Analysis Overview
SHA256
75c78679e60d2553a5cfd1bb4ec9683bdbe43b4b343e5d4aa0eac8050cbcf882
Threat Level: Known bad
The file 2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (83) files with added filename extension
Renames multiple (86) files with added filename extension
Reads user/profile data of web browsers
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies registry key
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-05-19 14:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-19 14:50
Reported
2025-05-19 14:53
Platform
win10v2004-20250502-en
Max time kernel
150s
Max time network
136s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (86) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\ProgramData\KAoEwkAs\xmYMQsUY.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\ProgramData\KAoEwkAs\xmYMQsUY.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\teoMscEc.exe = "C:\\Users\\Admin\\mKggkkUc\\teoMscEc.exe" | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xmYMQsUY.exe = "C:\\ProgramData\\KAoEwkAs\\xmYMQsUY.exe" | C:\ProgramData\KAoEwkAs\xmYMQsUY.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\teoMscEc.exe = "C:\\Users\\Admin\\mKggkkUc\\teoMscEc.exe" | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xmYMQsUY.exe = "C:\\ProgramData\\KAoEwkAs\\xmYMQsUY.exe" | C:\ProgramData\KAoEwkAs\xmYMQsUY.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\teoMscEc.exe = "C:\\Users\\Admin\\mKggkkUc\\teoMscEc.exe" | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xmYMQsUY.exe = "C:\\ProgramData\\KAoEwkAs\\xmYMQsUY.exe" | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
| N/A | N/A | C:\Users\Admin\mKggkkUc\teoMscEc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe"
C:\Users\Admin\mKggkkUc\teoMscEc.exe
"C:\Users\Admin\mKggkkUc\teoMscEc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\mKggkkUc\teoMscEc.exe
C:\ProgramData\KAoEwkAs\xmYMQsUY.exe
"C:\ProgramData\KAoEwkAs\xmYMQsUY.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\KAoEwkAs\xmYMQsUY.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GScIkAgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Users\Admin\mKggkkUc\teoMscEc.exe
C:\Users\Admin\mKggkkUc\teoMscEc.exe
C:\ProgramData\KAoEwkAs\xmYMQsUY.exe
C:\ProgramData\KAoEwkAs\xmYMQsUY.exe
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cAUMQIok.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FMMgcssE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\psIUkwkk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pgswEgMU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nMwAAwUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eggsggEM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AaAskgcU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gUosYgIs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xissgYIg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HqcIEMEM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NGwcooUs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JIQEkUcY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\miEQYYYA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QGwQQEYM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\umQgAkwo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YQoMwMEE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZCUwcgkc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DWIgAAMA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LaMoAUgk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oeMQcAMw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EAwAQoEM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qaMsgAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\asgoEgwg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rAwQMEIM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vWkIEAMA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PEYkYocE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tUwEQosU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mMwQEsMY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qYgEcoAg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cuMAsgEs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wsooMoMg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TKcUQcME.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VsEIsIUU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HiYYwQEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZiIcEoIk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GEIkswIs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IkgAUgUg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SEEcoQIU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RgogMYEg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LIksQEwA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tSkMAEcM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jwsAoscw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WiIYQwYk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CaMokcck.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SaocswQk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RIkEIIoc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ROAYsMok.