9593d9c573e5cc1eb2bafc75771cecde3e58d4c574344a7d2d55ef48a54fc987d31c249d59d15a27d9fa6b16222559d2c0f7397bd92987beff4a2 |
C:\Users\Admin\AppData\Local\Temp\SkIy.exe
| MD5 | 8a6951a5251e157107d1efb56841c58f |
| SHA1 | ad2f79c4f3bb89e8819b9ecb58f3073e8a01eab8 |
| SHA256 | 4aaef5842b8613a2a4661abc96b2572729392e52133316bfdb6d5298edceaaf3 |
| SHA512 | d0c040cc7e15ccd6c9529b2499ca3ae8ce2dc3ba92afc41cce7ba3c0a7e8fb42e30655ef547bfc737812cf2274a576c8b164dd1ddcc981495ce36da13a7fbce6 |
C:\Users\Admin\AppData\Local\Temp\akcI.exe
| MD5 | 5d938eef8d0d57a1215783a0ee0efbad |
| SHA1 | 3b9dcf65f273bf96a1255397074229e2368ae763 |
| SHA256 | 85aad83bda50c85aa5a17e8ae13bf3fc1ffe8a881dba87dabb4e0b17deaa9091 |
| SHA512 | 5bb80efa2bd4ffa7ba320db2db41312d46ae1af07051bb9c12ab21d7282532c12b2efcc4ec575395e63c2edb96e04d6467a9b02913a9dfc170ab054ee9d67b8e |
C:\Users\Admin\AppData\Local\Temp\CUku.exe
| MD5 | ed7df22f5afade8158c599ac147ab5f2 |
| SHA1 | 8c2770be18978ad70684dfb4123f4c03721d425c |
| SHA256 | 43bcaffe12d602c2f3b094ce9b27d48753157d8d08d108706925c92c75feb586 |
| SHA512 | 094a091b06330613382bd0b348c3dddb50814e6510399e61653ea8e2ffc90e439be598818adbb2f79a914d4bc01aa7dd56c2517611ed8917a49bf9eb9b8ad286 |
C:\Users\Admin\AppData\Local\Temp\SsME.exe
| MD5 | b307e467ab49ed689cefb7753a9bfbd3 |
| SHA1 | 7a1af7d0b788fa31e1bc5b4fa333aa275423d30e |
| SHA256 | 8af407fa31aa99c97824b5f9004c7ebd56255e7c24f9ba5c12ec82d86756b64e |
| SHA512 | d965c46513c8cbf28fc956b5a1f7b5a4d93a8d64f80de555cc04f98c4551e584b7fbd36e7365b7c55f96ab994f9c493200e58a1c9561e288ddddab964e8644f4 |
C:\Users\Admin\AppData\Local\Temp\yEoW.exe
| MD5 | be0d51e8e553211536cae888f2b8baaf |
| SHA1 | df7e4441e3c83f583d7963c7ddf455be85c5d787 |
| SHA256 | 62dec1be5ee62300293f394800295ff165702096ecb051690b555098e7cb0110 |
| SHA512 | 667baec0b89abdfea643d937f77efdef0349ce0ae5d22e7cd723991f5b8f47d3c56fde4ffb16ee5c59a28511aa1f9430bec1c3b4b13e793da90de2b518e42ef0 |
C:\ProgramData\Microsoft\User Account Pictures\user.png.exe
| MD5 | 1066361a7226c9749c95678c85bc0375 |
| SHA1 | dba5f61f4a26fbd0f3a15315897a7657a3650513 |
| SHA256 | 07c3d9d1e534af15af5748d33ecc4cf7b246b406a353deb5974ffd285e4c9d2b |
| SHA512 | b7f22e13c70ee7c9a7d9e9c9839c20baae216af3a8e257b80f1bd73eab5498c3114bb23b21544fdc58a53ca152ffbae2c9f99417221481ce2affa09a1e3dabea |
C:\Users\Admin\AppData\Local\Temp\wwsU.exe
| MD5 | 8c619b56d400f3104dea74527d0abf85 |
| SHA1 | bd25b51deeb4d33b72b5325405e63217d389d3cf |
| SHA256 | 36834a9c901589aea203e7959588c7a73695942835e0953dd52c54c2dc5aa320 |
| SHA512 | 73abd0fc285a29b69996bfb7bf90b816092d4c59ba6a36d7231d5446f21935b9a70fb3a4d31914b1ca8075369fef3936a4a6188c927e540c73fd541b5566d200 |
C:\Users\Admin\AppData\Local\Temp\MsMk.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\mQIk.exe
| MD5 | 2192b8fbcc521118b750e941a84804e9 |
| SHA1 | 871c118b61ba57c7785b4f5bdf08f2d96077549e |
| SHA256 | 95fb9003a91d284390e9b45610b3ade1427d46872256346e40c7b06c13430b8f |
| SHA512 | d104f09a0b318fb6dedfceee3988e5139773105ac517dbca5f2e5c22561e16e2bbcc62051748cac53a15af51e1a79ad296e9e710c4b81f025250dcee41594b71 |
C:\Users\Admin\AppData\Local\Temp\MwkG.exe
| MD5 | a5b07f3bb8668611a5118a5230f8b3c6 |
| SHA1 | 882af291ae3044e34fdfb6bf9ac6f022792f8dfc |
| SHA256 | 961ab0feb5bf4ebe29ee4645a9fb94a3a211fc5ce9b9737c07d1dc910f1bd70c |
| SHA512 | 223317f2f0c6972f17b3491ef12964ccadad334f73ce3e7c788e4994304942f664678db235a326eed6de1d8fdc8c3cbec86df55b10746fa771e9e8a318658067 |
C:\Users\Admin\AppData\Local\Temp\cUES.exe
| MD5 | 65cb90ae51cadc9c3a345b500d03921a |
| SHA1 | 9ab4132505196b8b899d4733495fcd0c885bd5ef |
| SHA256 | a3f859bfd20b621c464523edc9731ad09a2d7993092f27b341f8ba1784c82de3 |
| SHA512 | 1e6e1a386cc2f8bf662b36af0cb585f45a60ca8cbe8f435add59b91fea8af050f25d1a7d79780368c08d7b3bd3fe08d85bc57f04a2a68c38af803fe8ff9ceac1 |
C:\Users\Admin\AppData\Local\Temp\WkUu.exe
| MD5 | 2314eb19bf72d9df506263334b5ade13 |
| SHA1 | 83230a207b47638aa85f7a02a33f2560e18a74c3 |
| SHA256 | 8334c6525a523cbdf264ef1f08910196523d96b0b7e0f90be257f21ad6e4311f |
| SHA512 | 2ed1e5b3fc808180b8d84acd8c957dc9271999d55dce7bdd1ae59caf824df989cb15e07e6646c0a2a802d357f930c06e623d5e7427b6bb42b80726da0c1a584f |
C:\Users\Admin\AppData\Local\Temp\QsgO.exe
| MD5 | 8e6cf01650736a29db6eadc129c4b1b7 |
| SHA1 | 4b7b37f14a95c6ac06d67e7e3c543d1936345e1f |
| SHA256 | 43003fbd7d04c61bfe6c7788a6fc3744865a0529cecdd0c7437476c458e57536 |
| SHA512 | cb8486ae50fe9863a31aac6141db28c49885ecedfe8200cb1a04fb6c1331351d8f5c49152359efeecf7b5930b0a33e1b0d0f66f36bc4346fd6a9f499a551d35c |
C:\Users\Admin\AppData\Local\Temp\MQka.exe
| MD5 | c7dc352a49652077ed656b466d228ab2 |
| SHA1 | 9e9a8eef9375955879f1b81308ad8c72432fc250 |
| SHA256 | c0943e31ca7c2ed205cde83975bc42ce56ece3f844d996b7c92aa30663608767 |
| SHA512 | 41c4302fd9c5667bed7ba3c2757c8281f1dceffe63d74726639df45f8812baf97114f1f872b8467fd96079194a669bb3c79a6a1fb423bcba40d3f7c10a555ebf |
C:\Users\Admin\AppData\Local\Temp\KwsK.exe
| MD5 | bb91436cee6c2a09e6af8ef6dbc97d9b |