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VWYUMgAU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zQcUEMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OwkwQMQM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QiMEEkow.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kqAEwMok.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VkoQAMAA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xMMoEoQw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZewkAooQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OqMgoEAs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yoQooEMg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SaEQcksc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mYsYQMAo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FqgEEMEE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vSYcEwkY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NmUIMckk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fMUgEksg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kaAsQIEo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SYUIQgUo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ykEQMQYA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mEUcAsUg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NAkYEQQw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hCsMwIIU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DwQUUEgc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\waUAYMow.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SiEogMgY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ooYMsEMA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zsUsQksQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NwwkossE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FuIooQkw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pEQIMkEk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IqUwkMck.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QkYQcwEw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aWokoUcE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DSMIwgcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NwcgsgAY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TwkYAoYE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HkoEEEwA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AEsMAAIk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CKUkYMYo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\acoEwIws.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xyAQgMAU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pAgksYcM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LSQcEEwo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iSIUIMcU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\amkUYIAE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wQQwkMkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SIwEQoAM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vUcoQAYA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tEgMocEc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\POosssMc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uUIcAIoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cUskwQwU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qqUkcsEY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUQcMsgw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VcoEEUYA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LYIsUgAM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JoEwAMkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UugkQIcY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GgEokUck.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MMUUIUkg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FiQsQgsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zuQUkYgI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\piQkkAoA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FSccgsQM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wKIYQQcc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wAYcUUks.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WOYUwgUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZAQwQMws.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RiwAoMEY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jcMQAUgk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CIUgYcIs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GkEUMMgY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aGoksgog.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FmIgUAcA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HgwgwcMM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lMcQQEAU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vmsogYss.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uWIMQgQE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ckocsocg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mIkYAsIo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.14:80 | google.com | tcp |