| SHA1 | 40d6af437bef5dda16c4cd3059264a26c50dcced |
| SHA256 | 687059dea401b9a076a32c954ad5be364f15688acdf1f2dc86cee0b4688af8ee |
| SHA512 | 6395728698e37fac041326122b93d31216b8be3be84e501507f7296b9ea28b624d55fe83c4babb199009589a5122f3b5997327dd4f5830829cd612d8de0591bc |
C:\Users\Admin\AppData\Local\Temp\sAkq.exe
| MD5 | 0609627ef65617682262661e155b54ae |
| SHA1 | 02dc6157beee6bc0280a4df71553190793b74e2f |
| SHA256 | 878bb35e3c0d56cdbcab9790d61c73ddb54308d8ba715ed3ce78c6ff6bc2b62b |
| SHA512 | 3b0e2a398748e334c8a43ca1196254366f96a5a8741f26374d2d5940d1192e1a3fcc6d09cae74e6c8d6cc23f0110f2b5b0018714a83d6ffff682bd57c0f5eb5b |
C:\Users\Admin\AppData\Local\Temp\qokg.exe
| MD5 | fe7b797f3b01324d3b3d6bb14d09775f |
| SHA1 | e1ff29ca798e6adf7a69b8aaed5027b0589b51d0 |
| SHA256 | 0ff5a5f0f2138225df73d12b68ae411e34f8ce75225daf4b58ff0cd2bd99b851 |
| SHA512 | ad6e6c95734a36b8719e88a8ba782b6dbd4cc62f39bf2e7a4203eead613fb90c2a23a7317c10cad8d53448179a724f41745e588c5dd8099f227d3743cbf1f40a |
C:\Users\Admin\AppData\Local\Temp\gIsO.exe
| MD5 | b45302d4e879d3d3c5b761ec53c7cdca |
| SHA1 | 302ce1c516e9940ecf9517fb56aa95e84dddf0b6 |
| SHA256 | dfc47b30987a3cb5ecb40ca40e1e81618d9baa863e0d16ffe7e391875cf06635 |
| SHA512 | 987783108366828a8eb67961a863dbfd91ed466338b5999f358d792280aa0d0183922475ce876065fd08dee54dafbd6d5dfc33e2b6d7aceb81eb1cc36b70101f |
C:\Users\Admin\AppData\Local\Temp\CYso.exe
| MD5 | ba00d27a217bc445a6611f9d33fbf70a |
| SHA1 | fd1eb495af630bf05c94f188425499706a931f05 |
| SHA256 | b9b127e7b790c85b95ce3f2d815d4f037929dc3bd291d01bf6e8759903824a6d |
| SHA512 | 3dd728684c5a132cb56c219135ecaa22f4882c0c6e5e65ac6f751b0940e083e5f001c62216456610a28ae1f99ca933676bdaeed904a317864c26a0826767bbbe |
C:\Users\Admin\AppData\Local\Temp\gIIY.exe
| MD5 | 88fe77d8f357280b057a8eb5a7c40769 |
| SHA1 | 1dc8188970639fe7fb0368a535eb2dc36e243288 |
| SHA256 | 25f5c158cf53bb69256571556a20b85c298007d137043cc61dfd9922d24c8cd9 |
| SHA512 | 6af11ef6f8614274f6c775583259151829096d4ea8d81ae97eaf9affeec0bd04b19ee09a3284204543d138bb3e103c3d9dd76fe3602875da3ce8fba3c5839699 |
C:\Users\Admin\AppData\Local\Temp\scgQ.exe
| MD5 | a77585fc6e21f871d65fa3f157552f5a |
| SHA1 | c77f0cfd218947e061cd1e1b306e45e5d31e685f |
| SHA256 | aa1b2955a80262a7b1a081d8a4db31ae922dcd5f19e48b2fef9482581b3cab6c |
| SHA512 | 109158126837cce3227041363b4f059e75d1032a019572dcaac7edededa43a235895528d46251e6aa57ccd4ca17e08ce4d72f07dc81a188e33d83b1600173a0a |
C:\Users\Admin\AppData\Local\Temp\eUsq.exe
| MD5 | d09a2825fa8e7aa1ba836dfc300d5857 |
| SHA1 | 978b936e118ce951355797e49203428a1536da35 |
| SHA256 | a6ec35a1c07346be9ef906ad2a87fdf041894aa6d824237ba004b9023442e408 |
| SHA512 | 9a388bf1e7b6697fe8836e3b1662c5217198cb74626006fec5a0804be8da037f0acc769cf319d7ad9628b86075f32cfe4404dc22664203a6c0edce3c302b7ac2 |
C:\Users\Admin\AppData\Local\Temp\IccC.exe
| MD5 | 8bd67bfc5e2b961e107c4c49938c431c |
| SHA1 | 438ccb5e6e76579c6970aac447a40296b899386d |
| SHA256 | a41d47a620d922e8ea7a50b24540bf4ff242ef3228c653d951bf3e2fbeae8f55 |
| SHA512 | 407e272b934dbfb3b10f0b6b7ad7d7342ba96733dced6a1803960819963c82050b26ff9cf5314befe94b205bb3e8aba5d5952d3c2e6fb2afadfbcbc77bfbc8bf |
C:\Users\Admin\AppData\Local\Temp\kQwu.exe
| MD5 | e387b0f98d6629949d48e80654d7cfbc |
| SHA1 | 05ec85b86698455b64578abe273386ba85d01c02 |
| SHA256 | 83111ead549e475efc4c15bbc2596d165766d9485dedb1d8a1cf2db340227d51 |
| SHA512 | c6ecfb91ae79773bea04797d593f4b36a84cc901624dab57dcf1173e85daba8b715ee711aa2e9ba072a3e7fe2a9093e441850dd159c808bb718ebb30662ca3a8 |
C:\Users\Admin\AppData\Local\Temp\sAMU.exe
| MD5 | 1c779f16bee06a3f5d6a06ee501fd18f |
| SHA1 | cc72402801628ed5369b43937f4bf61be9611cfe |
| SHA256 | 86af0691ed7e6ecb08a3ddd625fa5f34896e19354c0474851c63c6204ae709a3 |
| SHA512 | be7f352b4b9ec7c1a6c955f10a324da23e4614342e4a5c942d79b559dac6ab742a4222674b22a27a847a6f73434bed6b9e62375a143a6d48861d8f963a87fdb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\96.png.exe
| MD5 | 491f6f422a36e2e3e555089c847a66b9 |
| SHA1 | 598711a81c90807f097ca6d8a99e6767af3df935 |
| SHA256 | ad8a7ae6987ac9c851ec233179f1b1c2d07279fd5777dc52d65fcfaf398e5a7d |
| SHA512 | 9226bde5c8f55481621c1aa16e5e401d2d990a72fe314a621b82d218d4ff3f4721f110dcabf7fe655820ca5f6249e5c19273fe4a490547d71be1d848132e5e56 |
C:\Users\Admin\AppData\Local\Temp\wAko.exe
| MD5 | 83438af03121a413bc70c34c952d97f3 |
| SHA1 | af0600ea9d31670d6d483911b8c0802f2d78f096 |
| SHA256 | 8fd69dc00a7fc026841c53d279f08499025d694f8e6c42036e814ab3be5b7cb2 |
| SHA512 | 390d79d61ad8eecd51adce2435fa7e0f670128b4920f287ae745cf002dfe08da03b7b64c89ea6757bf471bbee138264c05c3d4be08494246de3834c61c244c19 |
C:\Users\Admin\AppData\Local\Temp\oYgG.exe
| MD5 | ac4bd900e968f618f3e8fbcaefa3fed1 |
| SHA1 | c1d4470f72b9d39fcd7048ae3e6d04d2e14971d0 |
| SHA256 | 250779f3b8a23951e0117f74a1bbd8860c8b09c01b857c3fc5cc841d082cb65c |
| SHA512 | 23b99a039bc39ca868874e98e7fd9959364230c969289b844dbba75b2aaa1fda6f043bb5ac29dedecd80d43f44f2b498a8341de1f991400761537582faaaaf6f |