| GB | 142.250.200.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.200.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.200.14:80 | google.com | tcp |
| GB | 2.18.27.89:443 | www.bing.com | tcp |
| GB | 2.18.27.89:443 | www.bing.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
Files
memory/2192-0-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2576-15-0x0000000000400000-0x0000000000431000-memory.dmp
C:\ProgramData\KAoEwkAs\xmYMQsUY.exe
| MD5 | 02b3f1775a37b4372274fdeb39c52056 |
| SHA1 | 5be7108b225ce3dd8d4ef7ce44d481f357f5104b |
| SHA256 | 67d9192a283e2a4028c5c5bc112b81eb9ff9ba8bc8ac2619dbb7b4a0a945133f |
| SHA512 | 322a8b12b473f1e34c0ff310190be49edc68997709e20780a59efc6cf26ad50dd8803dc094fa7ea13698f91b2ca182a7b8343649746bfaa219f789156cad2800 |
memory/3892-12-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2192-19-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\mKggkkUc\teoMscEc.exe
| MD5 | c354ccc0d74f6d2cdf4ac799b77abffb |
| SHA1 | 059cbb34001afbb2a76cc20d284dd394e8570a94 |
| SHA256 | 0e49f527fe9442b6bfd833e121c32b291d301b091c6ee95f6eade64ed32056de |
| SHA512 | f2808ea0b31172f7e21ac20427f30560f4e00edf7148b53446598bbaf14cebb5eb179c7fb240476d8f964d32141a59ab0ecf1f22e80e121cf9ef92fa4459bcd3 |
memory/4444-22-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4616-24-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4584-26-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GScIkAgQ.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
| MD5 | 3b125bb340a0578841a80d9da44c0c04 |
| SHA1 | ca10ceb3033fd1f92d38430f95eb86886582df97 |
| SHA256 | 966670b68b945ec745c0a4c739248b07f10799ee18c9c79d5e60789bb9a3728d |
| SHA512 | 9416a8399193ea3ea750bbee1910844be672a47266a9b7b987a4b5ec67d87701d58da8c0a740c0dabf9b61deac1ae26644cbe8d27f0efaf93ad528f5bb9fb4d1 |
C:\Users\Admin\mKggkkUc\teoMscEc.inf
| MD5 | 0d0cffdba96d1cb53c65d067fe7a6520 |
| SHA1 | ca6dfa0b928efd9f71dd3993eb2b57de5b9091f3 |
| SHA256 | f79829d635cad07cdd13fee1fc1763eeff50bcb42d111f872b1524a2b4b5d136 |
| SHA512 | 08711fcc2f7311d70b91ca2721b114cc1a8861988673c7abce3feeb438bb0179e38caf91c619d6db292cbf00d54d97bcb6044acc0c5aabc960092b8ece72ce4f |
memory/4444-38-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/4680-40-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4680-53-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\mKggkkUc\teoMscEc.inf
| MD5 | de9d843348bac6505233b69ad28237ec |
| SHA1 | 2472c8e9e205800113fd0ad7df02010434f588b7 |
| SHA256 | 47906e6b4b73083649365456f4c5389574f047bde90ab6395275fe7a2ddd9811 |
| SHA512 | 2350378603ab5a81ce43c454781fa1fb3e4b70efa13aaca9e6af85f8ab300719b1ba8bc07166f8703d580b5855640b41e26406e640357f53abf22a9ce09576c6 |
memory/4628-68-0x0000000000400000-0x0000000000439000-memory.dmp
memory/812-75-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1420-80-0x0000000000400000-0x0000000000439000-memory.dmp
memory/812-95-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3556-106-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\mKggkkUc\teoMscEc.inf
| MD5 | 1a3c71ee70403110f1fd48dfb1cce90d |
| SHA1 | f222f09fad437c351c76ddce3de38148390136a1 |
| SHA256 | 1061022abf14145f2016df2974a704d1aa25f51fd74eeb5d2daa012962a777c5 |
| SHA512 | 6f05bcc3312feab06a8fba1b4fdcb65167a987ffb33ce32b2993476cb1123aa019f0cbbed3a13018c1bf726cc3bf953dd28c4d7e7e0874811cf1571c0239c243 |
memory/5980-121-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4952-134-0x0000000000400000-0x0000000000439000-memory.dmp
memory/836-147-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\mKggkkUc\teoMscEc.inf
| MD5 | 9ca4a1c8d19abd67fa9eba4516549b7e |
| SHA1 | f64abe2e662a1a739cfe5347fc4ff0386f636791 |
| SHA256 | 0800ee8293cbe400c6e0dce1378f8fc31d5985d25ee43e98c3091ae952625533 |
| SHA512 | 11b474e4f213defa321161470e860e492bf328431e66ace882ea01d7130644de75adad3138fbe532bc530ac9e0c0c01524e10908a6d2ecd3fc09a2ad2a6a5f96 |
memory/5520-160-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1156-173-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2460-188-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1900-199-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\mKggkkUc\teoMscEc.inf
| MD5 | a9fd4242aa5e45261856a086170ffa97 |
| SHA1 | 40d242da02ae907ddf5c6af4c414e7d046551df2 |
| SHA256 | ee32b883f1a87daa79642e51ae7103c6917db28c84bc5f94965428f6a48217e2 |
| SHA512 | 609428e39a0383e516b01f688e7b70d1adbee8ca669e9216e3b4c078f96cf49790d0f280fdf87a7a15a99bc14c233b7a0a46a6624889978bcc9820571e3221d3 |
memory/5988-214-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1920-222-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1480-232-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4356-240-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5328-250-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5224-258-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5220-268-0x0000000000400000-0x0000000000439000-memory.dmp
memory/6056-276-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2728-286-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1908-295-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3312-304-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5884-312-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3652-322-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4664-331-0x0000000000400000-0x0000000000439000-memory.dmp
memory/60-340-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5864-348-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4176-358-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5924-366-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5956-376-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2840-384-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4820-394-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5348-403-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5152-412-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2928-413-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2928-423-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4372-424-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4832-430-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4372-435-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4832-443-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3356-453-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5692-461-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5432-462-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5432-472-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3404-473-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3404-481-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5240-491-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5672-501-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2104-509-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2592-519-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2100-527-0x0000000000400000-0x0000000000439000-memory.dmp
memory/812-537-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4784-545-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1340-548-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1340-556-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1600-557-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1600-567-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1416-568-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1416-576-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2904-583-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2616-587-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5992-593-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2904-597-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5992-607-0x0000000000400000-0x0000000000439000-memory.dmp
memory/6060-603-0x0000000000400000-0x0000000000439000-memory.dmp
memory/6060-615-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5404-625-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4628-634-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2552-643-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3344-651-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1796-661-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4228-670-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3180-679-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3436-689-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1536-697-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5960-707-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4796-715-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5220-725-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2408-733-0x0000000000400000-0x0000000000439000-memory.dmp
memory/548-735-0x0000000000400000-0x0000000000439000-memory.dmp
memory/548-745-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4520-744-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5952-755-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4520-756-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5952-765-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AUUU.exe
| MD5 | 8dba79bbcdc7d054ec224a2e0023a993 |
| SHA1 | 1937ca8a57f72a95166a95d366c9353fe5626372 |
| SHA256 | bcf430be1f3750b25eede6965d12aabb4ec9625c839766a251f6d6a2944ac628 |
| SHA512 | 0960288ad07db6d7b1fd8f37618d47bbaa13733a58908c5be7bb0f84deb1e75c324bb486f96b6cd04d35fc2045ae2e63a23cc931e4c4178efe70ac5602a9e259 |
C:\Users\Admin\AppData\Local\Temp\wEYy.exe
| MD5 | c20a03877ee111d4d80aa755f0586533 |
| SHA1 | a17a02948988c926d9951c5e789ea5a8c0f2f4c2 |
| SHA256 | 4308e31a15c1fe941a905abaf5b8a96fb841c9d5d010d43db82de064025c6439 |
| SHA512 | ba1fe9a541d7cd408c9e325669294ce54bbe89dea6c8e84cd9922c4fcac413008d5cda34eaacbf0f05883e1907cead5caafdca71a128d1a520070fc75fc7a334 |
C:\Users\Admin\AppData\Local\Temp\SoYU.exe
| MD5 | bed82abb761b516e7bed03fbcc36e9da |
| SHA1 | 6009f39fd066533a63108a641dff5a3e1391c7a1 |
| SHA256 | 9c73d557a42bf3edfc5edcd021696971559b1e6701770a108d8493682e6310e9 |
| SHA512 | 624803a33c27f8de1b2105a2f77736f898d72efa97aecef85779278825d0f205fac909191bb5e1fc1781e148313a2a36915d506c16a574731ee73bd2d3ef8d34 |
C:\Users\Admin\AppData\Local\Temp\CEEO.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\wwgC.exe
| MD5 | b38a82e8da18805778898f174eb8d624 |