C:\Users\Admin\AppData\Local\Temp\GAgQ.exe
| MD5 | 95d2fb2b48c6218a12ceaedc061a28b6 |
| SHA1 | 0503009a78790807cd597071f6d7337133b6c0f6 |
| SHA256 | fa24bfe219d804fd9db73a405840fb176eadb952f3b61e9ebbf85a019161303e |
| SHA512 | 91225507e9c725552f6bc5645bf91d3bd0dddfeee1f93c2b239de9945ddce5caea9388b008d7597c777af816c59a2a22ab11ac49e3f43caaf5468b21791d730b |
C:\Users\Admin\AppData\Local\Temp\MsMi.exe
| MD5 | 4eb52c2cd3ddaae466b215251cb5b8de |
| SHA1 | 06bb272fbf524816afacda515c7db0e774480e36 |
| SHA256 | 85d7c704ad3ff9dbf8b5d3a181858cfd2b97c28de575fb7ca18be21d6e7c1c9d |
| SHA512 | 81dfcb2519f5d18e0be0c7e7559368de462f6803385c694453508d1e61c7bbb91abeeb8802bd8a2e5b5017a164139835be3f5bd85c3930b1e6b566b0ec8ce5b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\64.png.exe
| MD5 | 2a809f1ea3a3945fa05bb4ce9cfd9918 |
| SHA1 | 668f125e7a58d542f710c92ba7a41fe5536e4178 |
| SHA256 | 8b7eee092da9818eaed830443f74402d8fd0e2c8641798dfb0de999d1c45b81b |
| SHA512 | 647563576cd3902332c318a2bac0887760d732c9360bdb75625b1cfc888a593a988a64a0d4e4f528e0d4b0d046d2dd2b9389c3662a2f49f6241d7f435d6b97c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\96.png.exe
| MD5 | 7d58c89a1a8b62bc09fb9196d0ead50a |
| SHA1 | adeeafbd9ef2ff74da8bc5ed506d631309939dc7 |
| SHA256 | 5cdcb3ee8c72c402f3db189d11857f7affae769ef67fcbfb553ca1fa3d16fac3 |
| SHA512 | ccfedcf74eba926eb0e6fc62cd1a0be986f5d0100285e85b9c0e15ec4a9cbe10f88fb381f7d4236827b32af3b4ca39e3a973e49cde88d183be3e721a3570da91 |
C:\Users\Admin\AppData\Local\Temp\WcoQ.exe
| MD5 | 606a83a82a2df379df57b1b5b62d3263 |
| SHA1 | f83a3490a9e24b14c5b5674a1cea6a4eee06537e |
| SHA256 | 1b433770d68b4077f674d2e6335a099f7d0f641fa7c8d3dcfa0f940670ecc783 |
| SHA512 | d26b8688d69d3771ffee263d1fd3871c3f6011e703f539955a6c5e25500675eb0c7c198fee4741f2ae846bb5e38fa9855dc185995d00ed3c6f126eb9dac7c3c8 |
C:\Users\Admin\AppData\Local\Temp\EYky.exe
| MD5 | 473899eafd7603fab256031092016905 |
| SHA1 | 41ee95de5cf96f0620fbe3840e4a9e013c5efaa5 |
| SHA256 | c66bd8c122354b2ccad67fad16e80f7c30ef43abeab394ecec8f5a0c79aa51d3 |
| SHA512 | ec14cb6e66cd00e28ddff0442339a240c1b080f50e423253ef02baa80dec8e8ddd40ee505426bd12ab211f05a33a5ec325bf0d2ec77e616ace83ccec8bbca2c2 |
C:\Users\Admin\AppData\Local\Temp\UQUo.exe
| MD5 | cf9fa878f283bf5fa5e884968ac3643a |
| SHA1 | 70300233705be650ca7163ee90ac15d51a10f5ad |
| SHA256 | 23d49989bb2b9477e4503fe56c6cdad914e7c4447d45c6f814638f907a5aef11 |
| SHA512 | 0613992763f6677cf63eef4cc87891b899ec37e7d1063ac8319d0368c7c326f3aebae76182be867d4de06824d72216f843d8822569a07c6ecc4040ffc67fce11 |
C:\Users\Admin\AppData\Local\Temp\OQcq.exe
| MD5 | a957f913a7b4d257d171f6d67d00e1f9 |
| SHA1 | 466a967f018d240a9b37e5944e7a8da0b780c01a |
| SHA256 | 5429fd7470436e1ec0625fb1e239ce00dbc64cc61041f6fad3d6a423ede78ffa |
| SHA512 | 664622cab2c63dce2240f77f6bfa451dde4861ff7bbab09da6171b15f49af7d171f5ed9d50bd51c0f7ef098f1c5b725ee656e2844316fdab41c93c59dc7c444a |
C:\Users\Admin\AppData\Local\Temp\qkAG.exe
| MD5 | f87dbc594c5525da93071ca1dcc49bf0 |
| SHA1 | 53b97bc7c54b1dda796058b5210dc3db6c90b808 |
| SHA256 | 3e4fef1f781cec08b7173a3ea279b924676cc5ae5dc1321c374d0648159da493 |
| SHA512 | 74eba9f278cd3e9925ead637db71b5cd425c3ae90c5fc07c6962028cb5d88543605a110fbd9b9520282540b3971d7af49e46d9e12e8ad1df62aa72b7cf27370e |
C:\Users\Admin\AppData\Local\Temp\EYAc.exe
| MD5 | c865f3575bc3cd1ed7b34ce2e5b21831 |
| SHA1 | b6a80337f71a836a9dc0af6c9e62deb1378e616c |
| SHA256 | 25c3f033d5990f9af985786c9bcd71e70d13de0af8a0ecad67cc9a348fc74945 |
| SHA512 | 4b60e871d86147df6d9084b413678ef3ecb3190fa3aeebc91150dd3de70500ec6523d58f6354455c20de3b9dfbbdf47c93bfa74dd1d28d2ee132b28d5b3ed5c5 |
C:\Users\Admin\AppData\Local\Temp\ggUc.exe
| MD5 | 6ef6d7615e11fe6da5d5a3b59955b787 |
| SHA1 | c307440b19ba5d4e1016de05e33c36b937ca5e54 |
| SHA256 | a756efbe74d353aebbfeaa579714b67ec851eefc83e8afcc3637011bc898312a |
| SHA512 | 986a55fb2be2f6bac25bf980c8127c854d8b5a82369ec7921310ea30abd020f883634a6a08b1d5ef8600224b5a884db70969ea89694b71dc4e0f6a32ab600f16 |
C:\Users\Admin\AppData\Local\Temp\qEUu.exe
| MD5 | 7a5271d3928ae2ad8d5a4dd30d6f6e2f |
| SHA1 | 3727de205d39e074aaae5cb54c1f5875e35fd146 |
| SHA256 | 338191fe0564b80275397aa496e1deae6425ac67b70f7f4b8b38dca027f7b4fd |
| SHA512 | 806be9b2205a6e7f98533906bf1c60fe0aa888fcb97584bea486c5bce674b5fae62727d346aedbc3669c248778e345a8f33f2bee46fb05c4155f21cbcfa29064 |
C:\Users\Admin\AppData\Local\Temp\usQO.exe
| MD5 | 8ff3a45a790739503494b1304895e1c5 |
| SHA1 | 6803494e13b5aa53225b81a611b992672922ed4f |
| SHA256 | 968bb78e61e510a25535bf890129ecde412f0d511d9e2ec954bbdc860f885b14 |
| SHA512 | 901a4111a31551f309fc7dd11ebd8ac5f412f4d8cbe1d078268679c306face054577e5b1ef413f7a613c416e9ecf348a1b14e9f323a7c6e97dcca31ec8f44d1d |
C:\Users\Admin\AppData\Local\Temp\mowI.exe
| MD5 | 2cf68cef717e449c611acaafbb8392d3 |
| SHA1 | b9ab6dac060f30a61a3c33c3007ba83326159665 |
| SHA256 | e519a614fcec068fbe963d1a7f270b200b78cf1ca9e78f6d23f293a823f722ff |