| SHA1 | 3bd8b0c07dcb7da904bf86b5e7907711c7df9137 |
| SHA256 | e118f25fd09dcf99bf40be182bca4ce1124c5011502ec365370205e420bd891f |
| SHA512 | 765f2349307b0e46459159bbdd5ca133cba97d627d9198ec70ffdd1366804798f3651a4858f3c76b13722644e228ee853b1548e96fe5cdd81b62182ac47d7873 |
C:\Users\Admin\AppData\Local\Temp\AsUw.exe
| MD5 | 1cf219f352693fb0c2a94d4b64a104ca |
| SHA1 | 73658c359bab091684d1e629a54ad62a0bf7c0f3 |
| SHA256 | 26f2b5c4e87670f3e2a03b8cf8e384d520d86d66f5af08a29e08af3f2e11d6f6 |
| SHA512 | 600aeb44ab71e959306f4067f018fad3d55ba7135bd43fe5397e5648d65e7130c5afa00ed97e9ce2e567d5c9e039bfcfec2ef7c598ae81063e9a136b03c7abc7 |
C:\Users\Admin\AppData\Local\Temp\Qssc.exe
| MD5 | 2df0dcc03871c4e7e6373d85df11387d |
| SHA1 | 06ba3b44157996d66aefc88e08f09c757e103c2b |
| SHA256 | b2d8981854605cfd75dc885bfe8366abc714912e53db4df1c4460645167f2774 |
| SHA512 | f1ca70f005494ef92ab7a95fb1f16551a37107484e8f033a7c631020c78cff064d0086be9c0a12440e9e47738e18f972b946adab2bc7a667c8b04701d32f9485 |
C:\Users\Admin\AppData\Local\Temp\csgO.exe
| MD5 | c18ca8714afeca5ff85480d152b39215 |
| SHA1 | 37c9257f70a5a334fa30067558cbba4d9deb17cd |
| SHA256 | b705a08604283b898265308ed4563fc6cb4cd9cf5d65b85be3baf256c9a65a67 |
| SHA512 | 5e5034745f7884d76a44e25cc2127122c87708e8b6288a8fe3750b879f63280912e5937d99add6b1cdaedbcb0b5e5cc18a07e56d389fd401d2421293f6ded78a |
C:\Users\Admin\AppData\Local\Temp\Gcwy.exe
| MD5 | ed8c220c92c40b1896fbf04d22f6e3a3 |
| SHA1 | 3fb8022bfaa32f50a8c2903555aacbe4eacf6e65 |
| SHA256 | 28cfff6f67cf45fdb3a171cee9e474611d018ef9724a7d9a3457a862dea0f9c7 |
| SHA512 | 5a8428bbbead4aa30fbf9133d00af4e5ac869a4e3dab9e812f16d337536e610e295dc3728c244abb00491d3a34b0fbb05c05a01e22b25e924e09f3b928126d43 |
C:\Users\Admin\AppData\Local\Temp\uwQo.exe
| MD5 | 1c5bd5e0d75580b87777021bfb2aeb26 |
| SHA1 | eb17c49dd0e989f7a5fd4308581e46626f3d4ccd |
| SHA256 | 32c5710d0874edf2e2af4d7af80c9393ed2867f004340c88a382aeaf6ba5c82e |
| SHA512 | 76e3fbca56fe67e07581d01fb98106f3bf9dab58b916bd270b993db6747ca57c0be1cd20fa64bea19addad3f92d9e1f931a4420a1afa34e4a47614dc85acdf21 |
C:\Users\Admin\AppData\Local\Temp\UUMa.exe
| MD5 | ef7344a5267312171b08864bb8e7deb8 |
| SHA1 | 6066c1b072e08b622ab705061ffc41e7ed35b076 |
| SHA256 | 1c6d26072a4787b9598dd45ab9d518e9335c3066fc24e87d2c9bd275a2824515 |
| SHA512 | 7fa1b0200b5a867dabd42d93befab6ff38e882f25b022f4f0d755ea30c983adf73fa6ec3d48b44be52562baa86c18adf2d7a7e55166013b2128cb5211ebe6bb1 |
C:\Users\Admin\AppData\Local\Temp\uIwY.exe
| MD5 | ce6b2f0409611bdb7349b49852d310ad |
| SHA1 | bf6677b05d863f0008401edba44e01430352cbbb |
| SHA256 | b3cc2e6d7fb79b7bea2e0b80a4a07312848a98962d785a8cf928e54f21e8113c |
| SHA512 | 4546772feb5b77236a33f45359b20737fae691353e626f0cb79bb5e62164866517ce379fa68d69664eafe334e93102adf9cb516f33e58819dd1d5afa925353c6 |
C:\Users\Admin\AppData\Local\Temp\SUgY.exe
| MD5 | da0167917aaa0c58ec22722c7e461e71 |
| SHA1 | 93834fd27ca81139dd78c19ee02aab1992798aa5 |
| SHA256 | a7075c02ee6861f33ea9a55c54c8938efd8faa9d03459c5471790ab998b9b7c4 |
| SHA512 | f8f6f9e14f35244ef56f9086d6fd15aa9d570f3f4b3743c0cfb1ececad3fc415709ffe1148b1a7f9f20259bb2f8ba74d4b0e15e2775efc65e92f799e56d27177 |
C:\Users\Admin\AppData\Local\Temp\cYkW.exe
| MD5 | 9973cd4096a2149c5111876975b2cc59 |
| SHA1 | 88dc9eb67d9b58a0336ee09cdf6fc793deffe0fa |
| SHA256 | fb9d4590af1b945108159263e640a758b9cf073da1336c019a2fdf1d6dfee64c |
| SHA512 | 2194d5cfa3836cc0c297224c032bb3766ba6e5184b1a99f30b448555605b9b900d1116852f0e496e9a63497d662ba6d7caf57cd844416301dbeb84beb77a20cb |
C:\Users\Admin\AppData\Local\Temp\YUAK.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\yoQq.exe
| MD5 | 2fc0a00cb039a7994b9006dae24c9c7d |
| SHA1 | 507779c235bce7230b77f01f429d1befe8289a61 |
| SHA256 | 819c3c1cf3640c65234f1d16441c6fad7483cb0460114dbac6abd5c2bc40f4f9 |
| SHA512 | 098256a3fe0e60f9d3959ee63304b3f50af314621fd8732d21c02e4ca9425e0e7db015f5eeb6721c7096fff2d06fc7875eedc85f2b168145597a45be6559904c |
C:\Users\Admin\AppData\Local\Temp\yIkI.exe
| MD5 | 64eebd750e0a17cac55fe893c4d48a1d |
| SHA1 | 6277756ce77d7ab0698eaf8091363e6cc49df8ab |
| SHA256 | 96b5d049f478a00a72e5ccedbb152905e314be47dad01a44cd4a4aea32aa066f |
| SHA512 | f353e366fd585a953c53c9e29e6bd85a9419828c444c7d8d45d162db300119776bf5cc97e61a77b828448f4453a7609ed318ea1822b8030a814862d61645a936 |
C:\Users\Admin\AppData\Local\Temp\kAkG.exe
| MD5 | ce580d389fde961f7e12eb5ddadb3e26 |
| SHA1 | c5145468ccabcada32ec2ff8ffeacee4231c85f5 |
| SHA256 | e52f8d349756358e747962fde85efa37f849a6cf70fdaf1bf72f34c0a02c8f52 |
| SHA512 | 897e0b7b1960fc3cfb5892b86c43831663f2b5a10a6de46428403656d0dbbce8e492f2a2d93d6cb1da1fda151634ad8c8e4c7f33d23653f7a9b2273a89d6782d |
C:\Users\Admin\AppData\Local\Temp\MUES.exe
| MD5 | d526051f62c9683cd8b8b1608e7b9083 |
| SHA1 | fe10bbbd29e65fc8d4809729060f913da6a8ee5a |
| SHA256 | 54d6ffee6c8b9e5e54975f58f531c0f0ccbd4fa984b1b162027dc3331cd0d3ef |
| SHA512 | fab5fe1c53d53c1e25af22a0fb86000fd1a601536070575fe8e4b73ef5306d7ea6e3530b3185bf024709b63473d4e356591a2eac2087e262f16d84338c4f6c2b |
C:\Users\Admin\AppData\Local\Temp\wEIq.exe
| MD5 | f5ce9fe617ddd2ff492edeb20bdaba23 |
| SHA1 | 27c8745eed6b255ff2000865971bc60798ce9a26 |