| SHA512 | 5cae89cac047a3fd872048b322d7e2fa5c19ace3473a9e8ad2374efd5cd9a6944cda5c3ef91fba76b3bc2f412ebf00637c253d189d61b6ccb938a5331ac4770d |
C:\Users\Admin\AppData\Local\Temp\owgg.exe
| MD5 | edb232c6e54ddc6e961b5d6b28a2e6d6 |
| SHA1 | d826b91f0bbc8ebbce82233dabff72b7dc8bddbb |
| SHA256 | c55c228be822b2f4ec43cdb7528d8dc82015160bf65dce1828194a3eca8557d2 |
| SHA512 | 1f1c84d45ed0895b40254caa6c7a71081068f50d783f4837aa7b5f0eebd954cce770afbf0f724f2d440a0490ef171e3eba7990389e5851eaa6dcde9a4f240d3f |
C:\Users\Admin\AppData\Local\Temp\ScUu.exe
| MD5 | ae065a3b62d8e9d6f528328b73956557 |
| SHA1 | bd75ea9953b585be5e7bfc66bb42f690c2849fac |
| SHA256 | fd638bf353bebdfdaba84c36d5a0ebbd39d406b96539baccf9d5ba61834b2251 |
| SHA512 | 5cac4c35d7eb473812697c45d32209dbbe2bd3b2379c47951b3217c4b1add8064012231e574d0093281ea9ba01a5e4cc954da96b74f039fed14191f2b7af1fc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons\128.png.exe
| MD5 | eb5831c1084c9b60102ce2f83f33b7f8 |
| SHA1 | ffd57d38149a62f8a474983b8e049aae4da9abe9 |
| SHA256 | 658291a6511403c1e9eeed28bb45b03e730659f28fd771049991bd490ac1d7fa |
| SHA512 | 3e5a752d98a5ee1c8b9591dc32fc26cc1d7477e48dca6898404002943a3dcedb4d4f19695d2f46e45839d6a7b9cbac8a331432464b03d7f63b12127f5fd0dcca |
C:\Users\Admin\AppData\Local\Temp\kkoC.exe
| MD5 | e5f32e36b4abde7b2da6ec355b5ef51c |
| SHA1 | d74f59f758c2012241d365c8ee8a19bcfd55c507 |
| SHA256 | 5004b5a5c0cf3fa6f47785040f90842c1b5c942c70bf3056946f458a708fcb95 |
| SHA512 | 60dbd8ca021fce6aa8778e7cb2c09ef7481f487ebcab3ad424d16e6dcecc889f4883acc2e438e9a3eee3da4edff8b2411e78afb39435061819c2a3040fe6a414 |
C:\Users\Admin\AppData\Local\Temp\ogok.exe
| MD5 | c99379eff59b959b25f3470a7459f6c2 |
| SHA1 | 32a749db290c5ce2479c1a495d5c3f0c86280ce8 |
| SHA256 | 024b70a4cf0570fa4a127b7187e11264aa6da7841bef4f403825c01c43277de2 |
| SHA512 | f72a58c9dd9292510530b5f2e097c7e889a8380c8bb5548fcd8dea98765557bf280e461cd81247f69d1d2df50c2cd3f2c47cd97d2247a7813ca5acb0e358e098 |
C:\Users\Admin\AppData\Local\Temp\kYYE.exe
| MD5 | 36e266dc2b977d236ceb6f2211584af6 |
| SHA1 | 11bb5a41ea2426a19910ce656d325563e9238550 |
| SHA256 | 30cc4bc490f65dc7dd455bf1202049d25328079c272070f581f88d8253b10549 |
| SHA512 | 67e69bd864ad2475deac2d4f75f73dddd50f9d0af69d6abeafc1fe8c54c935c240c9be39c1cfb7d9740e5f3893e6e824ff6e449375ec6abd30f0483d9a2ffad4 |
C:\Users\Admin\AppData\Local\Temp\QcIW.exe
| MD5 | 07473344183912867c3571a19ebae023 |
| SHA1 | 3cb5f70cb8ecd5ee384c481dae0f3a8751165dc8 |
| SHA256 | add9a3021f97e940eee85d432f74e1ec530e0a30a8b49ac32ac212da04be1b6c |
| SHA512 | 10a1ba5ff71883985b7bc35bd8653e9e8fe14c784d8ede76d5d05b1ba7886b3717ef16ff431d18cfb0d16454046013f8c6507e405a45c5eaca8f94610cbb0ad3 |
C:\Users\Admin\AppData\Local\Temp\eUgK.exe
| MD5 | b315bcaa93683f3a811d63a7ffcea395 |
| SHA1 | 716576fc4c01136f3fd3aaead61e64f8b480738c |
| SHA256 | 31e120565eb70330e8e76497c89184a3098ce3125b74bb798931465373dcc5f3 |
| SHA512 | fc06682b4b512fe623eb13aea8b56a84474d5a6dfd75a57a060f61fa36898986850f59902d28b00dc40eff2f79190a369fe30ac2e2398ddd111163af43aff515 |
C:\Users\Admin\AppData\Local\Temp\qsYc.exe
| MD5 | 39a9294a2ef320e5180b4f97f1c2d98f |
| SHA1 | 56d61b6bd231cbaaf122a2b87daa5d82f0bfc662 |
| SHA256 | eb57ecdc315b8cd36f8e218fb209fbbe897db3855496955bc28c483f4cfee4d8 |
| SHA512 | 01e53faf977e04eae9b95c7f6d784f7efce3308043a53f67e1fb34152c3d5a6a20492360a24adf8cc67d19fb784ced32cb17e915f01044284b994e873ef6dc9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\256.png.exe
| MD5 | ee852d32d6848415ccfcdc4ce6f6d153 |
| SHA1 | fdda3067d1e3619b0902b775a25db12a0bfdea6f |
| SHA256 | ebaca89bcbfeaba6f5a5f10a62f89018fadcb66b40aa83035d937d26ea43e7c2 |
| SHA512 | 9b9add7a99fb0d7ba11c067e9e0c72db7931456c47042e9ab00672a0377864d78606528372904b97c8cdf69ee2d2e8331509b01b4a0d444c0c6e2b8c3302b427 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppBlue.png.exe
| MD5 | 64f285c74adcd95e6476cfbe8aa9f639 |
| SHA1 | 63a976ce711bc685d692e546ca80a4a52bebe3d0 |
| SHA256 | 9089650389733de20cd4a859bebcfa65d6e5696cf56376e028a2b79a3769246d |
| SHA512 | 356bfa5ab17ac121050b684214e1e2d5dd00bd8613466d89a3e23e18d1288dc8587c9553eaaf815650253d45d13722439d858a9be0bdf44d2292ae2fb9df6917 |
C:\Users\Admin\AppData\Local\Temp\wgMU.exe
| MD5 | 6e1ce823bd67b773ce343bb46470aea4 |
| SHA1 | 49cf96ec091ff478875bb146f0d65d0ef17bb0a4 |
| SHA256 | 6c64168cedfd47e136781808e5740c607af45c3d3fed318b5f1cb4f8ede70416 |
| SHA512 | f2be7afc234703eaed11ccf25965f243da5ef680ba1f53ff936c3a16173a485a36376cee9b1509e485addd5b9d2942f6e74e8b32c52f37920a90a702d935734d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorWhite.png.exe
| MD5 | ebab27e1964ac8bd83bfaac53c68f9af |
| SHA1 | ce1f33ff2dee4a9b861199e9c39d15c4c3485df7 |
| SHA256 | 913e399f66cd2a7213b168d507a42a9586f2b769b689aa782946cc32f6fdf6f4 |
| SHA512 | 0205cf49c90afccecd40dacfb017dfdd75f4fb62b456ae7b3b5d1b06976c12861d8a76a73659768dfe506a7bba8b6ff63c7baa1da9f02296bb5f4325f738b233 |
C:\Users\Admin\AppData\Local\Temp\qcQm.exe
| MD5 | 49840a56ba95ef460db7ef16b78786a4 |
| SHA1 | 8355a7cb506aef4c85920fe36850081517eee15c |