| SHA256 | 1a60c529470475ed564d74d38b3e242606319b3cda34c3b4947d6ebf8cc4f6e1 |
| SHA512 | b59f80de228fbcc20234db1163632dc36c1ae46da8a11ccdcaf64dc229f95e4709b214eb2c2e47ef4778ee22453720a00097b6a382d7f84f5ea678a4e04e1397 |
C:\Users\Admin\AppData\Local\Temp\YIEW.exe
| MD5 | 83cd04743c03cddab7b6eb7cc82bc95f |
| SHA1 | 841eb9f954da044e354b20126bf0fec09de416bf |
| SHA256 | e3b21084715e571f22d9fd71ee6722f03b8bc0da8fd34835d1aff7bc274dbf35 |
| SHA512 | 6f6e8353876e033ed8f697d338a68dab01b0ed90ac7d6bb66b406a77e7284b377eac575a07b0503e209078696bc3e21909d3af82e59046d8502d66cc48820165 |
C:\Users\Admin\AppData\Local\Temp\EEga.exe
| MD5 | 193ed219543c43d18180a4b2eeec625d |
| SHA1 | e5c0f66ceb88687bb1686a74c5cc0a81e872e1f8 |
| SHA256 | 36351b66a63569d674aadedae60ca17bf90ce52910a5b7cffadeeef1cc62694d |
| SHA512 | 66377ae42351687122ac2d6c55f25a23da8c791d4b1a7452da2790d9fbb695de928a6f026fb6f04d760b8c5a323ba674955f9483947ef88ae1243f4f6c5d1186 |
C:\Users\Admin\AppData\Local\Temp\YAwG.exe
| MD5 | 6043c75a516f077b8c36bcce26d90a4b |
| SHA1 | 17dbb66e11839b5100f3b27ce852bdd7055514e4 |
| SHA256 | 4e4ff2f0ef75455248f8f30e2ed056da0e1b9237534b83296a168af3486a2aad |
| SHA512 | 622f8d342ac77a9d7f2c425ec6adafc96110b8d08f5550b11d8c31501525335c9c80a9acf4b49a06e3b6d0a3483e3857fa3351f788b10fdedf974ee8546c158e |
C:\Users\Admin\AppData\Local\Temp\GMsM.exe
| MD5 | f8282d152590148b3a51e950ec786d14 |
| SHA1 | b04fd029db7b7c22e52dc568502a42921c6548ac |
| SHA256 | adaec64138f6f5702dd3ab1ef90bfb45042405a9385f343885d685c74bd82756 |
| SHA512 | 88204066859ce1a404cf4702f1809a302fe0e15aa9bd0e16ea2fb04cf812b9fd324b3c9d7ed660f13ed23def63d3c358675a038da1875b51913a7d6ddf169bae |
C:\Users\Admin\AppData\Local\Temp\kgIu.exe
| MD5 | f1fc3e47fbf062a1b1258bb6a32b5352 |
| SHA1 | f20dd8109110930a3fb952a7f027b6c51fe31b1f |
| SHA256 | c4176c7f7512721268061fba1d7603909f174dbfe1aff7c9fbea323232e14047 |
| SHA512 | d2b294b6f5a040f3b8116d4caacba76ece65671818fc3ee2b1dd776d00cef0bdf41394406738d74826e84ffa1a48119ac212908ee09cecb77b42d6d0a285f277 |
C:\Users\Admin\AppData\Local\Temp\mskS.exe
| MD5 | 296f2d4b87b58644bef9fe4ed0d45c90 |
| SHA1 | 026110b070fb1347904bd211372c7c714dedbac5 |
| SHA256 | c7b7d48213e1551eab7b553b4e8199bf8411e8b2b6c7b43046b326f18c415ea3 |
| SHA512 | 066fc5f2ec8b9fa87178baaf2cba8f7df1b07c7c3b23b4253f4ef28b5900b46370d600103777fece56fd0c60fb180bd24ca107158e87ab3b0e627c55a2e209e4 |
C:\Users\Admin\AppData\Local\Temp\wgQY.exe
| MD5 | a5ade1a4ad3c0c53ba407255bfd3a107 |
| SHA1 | 25026d35685bfa829b44c46904ae7cebef57d2f9 |
| SHA256 | 81b1c687b56aa5cb6ba1bd5b3ed7b3f91b4ec61630c44dcf46764dd7a5a56969 |
| SHA512 | 0e14abaaf2b80c9864c87f2580d054eb34cc204e44f0a349a4d12d4e18302c48ab9705e970abe3062f940dae1f16d37436b6acd5688add91011fcc7828d5760b |
C:\Users\Admin\AppData\Local\Temp\awsC.exe
| MD5 | 06ff822ea19c5bd3631d9e3003b7dea8 |
| SHA1 | 9ff35358dc4a27c9c74cfcd059af80d206d56147 |
| SHA256 | 76ec679ff27918032b9b8466cb9e064dfd3911463e7cf5a6dbf33cf08b0d05fb |
| SHA512 | 188deb722f94e26c3d4343b87f5473dce94b664a29bbd3a787ea8e64a3772e33e37e30e343138d277b21f02fa8d359ffa0aad241cebf0f3e1513848efcc8b4b8 |
C:\Users\Admin\AppData\Local\Temp\MkIy.exe
| MD5 | 0fb0cc9ba3beb20d97d3903bc3b087c2 |
| SHA1 | 348ccf28699cc109d073ff3eef13593f51145262 |
| SHA256 | 8ea66a72c621f78efee808d5d55e7e8ea0365d3a17950ca99734a0d48357c23e |
| SHA512 | b954f6d3b073ca43c168597bf38c4b6e38d7405881e1c1a1f016402e5285f462542feaa32a617b724093abcbc5819d7cc27f4e0ab8720b1a47679f669a5ac847 |
C:\Users\Admin\AppData\Local\Temp\oEcu.exe
| MD5 | 8f005e532b343706b92919c52ed81aae |
| SHA1 | f91b0a521ed30825697331887a55989607c38b56 |
| SHA256 | 2cdf46d61ee49924a69722ac0a99b5560eb1442c0333b997955568bc165bb3fe |
| SHA512 | 36fc5be49f07dcb32efe08cdd6541198dcfc89ac005b2b6fb0ff956000876caafc09effd97061823ca2ab2f16199500c807715a6207330bd0b8b9c3a535b1946 |
C:\Users\Admin\AppData\Local\Temp\oYcK.exe
| MD5 | 87341369ab6ff5aec43f77651e5cd31a |
| SHA1 | 2583f30a47a2e8a5fc39ab8e86985607bf2f41e1 |
| SHA256 | fcbf0dd25e10eafcd99b812980182804dc650ac6c3ce6b83dfff9111eb6ce1b2 |
| SHA512 | 2e17831fbe1766308248d88652d880fda21c335868770567efd2ddc7e6e6dd98d3849392a810cd7370e5198b613c477da00a3b7ce0f2bb86d165f8fd0db41472 |
C:\Users\Admin\AppData\Local\Temp\GgIi.exe
| MD5 | cbac53421f7af622c11f966ac2b4ab3b |
| SHA1 | be96581f3d06babf42a11d64f847de65bfba4d48 |
| SHA256 | 676a3590cc1b7caca6d390f49260b6103cce6c24b5a48191e66c98ff4e433e77 |
| SHA512 | 31faa140228efec162a8bbc5c8b79cd903c9bda6ea875c2edef2805bea5dbd2cdcef20c1ec33df78401c6afd49e5db045f2f29789a0a7ce6c2e77ed8123c41e6 |
C:\Users\Admin\AppData\Local\Temp\qAAK.exe
| MD5 | ca40b60abfd4913ba0d625c984f808ed |
| SHA1 | b9a0beed105c0e220b34c2400cf02ca11510a943 |
| SHA256 | 1f19eb829fef92e52dc51434955e04216dd27973f24928cb842e671ac1f1fd90 |
| SHA512 | fe4e6bdbf455898ead980c3f8945bad2c95ee501ce345f7603468361c0d3d549bbee297ea38483597d958d2cc88351f284d71bddb642d793c6811c7e7c49004f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png.exe
| MD5 | 91a91d6078da134402b6f2c4a2e1bffd |
| SHA1 | 374be83d362aac126515336a81fcdf9a00ed8102 |
| SHA256 | 0bd651843c153d15cfb9a257aa0cd83ba69aa37638b56caadf9790fac22e8192 |