| SHA256 | 7abd2fbc06b28491927d78a6f0ebff8f6e002f2445684607182354892beb2574 |
| SHA512 | 0ab146a913511e79837af02d5969abb79bba8692405c17bda7a544c11448be6939aff0e8230b22fcef5b3f0eb035d349a93855eb8794c7dbba234ebab99c6dd4 |
C:\Users\Admin\AppData\Local\Temp\CUoi.exe
| MD5 | 83c03737d8e54efc75769fc926d56597 |
| SHA1 | 542493f7fba19591058d30697e20a416739359b3 |
| SHA256 | 1a13a822b7f722d868130e72569fddf2102cae8964faf7300eb892824e2dca01 |
| SHA512 | 3eb3afcc3e9c900b87d6ab89f2a4c90b79b38e02d60ea96ede0ca97f7551783fe35017d9207f3ac90d4d58cd6d6f17a9a44af699520cef1373e75320b7680557 |
C:\Users\Admin\AppData\Local\Temp\iAgC.exe
| MD5 | 7c451d293c37e0139f9f800129b8303d |
| SHA1 | fe2b1419c16151385dc4bc859eade9d201433d6d |
| SHA256 | 3f9b43ede3e3f8146d04d90ccb151f34310df20f664ae37829d44e61d323c787 |
| SHA512 | 8a866575f419c9c6819cfd1e318e9fe1b8275e513d0b4262b39293459f0588094c20d029cd62f2486d218ce9a3bb2e1976c198314ce00f64c4fef60bf2e6c1d0 |
C:\Users\Admin\AppData\Local\Temp\kEUg.exe
| MD5 | 9cf45c964be580e252514ce5df52c44b |
| SHA1 | 2c3ca1aade7793e872fc217f40b8d89d6b24b57a |
| SHA256 | 8b26c884f401da3c71a607026a55bcbb903b0c8b76778fb1718f92c40e0fc85e |
| SHA512 | 93d896158d3ebb648789d26cd7c86ab411ff70513a34dd399210373c2d0ad2ecc8e68e9c88fa63993c5d8d636d266e201c5e6da78a256362897d8f50bedc2b6f |
C:\Users\Admin\AppData\Local\Temp\qwUo.exe
| MD5 | 378df852d4cc5f418363a7e01bbcf309 |
| SHA1 | 3075ddae1578d959566e9620167544f65652e549 |
| SHA256 | 5bd9e7fb9307841c35e802caeb7db18816871efd56f9151da0d564f276ad0b5f |
| SHA512 | a482cf77c1be54a6fd45d4353af2921e0125dc0992face86b62cd7491a89990acc19974628b0718024241d8c7ebabee2017d6ba06d0a240f41f610457585c76b |
C:\Users\Admin\AppData\Local\Temp\OksK.exe
| MD5 | 791e1d046beaf3002fed61936ac6d039 |
| SHA1 | c2e30b3e4012d01cd05dd3cdf4fefbcd40fdc415 |
| SHA256 | 7a3dde861c3f91f64717d47538ab23d1ba3554cae7da687d45bf418613680c8c |
| SHA512 | 7581f94538e2b73acaf0cdb168981575a9cf7e1a4f9914267e5d1be7fa48fa51e7e266fa8226f2b64452cb2e47c4b5257085e025ad03e08e93876ce5530abb68 |
C:\Users\Admin\AppData\Local\Temp\UIcQ.exe
| MD5 | ac994c143ced9d9567d9d32874c5ce62 |
| SHA1 | 24eeae63152939ef6e4745ed7e6d3ab374dff34d |
| SHA256 | 6323e58a3b4b3f001e2b42e7aac508918d9239d701cb281945c16db812b941a5 |
| SHA512 | 2431485d2c120ad88538ad1990fae96f8b464f8dfde92c58608cfda1638a21fbb603551142868e08abcc6338f2fad89259001b7925860a8277e889e4086506ab |
C:\Users\Admin\AppData\Local\Temp\kgQg.exe
| MD5 | e546c269526454673f9aff23a15112e0 |
| SHA1 | eb9382641cdf5bc4329ced3fe08afb754d413743 |
| SHA256 | 86b51ec854380fa86da638a7e09121e19f5be0a0574a16b44a571fa0e67cd5b4 |
| SHA512 | c3407b9d73102fe90ce98bdc6a0c55e290db0710a982afeac572ceed215991d5bccbfec3197c03df527ca3c5316708bbf408be478daded30f6aea9a703ca14ac |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMScanExclusionToast.png.exe
| MD5 | 21c89f36be7f5a05b3382cbd2fe717fd |
| SHA1 | c9b87360cf5501cb9b2a386513668fd44cf4a5a3 |
| SHA256 | d5335432166bcca690fa3f255c1cf90140b74457c5ee35c1e2da62bd50e51b85 |
| SHA512 | 1625c00be6a6bf7c839d3be9df53d95082c5d2c1432de679422de20702cd0195a62de3077eab646332f5c3a783450b0de3ac2997b84a0f8641edbec2820f92e9 |
C:\Users\Admin\AppData\Local\Temp\QIgY.exe
| MD5 | f207474243c9e3fd64699f3eb1aeffb1 |
| SHA1 | c686dbe26497cc9b2968e00de8824045ed10efce |
| SHA256 | 8a453adab5f50774937da58343a2023e4e79975fc9c2b64eff37cc4b568d431d |
| SHA512 | 6e80ce9924c7d051937f44f3a91b4ad684afcd300a0538bef0b1fbdd1c569a0ddc2168a484acdb9f8eeefd1d287b6f0a5b9cc87e7f671e540b18a826a2f62f14 |
C:\Users\Admin\AppData\Local\Temp\aoYE.exe
| MD5 | 5f48c4b7b49438408eeba2aad44e5a03 |
| SHA1 | d927a2b2e9428a8cc6bdf892ae2a2c0063cdeec6 |
| SHA256 | 34c428c650f7573aceebb4ea432070091bc61faf1aadb2f7817a830b47e172f9 |
| SHA512 | 61986ab7e3e2eb421f2feec97e85ce71cb98bb712817aa71135ec50cc4575a92e0d1f53fccffdf9e33f61201acccfae1a07354b25b4548005d66ad130de31a3f |
C:\Users\Admin\AppData\Local\Temp\uosM.exe
| MD5 | b8346ae9edc1dd6fd7e5689406b3c30e |
| SHA1 | 39140db0a9400814dfb0a0e54341ccc1abc06664 |
| SHA256 | d452515bb8cd34711a77e202ac655eeadcb64b509495c0e59cf4d7ff4e663493 |
| SHA512 | 317472f59a63ded238617ec483fa24a0c1fe2957fd55f424c860f5916828fda4b9f6ff60df327dc17f16ef4d255d66ffd6afdec86a9099a4f238a74a423e3225 |
C:\Users\Admin\AppData\Local\Temp\sEwK.exe
| MD5 | 9e7d629329b1726645fc615f8ce2feb8 |
| SHA1 | 0ca01aa5e9c3978c7b6a8594809bae89590e5e14 |
| SHA256 | 9904441f501f3543cb01b6274fb0573082e53eef632cbe6d4b3b149108f765a4 |
| SHA512 | cab9707118bda4b9c504060a1e548c636dcd52ebc6577600d06e17a2fb080f0d1077471c05c957f98724ec679601f16af955d5764b15bfe9ebd00afabe7d78d2 |
C:\Users\Admin\AppData\Local\Temp\Mgsi.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ScreenshotOptIn.gif.exe
| MD5 | 29a58529ae52bc3ecc2c26b1520171ed |
| SHA1 | 356936375cfad7d037408da0a9e1175280234f28 |
| SHA256 | 98e990f38f97f4a4327ecb00da6fd1dc63fcfe2e0c3e10926d5e0bd0c9642334 |
| SHA512 | 8afdb4a74b3402379d9ccb29e4d291c7011fe27ab1b600aa0bc6fa6734cfc4541fbc09024462998cb00b7e216b3843826c4633fd10447cbb81f956625331173f |
C:\Users\Admin\AppData\Local\Temp\kgUI.exe
| MD5 | 1ce5213bd99fa2122abcddce8a01124d |
| SHA1 | 81829d61525de5dfd9db75eec46f7d1f8a5ce9f4 |
| SHA256 | 491ec4dc8859062f0b48e9ec0daf6284082252369f5d1c1db31807324fe41343 |
| SHA512 | c78d7d22f387751b6311fa39e97e066f593a7193a1339cbb8e4cba5ccaa2c6f6ced3210f394225629b1da08022d1d8c70eeb573f24d854ad97128fd67c32a32d |
C:\Users\Admin\AppData\Local\Temp\CUUc.exe
| MD5 | ee9cd2eb96ec8a28d9ab97178058b15a |
| SHA1 | 74833f043d8c7bee88edf736abe2cfe42c6e75b2 |
| SHA256 | 31fb480791081c671b2bfa5081243d37fc72a4fc790c1460253030750789dc69 |
| SHA512 | afebfb057df982f37cb9d063d73e92ea1dd221bf8cc4036a308470cc39fa4c7f54ff682d404537b7aa4ecfbaeb3e0650da006c23690785cafe5e68caf5ef7202 |
C:\Users\Admin\AppData\Local\Temp\MUQO.exe
| MD5 | c4261048adadd8f425ff172475c274e1 |
| SHA1 | f89aeb2f468c7f7c30ad0424a8c50a07c384606e |
| SHA256 | c686a5599d7efc26de7893890307bfa2b40ca90d227b8b9e67f277f02959d8ab |
| SHA512 | b1c9321e49d3c64ca3c1f5f3c9b4b98dd957bcbaae353b6656a4856ca38b22e2c6482488f18f35008c78b79211203feb8b24c1a1dcc3c7aaff05204840b3d6c9 |
C:\Users\Admin\AppData\Local\Temp\Mgca.exe
| MD5 | b0c001febdaeb22355b1fc0b3d31184e |
| SHA1 | e9b457b337c35b8a3af84555e1a0d3032e1dcce5 |
| SHA256 | 21de0bba4f42da76528fb9a9be1569ad33bc8b2fff6e352d982e1f25fe45739f |
| SHA512 | c7c2ca244b8927ee70e360961eda5277c27d6b10391951f269e95f4e6881d74322acf07d3dcb7dcde82201e194af74321b9d213f6820f5850c25e07237729e79 |
C:\Users\Admin\AppData\Local\Temp\sgAe.exe
| MD5 | 08a85a7cbb623d040386edde2ca6c87f |
| SHA1 | 077f6dd544ab9bf2a2f9eb5839779c82251bb5f8 |
| SHA256 | 446587cbce4cbc78d02069521ae94515a44a1b7f66b3930ffb604e2387eb50d7 |
| SHA512 | 228cbbc2cf11f8da2a4f1bc991f916aa02b7e914742772ba65d0de386828d5b1d9f1e4827a64373b6cfb70ba8d782a1f79ecabdf6c35d0d898df15cacaf5258d |
C:\Users\Admin\AppData\Local\Temp\QcUC.exe
| MD5 | 47c6b9ed6f4c00dfabea2920d62e3e05 |
| SHA1 | 826179fe6b33bdb7642e1cc73790284dcb677a49 |
| SHA256 | d042a1aef1fd4e4337f6c2142b73e5a5274ca035e88ddb5618ab8b50a0e67546 |
| SHA512 | 9f8cfdd529c035fe3d605f8a4fa54e5e793da5120bd2a810c26c9672132817692b1f0c7fb822c594e68bed609f91cf82244fb2252476d87ed28e2d14ecd3ba6a |
C:\Users\Admin\AppData\Local\Temp\KscO.exe
| MD5 | 993f7d73f42fac95e5e19548fce6a8c2 |
| SHA1 | 4dfaa076559b39c2a9ac399e608cc2fb438deec9 |
| SHA256 | c08c554882ad1a3ef7ef2852950adb807a4922f9c2c5ec38d05c62eb34bba3e5 |
| SHA512 | 8bd95a69638107cbddb36b3e68ac37de6b7c699d6487fa7c8e18fedbed872762141cddb6f67a00687eae95f2dd42db4f27620efb35337bea9e44ba3edf48512c |
C:\Users\Admin\AppData\Local\Temp\mAIi.exe
| MD5 | 088769ef013b8fa21faf499447d24563 |
| SHA1 | cb1c867c977c07f3eb4eedca012016d2809020b3 |
| SHA256 | a692c374084f6981acf5c542ae98003c8f0081d89f77082a364314fd64100b47 |
| SHA512 | 780025c99e60c0cf859865ea970f9ec996a406f7c01bd73cd01c440d20a225d0d7d6cde7d1002acc6a1fecac0aa91c3090a23092a991b39ef269faae1963e350 |
C:\Users\Admin\AppData\Local\Temp\uQse.exe
| MD5 | 97c676359f12d5dd9837495784f248b5 |
| SHA1 | 1e1c00e59d2925ad1e41c644c3e4fe6aa17fcfa1 |
| SHA256 | 2631754713da7c6ff26bd01fedaad687f57a3f260a1c194139ae88b210e6a5c9 |
| SHA512 | 56d827ce470205a899575da131fe322533fddde501c80f9a37874a60bfcf344e01b7525f4a0ae7b671d68d783b58270fae79ef62154752a09fd53daea3fb8d76 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png.exe
| MD5 | 4d9a493a6bd31de4030ae901d034bebe |
| SHA1 | 1dd30c6399b2d86e48c82e38128b8cb3c7eb57b5 |
| SHA256 | 4772cd39cbf373a1a32189e93691ad9b045018a3040492adbfd03b0fd2fd07b1 |
| SHA512 | 9a56032a3d4b716e99d5fbcdf0a3683a4618ef84c0fbc5608a83aae6a3c7afae16493555ccdd93a9c7b58859558c130a922ba51411d97d5e882a9a2b10dc9a65 |
C:\Users\Admin\AppData\Local\Temp\OYEe.exe
| MD5 | d23062f40aca0abadb0d5defe56fb436 |
| SHA1 | f05624ca7277e863f76652050d6af7a21a44fa5d |
| SHA256 | 2dcefa0542c1d5c0fa032515d0fded4e3d3e723a6d95cbfb2245f170f8024102 |
| SHA512 | 48160fc7e9ddfe4e4bcbc7ad9e300d1c1fc1347621217fcd528413851a1cefb5a635dd1a318486a3eca54af0fec3f46134298b2494797cb891fefb1a027211ee |
C:\Users\Admin\AppData\Local\Temp\owIy.exe
| MD5 | 9c42247693af1b3ea64a4a013775f053 |
| SHA1 | 8726be1505afc46e37759e0f7540dff41900e095 |
| SHA256 | 477b054475c75bd83b29114a99d33ba1483ddc39538c977d629b74da995482d3 |
| SHA512 | 50a838ba74ad76e4d07b41dbb43f51c9ad93c26eb6e897fb33739d0c4689df79ddc60be36a352b1c4de984f095c40e0d0babff188957f6c8098f250e6e34542f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png.exe
| MD5 | 946801d8984b961c99e42e83818eb3c2 |
| SHA1 | 8b54899300193526b6e8edd87309c723f4e0dc85 |
| SHA256 | 8f9bb577b473f3cd9f524bcb50c185ff9dbe11cf77b0c71b83e14c89fea89410 |
| SHA512 | 6e416f68649058501469023e9ec13175b3cb2e6833b04aa416f31128f4533ca14795ececaede83e17708a56c723b7456f23755a9f6d2f6e067baddd93de18594 |
C:\Users\Admin\AppData\Local\Temp\WgoS.exe
| MD5 | 9307063f53f54cc278736a4f5cff6c76 |
| SHA1 | 459f33fb0b728826ce23cff1ae8f910efe42c2aa |
| SHA256 | 499247acab13772d019afd10182a91d6ef89e8e55cbc09075153198d3e63b611 |