| SHA512 | 964579aa3da0bd9dc598a6d46d3a6c421158389ba22acb221c9c5541575a56313195270bad6b36f9a355f66c1eeaadc4d11cfc38738366c26f0d01dcc22cda20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\192.png.exe
| MD5 | 7b9d79e117325616b1bf1e0c20bad4f7 |
| SHA1 | 9d10be98ca9713c64a77731493aa35255dfa200b |
| SHA256 | 60f7ab761fcb71490497e55c899608809b66845e8f8783c668612d73646389a6 |
| SHA512 | ee3703e9206cf80cf859738d1f36bd7be56af39427840bffecb11970e63f603daa0de8fad04f0154c6c2e7fee07996ad05116d41108b35651247f6f991988d7b |
C:\Users\Admin\AppData\Local\Temp\Okci.exe
| MD5 | 9a5db5b5620bf5e792a72b4b34ff8d9a |
| SHA1 | 3d0b7f33c9321b9b8020520fbbf167b9db0e4baa |
| SHA256 | 8a3d97dd16e74d467b03fbf63fa1d5e338f81593dc2b9047eb5f2905e5f007fc |
| SHA512 | 16b74adaf820e46c64c2034b0749c64dc37dee7e3c99392afdbb99ac6eb18a81b9f6f6099ede03dbb9dd64d924a155c9eabc0092ae6bc78705decd18e4a9bddd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe
| MD5 | aff01c0e19a0cb15719c6140c6c5f191 |
| SHA1 | 0f9bcff45fbbeca8c056a53909232299522bf398 |
| SHA256 | b9dea61ba4361e2b4e6c4fb22209a292389941ed4d052188e92906d22703ced5 |
| SHA512 | c7f74dc7d2233c6d0932fc6463c499ba713cfbf590141a78b74c848bc489035a1ddb3b9aaedc60c6bbeea5e9ede589765d1e3ca24b1597cf1e678198f42d1a26 |
C:\Users\Admin\AppData\Local\Temp\WcMo.exe
| MD5 | 7c2915d4888892f157069a84d798e142 |
| SHA1 | a83a08c90bea328ea5c956fa575399c78da9dbdf |
| SHA256 | a70a81ce7e66e82f764fd214efea3e4f5740530759b3d81c00099bfdc53a87cc |
| SHA512 | 462e819eef889ad128f81f14e320c0bb16591edf1dbc836e092f4f45c675a265c8882558caa03d928c3554e89828bbf640330319b50f567f99f67b344a4832d6 |
C:\Users\Admin\AppData\Local\Temp\GMcM.exe
| MD5 | c0100ec76e5f790a1f84f1d546eabfc3 |
| SHA1 | 7fe0cd036d7ce119f274656bc7707cc299cadfae |
| SHA256 | 703bb267d2b686f639db35097f04b3525a7baaf0c2e18e4c72d0571a45cb7d6b |
| SHA512 | e7fc2334b8d09a653c76edc1028a0faa605a2e2137cd3a2534307a2f7d2f4376c25f5c5f50bc0911ab0d11bbbe5e55bbc298f03513d49958a1cd6e38d1d83d0d |
C:\Users\Admin\AppData\Local\Temp\IQYk.exe
| MD5 | 48a55fd80dc4bbf769f808e49a68b568 |
| SHA1 | 7f5e0bfb6cb04dc588c1da4d5c8e8154b230d3ef |
| SHA256 | a706c21a93b59046e987eb3d96cb961a0684e09a90a23d2332dd4401594cad9c |
| SHA512 | 50415ca1b81974bb6e364a1c827cf86eca768d70c3c92f4c97eb7604e6e3b15adc8b6801c40b38a36ce814994837706cc30a05898a6091f50dfc836d8b30f203 |
C:\Users\Admin\AppData\Local\Temp\gIAA.exe
| MD5 | 2f5f13aa9eb2d3af91ce0bcff8fa5816 |
| SHA1 | ae3f2220efa78859b63a11ceb2bc2e33241230a2 |
| SHA256 | cf5118b5b8eb0bf3b77d6cb968aa79dc8f0b5862fbd6486f5db0c387bce5b4f7 |
| SHA512 | cd6ae25cd07a6b53a57f3617b18e1c59f61f1bc70ce405e40f3f93ce6fe2fe387fadf3bc97d812df381c685b49827f6745138f7fe31e4fe4bfec343ecfc396a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\96.png.exe
| MD5 | 2d2e24257f98d56c7a176dde6ffd0218 |
| SHA1 | b9f4249720e5399d0752ab6221b15218d94303bb |
| SHA256 | ac1496a5f77978fcf079058c0d0f637339ff2ffbdc33093c9552c04716874a67 |
| SHA512 | 31e26ea1f59653fa60c92c90c372de835ea5b74aaa7b15bb93003344e78b1b97695bebb144b4060f312300f2ae08667ba86fc411894f464f4785a678c7066447 |
C:\Users\Admin\AppData\Local\Temp\cMwu.exe
| MD5 | ebeb85dece62c19e09d6a6e6727c7b97 |
| SHA1 | 7c9ffe60114263a471fcda27bdc7327add062475 |
| SHA256 | 809c70f09da6020047a5d5db09672aadcc5d48a1e7b331702cf77e4fe00ccb01 |
| SHA512 | b676940327c8d7c6e94ce472aa65215bd58d48c61cea43b0dd71dbfec625b805675c11bf0912b84641036abc5f7343390400746bee23e50bb47946eb93490e3a |
C:\Users\Admin\AppData\Local\Temp\mMgE.exe
| MD5 | 60b96c0e5a5a1fb16aa1aa1fd7760bb1 |
| SHA1 | cf1793c66bdc85bd6790ac0db1dc414ac7e7db26 |
| SHA256 | a8ef6c33838df72c091641721699ea6a5ae6103731bea234efd33b419ac6b09b |
| SHA512 | 25fa222d729d7294decd722a60a87383aa7f1f39b99c900c44a1a2eed5d622a589e01657af1f231e1aac032b42c02df90ebc55d74eb452af5527e78d2a4f8494 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\256.png.exe
| MD5 | a98a828f14856936344293e3fbbb87a7 |
| SHA1 | a4afa57d2f0c63847e40c1ef70f28077fa2c7c49 |
| SHA256 | 8776ee6e7ed8e4b9c0b0e780c90f0f3d68a08bb250b5688791da0f363449513b |
| SHA512 | e45abef027d4acc937557e971032a41b8398c49b8daecda6c18390ceff1589c0d6cf6200d78724ef296f1f2acbe5eea882bfb8b8b14c47094eade4fde2debaf7 |
C:\Users\Admin\AppData\Local\Temp\gMIK.exe
| MD5 | 4bb6d95931af258d4c7f0a0dd56968de |
| SHA1 | 63eec9cee41c5c37702279f4f725b946e72cf8b9 |
| SHA256 | b565369ae8d5a3d4303e578c1902ed8fe01381eadffb68bdc716711abe11a65d |
| SHA512 | 15b80ff4dcadbcead537ccc599cabeba35ac8f1dd5e6d0d8695efd722008397029ce8faef1127029b7864bdcdd1f05bcd34078947636c860fe652dad6d492952 |
C:\Users\Admin\AppData\Local\Temp\CQAG.exe
| MD5 | c50005f39bd4c6de48ddc03e353d94d8 |
| SHA1 | 0b01dd62a67e27ed6299695fe706041890c26c6b |
| SHA256 | cfcf6b53127fde3f4cda54c603dfeb96bd21a08cb00269518944a2571e339fee |
| SHA512 | 64b8879e310b60afecdade1cbcb2b5284d22fe9c1dc16abc87c379ed84a7e4e2e8e194db7bc33b04ca75871723c766c45e28bf1bf0bafa8f70b11c68728d3576 |
C:\Users\Admin\AppData\Local\Temp\SwsS.exe
| MD5 | c8c7e8a6d83aeac9acaf3d745ca2d1d6 |
| SHA1 | 154af3bfa9a4567dd3a61911093ede1702850b53 |
| SHA256 | d7403e9d0394b46a07689dadd5a4fdd1ceb5db560ee07b3f7365e6dfdbea17ba |