| SHA512 | 3837974ebaa8fcedc3656100e9680e558177fc91288838c1b47cb76bcf8212d59f113b3cbc1d498dab5d272c966ec8312bb15b6d526d9d5e945070fe2fcc054a |
C:\Users\Admin\AppData\Local\Temp\Gsgw.exe
| MD5 | b0c601811de904080e15283014a1e189 |
| SHA1 | 2573ebda4fd5682f282fa2354ed1f2fe29d15e0d |
| SHA256 | b4a37676523afb6185aae9d67684539acefa744ec95e5583c14154c0ac5d97c1 |
| SHA512 | cda0bd3021378f40662d4fb61c89a8cd2216d5adc2fc93a092f99f1eaca4fb2879ea35665231ada7a79670c6a431b128097bf9ca6030c7f0ac64f390b055008a |
C:\Users\Admin\AppData\Local\Temp\cMgW.exe
| MD5 | 2b92bc8bf8df6dce883928803514c29b |
| SHA1 | 8d881bdcda5c935c1ef387f54b75f9496b56e634 |
| SHA256 | b3293cb7507967c504aa639e0e2c65ae7e3ed3d242135b85a6940fe94a8fd071 |
| SHA512 | 2d9a2c8563a3117b223b8119d3e35f27f4072967cbbe39dc70d0ee1b805dc1d2b1b0b1156a6ef38761d340ab5cc2e6e53de5b5d853f92cf4986fd77567c423c0 |
C:\Users\Admin\AppData\Local\Temp\QoEM.exe
| MD5 | eea296668cd8ff6b9aa984392ac29199 |
| SHA1 | e656ce937ddf9ca370c51bdf3379d7efae7e1a04 |
| SHA256 | 758e48d1952ad61aa2fdb6466bf4b145b81a512865b2e28fea09a2eedef6562e |
| SHA512 | 25ec527491d8944ee299843afbd66b7ba8ac19b161419929c7b9c9e035d18c237ea635554f27cbcf3741d70aad69ba965bbdbbafa6bed66e3868682390e6b180 |
C:\Users\Admin\AppData\Local\Temp\MssK.exe
| MD5 | 89b2d5123719f785967c0bd0112c3fcb |
| SHA1 | bb82e908fa0ba85a10ab9dd11296075e537a8355 |
| SHA256 | 1d01501499305ac8e96b7b0852212553ca81c00ea77f3991c3c53a927e588e66 |
| SHA512 | 82721b8cb780835e273edfafbeb0514fd79b4d94d1dbcfddae6c701ad9361dd6ca68ea0d2298dcb6da867bc6b950c63425ced046fc435448e0425bd25ceabf0b |
C:\Users\Admin\AppData\Local\Temp\Yowe.exe
| MD5 | 1dc4fd170c00937c0354ecd2c5700a68 |
| SHA1 | 264bf473ea34dec7988543c4cf59826eb464e312 |
| SHA256 | dd64c620cb43b96e47566e39e0454d1229564413e98328c133ed4fba0457e3bd |
| SHA512 | a19a44ed160d32f98e0a5b51b4ed62481d44e72fa2850d9ac90fad1597524820be3e1ad5c9dfcc0f8f176abed0813a18819be854a5d853eda0156334a2252660 |
C:\Users\Admin\AppData\Local\Temp\McEU.exe
| MD5 | 72e7653f3ab00a41067ace40646a0428 |
| SHA1 | 6f21b2e186a75b7ae1a33ee4bcf1dae9c3da922a |
| SHA256 | 6d7ad3817a74b30c0976b55abe19f82bd178e23f4d6117f904eda587813291c7 |
| SHA512 | 05ff94deade078833e8c08e19cdd39352209f835a49198e978b17c426d42c24b3245e518c5b48709bde5f4248e9ebe90d2710a32b49356497e244fe63b80f9bd |
C:\Users\Admin\AppData\Local\Temp\mAEO.exe
| MD5 | 9551180f226932d8ad2c689d45768110 |
| SHA1 | 56b2513e76d1afaf0e1a64b0ac564a54a5365112 |
| SHA256 | 019def09e6f8fc2b22ec49e7f18bf1a82ff1ebfd89eb6ed8b7fd09e4ecd5d407 |
| SHA512 | 69636660605d3a495cf628a7fb29669d916c0807601f5bc01eef53195251580ee43b38af2fe77ff7724ca8428739001f90345a20fbb505bfa454177cbc40e87f |
C:\Users\Admin\AppData\Local\Temp\iEAI.exe
| MD5 | f5783f5fd7201084b840177bf99ec19a |
| SHA1 | 62b01ff82e0966d3d787ffdaa0dde1b45dc65a57 |
| SHA256 | 7983c1d865a5129523a5086c9db6907f0805d58c0907c5c2c6ee7a63d95ffa2d |
| SHA512 | 12ad3dc5d102502ddbecc94cbc85302f28b544e97ad6a2ea1ef1233c7b0ffbda99b1bdb51a610b43095ff47432e542ccfd56fdc9e8d4a6c5c18b452e97a6c4d4 |
C:\Users\Admin\AppData\Local\Temp\IwEk.exe
| MD5 | 851d633c315ac5ad6b34025c8ca1febd |
| SHA1 | c2834288a439216857b58d6382a793f65c7b9b30 |
| SHA256 | 43cf32a27c164de5519bb474a79409156b4a5eda90e06b29232030f14cfe6a74 |
| SHA512 | 4bdb8b53e462aabf8f3d632664f39ea4c17a0f71d8a2df2c1c8928da4966b7ee87e9ee5710957a7c6f4926d694c89c1ebad5675f8aa66375520a069f91007401 |
C:\Users\Admin\AppData\Local\Temp\ykMC.exe
| MD5 | 28bb1bbdb270dcda53218fdd9f12dc3f |
| SHA1 | 3af4ce7e46fe60d442c33b9fea8ff7902a9c36b0 |
| SHA256 | d0d484389540a2a1afd79c620668e4497e85d2807def7c3c0129ad640675f202 |
| SHA512 | 5e5baff2ab13ee52bc600c66140ccafb45284aeb43ca9446f04645ca2cecf55acf301cf4de6d3e6263d505fd72d61fb2380db770007e7571546031da208a1897 |
C:\Users\Admin\AppData\Local\Temp\AUQo.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\sAcm.exe
| MD5 | 700775b9a91df8882659670ec2aea83b |
| SHA1 | 13edbef0117a0cfa069e5c9717a36d82c699b18c |
| SHA256 | dc4663c8d7aa6c09c54a473862380f6f51f5bec81e9ebfc78a3210502b682f29 |
| SHA512 | e21f397ff8643d02f6b12d17c27a614f62a0dbf3b10a2fb9fb62cf45e4a7a64cabe96ce7e5cb359e9c80c8b5cb8d0362c59066b72e2a6b32468d94d7d5b2021d |
C:\Users\Admin\Downloads\ResizeRename.jpg.exe
| MD5 | 7da3e8e647a1353171eeb611a3cf31fe |
| SHA1 | 31c1c89c386875f7005f9209ea85557c50b6383c |
| SHA256 | b2f1672aa3d8c40252009837489efa247b2dbeaf942b05f74bb6bd7dc963ce57 |
| SHA512 | f68763eadc46a6755a1c405deacfc12b651682900e2f27a1545ced4848752785c769883a88bc3f4cde288cf4e3fb9f166d3b26fffddc4b9cf41059b8577f636f |
C:\Users\Admin\AppData\Local\Temp\cQAy.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\oYEe.exe
| MD5 | dec4678066d9adcb0cc3b058979bffc2 |
| SHA1 | ebe86d218df2e8dfba269a8bccb5b28f648402f1 |
| SHA256 | 5e4e91a17402720976103153b3967097c03f06ff75ca1ff1bab0ebcc5f348bd0 |
| SHA512 | 73f5ad6b9e9e236af64a3a062a8759f9dd798abdf317a90d7f8af7d83baa418895f73097838c481339d8aa55dce3a354a53fb34a1fd4de5fa66903c1c519331e |
C:\Users\Admin\AppData\Local\Temp\Akos.exe
| MD5 | dd894bee0f126649c5069afdab26a89b |
| SHA1 | 80d25c42c832833c1c491ddca2b27d3ee65e86ec |
| SHA256 | 7d5f73804da46a676b7169878308fa57856c05dbe3744d98471f2bb1c9c8c10e |
| SHA512 | 3aea921c62f9b6ae3e68726aa3407b9cbc169ce25b7674962d10f4cc84a858fc4cb09b8d19c8fee2e2ca1bc062d7e1938bd14a6ef1fe49bd7ac028bf4a138f78 |
C:\Users\Admin\AppData\Local\Temp\eIke.exe
| MD5 | 436acbf8a641db2433b0182f653e68b9 |
| SHA1 | 35c30ea06a19f9b9abc0b70bbc6776de9f88e3a1 |
| SHA256 | 4f5be47ed0c007c4f12dc451d1a4dcbd060df61b6d2a70c9f09213b2ff7491fe |
| SHA512 | 2f30f74868ecd2d0b050e809525795593acd9cf91344b52b68bdf225dc895813da3a33096cf766abecf29be2cde737bffc214ff8c4e527b2edbf36fb05a5bef5 |
C:\Users\Admin\AppData\Local\Temp\UAUK.exe
| MD5 | 1a042107ce19ba5d0665a3f4bfbceb80 |
| SHA1 | c1491b8dbd7e6b2e8d530f596bde5d83cd613d52 |
| SHA256 | a26b2782fc9396f09fd2d8669749f45d0c7e4a9ef34c942dd653deed73898851 |
| SHA512 | 98b2d84474343040741a3b65ca13411a4b795bdeec2aebfee1d40c9454a27facbd9543f80bc12a12794ebd6edd89ddaca566655c332ba8cbaf21f2f1350c62f2 |
C:\Users\Admin\AppData\Local\Temp\oscY.exe
| MD5 | 24646c317c5e43d8d5171c91cbab0c6c |
| SHA1 | 6283361621eb2d25e22b8ecf46eeed668cecbe14 |
| SHA256 | 498857aac9876754f9c00ff4e031a806a80b564928955dcf20016be5fdfdeefc |
| SHA512 | cdebea2d9648e2420eeecf17b42f0b04114b926e79c83e79792f5b171d05ac9c2d4587957c5ef5b96b6267de8d889465fc937362a1f99338143dd3a1901bbf4c |
C:\Users\Admin\AppData\Local\Temp\yoQI.exe
| MD5 | 0b378b702bdf49285560ecad157f680c |
| SHA1 | 2ebeefc6d3eb3bcd58a0950f447e8f7f1652de14 |
| SHA256 | 2fed5efb707cb8eadcbe6892fbdce5af8e693b6b51464deb6c0bfd081c7660cd |
| SHA512 | 29c5325ded53453f3a14674dcc648b71b35120f6a8fd586c1b4c911a0bfd42852716f4c0b1bea09e653cb9a3829bc3e90099a256e7d9524206d6c646b1ea42ca |
C:\Users\Admin\AppData\Local\Temp\sAMa.exe
| MD5 | c528e50dd7407e2cfe4fe4f27ee6e267 |
| SHA1 | 7e7ac5dbb5167305a425a9fb553dfe6a5657b7b0 |
| SHA256 | baa0a426feb7fe2d85b6b976310b4d2d07c6a2cecabdd7e096ac3a62dbf082a6 |
| SHA512 | d140d76ac6775b0fe4202e5f4e9226fba746960c73991acda3f24e8c34fb30b919b0204d9049804d15d7515801c6567e7f51fd18c2785bb0816744a9d61bbeee |
C:\Users\Admin\AppData\Local\Temp\swgc.exe
| MD5 | fbcaec5446783b9ac43d8fd7dc778e5e |
| SHA1 | 1f2c1a375e5ba452b9d00bd9c25005d2a8ab9c26 |
| SHA256 | 42616a3c17d82c0de78b4548fcfd2162c08a4b15feb6ab74a2454af03ead5259 |
| SHA512 | 329d032b75bf303685df3ba858c445e8861d477c53e5eacbdc607b9a5e1b2e465380231eb60b35990e981512668ca0ae473a520588128f1f33634fae74e48af5 |
C:\Users\Admin\AppData\Local\Temp\WwAc.exe
| MD5 | 040ccceec9e58a399d4e736e656933e1 |
| SHA1 | 7d246b072b8570d1a24391d2cdedf830c442df60 |
| SHA256 | 10b8c0b1a48e4a40bded0bf8a6d1138c6d6cf97d8f7837e9900397c6db1a1b57 |
| SHA512 | e451fedfbfd14912375c67426ecbc851065117c4815f0d22e4e2d729f768e41664d0bd0a9ffe259b9a9be9aacd3ce505168463bf1f06ba972b7ec6bd6654dc93 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 7e54bda5e15ce9962ed36a4858254b96 |
| SHA1 | 0648981e19c98dba44214289b68e516036bb3b89 |
| SHA256 | a86bb8ef553055983885b71e604b7d00406652a0103b598d04e0c34182de8d97 |
| SHA512 | 3149edadd5159a2498ac299ece29a369d1ab359c8fc03b1d4f3f31e48f592e2489362f56a078bcfe41104eb3d13e66eb773d7a2184fd852739b11d5b18647c90 |
C:\ProgramData\CeIskIMw\jAYIAUgM.inf
| MD5 | 01865e126065542e4b6896265ce4b685 |
| SHA1 | 630ced2eee92c4d101e9883fc2e958da48a518eb |
| SHA256 | c80345cb65ff18e3e597e8b56f727521b48fd75ecc194ffb43d35f9e90d31501 |
| SHA512 | e060a1cbcb0a57828d156a1e57acc210fc9ba6bdd26aa6b314e250c36d9315b946e2fedb5535430ddaaa2b2fc4296346facd26e65427093f4f4c275f51f6e5d2 |
C:\Users\Admin\FscEkYAI\GMUIkQQg.inf
| MD5 | 49f2ddc06130870d74f50996ac1649b9 |
| SHA1 | 4fb7c492ebf18b7b38d1550d7a1e2488f71ed2d0 |
| SHA256 | 13ab9e60f92fe030efdb9d68171993e4043b868d0da7306bb76bd70a62f2ea71 |
| SHA512 | eac1c0d37d1e40ea6a9f5eda12e3d5fa4c1220fa0065d4becf1d47dc7ec145b433117d71bf618bae7eafd141b2507d04f426b98565771b0916e24a3bf5a4201e |
C:\ProgramData\CeIskIMw\jAYIAUgM.inf
| MD5 | 02f770a84ab6c98ed62f16ba8739842a |
| SHA1 | 998a04c5a949568d0fd73df006a84b9039835b79 |
| SHA256 | 317733f1a75468143a4a7791ee7e0075244ad2ed62e7dba2eee7e03341063bb1 |
| SHA512 | 24312130a21f3cf9e3e8b0d7a3818b89c0ab63f161c1687a4bb21b9bc57701101acc8b173581547b9868c0544fab368a5c857cdf96cfaefd1704f3e619919ef6 |
C:\Users\Admin\FscEkYAI\GMUIkQQg.inf
| MD5 | 6cf0e5111de94cfe602e0f3f4571036b |
| SHA1 | 28530a1c3062db7527cfec504f3b79d07e41578f |
| SHA256 | d4faf8450c95c2849b1d5becc102dc06f88add1a5fd43ecd92bfe824e0f068ff |
| SHA512 | d2b24e095e2f6538eea5eb0055943505a4c0d0fd0fb79b7dc610f358fdf2c2b69b3c87c3361563565969d721701e5c3ce73a93c8f7edfd51f1bc07589ecab1ef |
C:\Users\Admin\FscEkYAI\GMUIkQQg.inf
| MD5 | 6138560c1684b55178c42a888c5cc6f9 |
| SHA1 | e7920f68793e37b52cb280d20a2fc3bc382261db |
| SHA256 | bd0b941884f81bb0a05e81e20ad9eabf405835a1b56e3d054ba79fcb72ce3686 |
| SHA512 | e6211f5bcaed517d5e9210a1254b6c93c54eaae83ab5e40b9e825ef97b914290fe46f300dc429ff2b1bf485fcf509be3dbb00af6c68c936de5df35ea6a577452 |