| SHA512 | d7f4af99374f2a4948545e56b6ba69b18a12ce19684e104dd710b092e88bce17ffad36b255af8c5ec769e3b4d73458f82a59435cdccc094ec5bd2dae8af396da |
C:\Users\Admin\AppData\Local\Temp\CQAw.exe
| MD5 | f1bc01a7eaf4c9140cf754e734bf70bf |
| SHA1 | e7bcf7d53046a143367cea22ba17da56371cb72b |
| SHA256 | fcd148168037713c56d9b7d4b912ceca528f6a7103bc311d3b5e414d7d328a14 |
| SHA512 | 6b938abbcbcd681ca695afa08eea8aa6a8f4667d90cca9f25c1c5040c122f947c2ce4dabf557489836ac6644242bf915e64b10e2ca2f987afa77da76b52edf70 |
C:\Users\Admin\AppData\Local\Temp\kYYS.exe
| MD5 | af600eb1d57d8b55faf30bba257cace2 |
| SHA1 | ed36b782c6b628acc6d859a99db83332236277f9 |
| SHA256 | 878efe4fffac79efd0252db10c97c65cdadc933f0b470848f161572fa70f2699 |
| SHA512 | 7b98c7c39fdea7e24f45fee42d75a64eff73aa562bd36e4d9fbd681ef04a28d12b4751b041f1e71e810778e928b7dc2a6e5312148ac85d32de68cc27e58b042a |
C:\Users\Admin\AppData\Local\Temp\QoMW.exe
| MD5 | 6c37c22763ba79393e265f2fbeacfe7c |
| SHA1 | 92af218ec52d56348af647fba1d4f9c02e328521 |
| SHA256 | 8c2aed8474549147636d185b9f0e9c715edf2865b0a28f28c0aa5d9f20dfb9ac |
| SHA512 | 65ab9491592a0e508f12ac7537ddb6a79ea77230d12df4eeac79d6397c4e8d19beb0fec6b47addfeb5d908510b8f0d64806bfd7b970141c44966754c3bca2dcb |
C:\Users\Admin\AppData\Local\Temp\YUQS.exe
| MD5 | 45ba1074f8270eafe2bf1af54d7fb69f |
| SHA1 | 53937e2e4824eaf5b5480a3b65bd957f3dcf75c7 |
| SHA256 | faa037c2293b3010b4384398da54e4715c884a2eaf99a0234926ee9c0e71abf9 |
| SHA512 | ddf1a71de83587e106f7e1976cc91b0fca60b1ffd598438d81fd8e8b2e01cf6ae8dca2d4f7666afdde6e7065a623cfac7831f0af9017548bc87014520fe7e606 |
C:\Users\Admin\AppData\Local\Temp\ugQM.exe
| MD5 | b73fcc12cf8ee2b414ccfa8046a15750 |
| SHA1 | 1882d509eed247a97e7b644645fdeebc091c7f44 |
| SHA256 | b1643e4f61b92725ff6ac2ff1a1abfc3d54bb16c3690e57801252cfc5b44bb29 |
| SHA512 | dd8251edb104653dffb57ddc9d38630e8288268def9f122aafaf5f3c83e6100bffaad365570af2583ec7fbe1b1baa4ddd165041565cd8a42c407f1fc2263db42 |
C:\Users\Admin\AppData\Local\Temp\IMso.exe
| MD5 | 6a9e962ef2b16f4329b759bc1ab1a064 |
| SHA1 | a02db8bc03460ff37b9854840eea3268b11c1e9b |
| SHA256 | 085f0fac2e1a29e65b22e9fe000ebf14aa22023120536af747c8af4247e5b4c4 |
| SHA512 | 2acaff097a579cf0c10da6598427c05749baef9f2fba8113914807c90075f5b77b096a1509a8035e6ce1c32af3da50ae95d572166b2748bda7642e65f5e73c42 |
C:\Users\Admin\AppData\Local\Temp\YwUA.exe
| MD5 | 6451bcacffe1f4eb04d127acfa02d778 |
| SHA1 | cfa8c2ffa8a21b134b2b1f56db91f9b7551e1cff |
| SHA256 | d006d390a08c8ca2bf1f67445271caf2afe81935d51a63195cd045b234f59160 |
| SHA512 | 8b98cf3a5365983b7680cae2375953002024dfa15defda243ca8f8114cb61bf0798661d2b55ad9c178adb282baf7c27b6c7bb2ed745669500260d4cc816bec36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons\64.png.exe
| MD5 | c3843d94e421481f26953668b8a9342c |
| SHA1 | e1c79e53dcd0f15c255c2a82b1d21496b86c4bba |
| SHA256 | 04fecdb9a6c477431c1383236440ddee2faccdbe9c3c5b7db86bfcbfbec65a6e |
| SHA512 | 64f3fab52f211c853fba74b699f8f0324b2a85caad70004c21d72ff6ea3c0cb6c6b9726b93355f6c16167577064f9023b8f548e9e8ea5527e3969341ef95f390 |
C:\Users\Admin\AppData\Local\Temp\McIA.exe
| MD5 | 07e06380b5822e9f2fbfddb6c421ee5d |
| SHA1 | eb9a1e42402165be019bbf800569fd03299afa3b |
| SHA256 | 8dc12d50fcb8d1fa32356860721a3f305cfe2a97cf139f6c878032b54fddfe57 |
| SHA512 | 746f3f6b0fdbc84dc49d4e3f1161a38864512d045b03ee8f78c71ffbd9f924c2351a9def2794b97a87a991df94c6a6af65493cc5cd5926328435f95e1db2c822 |
C:\Users\Admin\AppData\Local\Temp\CgYM.exe
| MD5 | 1049e35280d2a31c19182307b8b1514b |
| SHA1 | 1c25fa2a859128cd4a3faa848fef0691964948e0 |
| SHA256 | 3c9449c695be366c88c427d1680ba97f2771e869dc92920741f92d9d1ae50c63 |
| SHA512 | 67b73617af8bfbc6ab17ce2fa8b8705573e4c6ffc9ff41dd279551a3e40ee678c6d56cafa7a63b1a8fcc01e48f0c0634879f60b63d3465141ae8b312866884c2 |
C:\Users\Admin\AppData\Local\Temp\uQsW.exe
| MD5 | 42064bee209d292692ababa6ba67a52c |
| SHA1 | 1a131e25cf6c8c10c57cbbe396a566b6a06914ca |
| SHA256 | fffaba9bc338d4249863964253406b3547f6bc2f4dd68b0eecaac347767a461d |
| SHA512 | 2dbf006e00c4bab3bb68d9028e03005110f95808d0585dc2795506b5aeed7ed52ed9aecf17c28bd141bc8c15c9b82f626359ce8d8c799211b1a48081554fb8c3 |
C:\Users\Admin\AppData\Local\Temp\gYsO.exe
| MD5 | 60570cc1161e1c63940523930d04a873 |
| SHA1 | 7e5635b140016f959c4217aec9a6298f5f50f78f |
| SHA256 | 3f76951f7df7a348fbbef6319812f2061af4240ee30f79dc0f977dde961cdce5 |
| SHA512 | 50b81c016cb6179b80468625c573d1f2f1513e6d27359b73f5973d4449541f43073aac7b137a702aff33702fc100136f96d45f70a55eaa4c1831c28cadb0989c |
C:\Users\Admin\AppData\Local\Temp\awQi.exe
| MD5 | 8cc9a7ac0c05f58eb6ad629179763e82 |
| SHA1 | 3b1e11e5e90004b3345d91e5c500a08ce5390b6b |
| SHA256 | c099f85c01ac5a43fa6471817bbf6e9fa3f94cbc964ba051f44eca3fce6c6844 |
| SHA512 | 6483ca11160d4052e48c66bc621f10f2dd2bbeb24249754f278a9758c829e90428b6b8010d30a660e72a9e5abb6a249c2d7609d7cd22d9c17ca371e9e3022dd8 |
C:\Users\Admin\AppData\Local\Temp\okAC.exe
| MD5 | a909b2ac1ac6fd2a23272cdf8f2b54e5 |
| SHA1 | 7a1a13f7568de9370c97578652aaed2204145009 |
| SHA256 | 882dc7f090f126f5bd8d451f43f94b6a83afa8822a3cd94ef7366c2412b0ee38 |
| SHA512 | 395babaa1f86350b048bef294ad464e4215c7d424a9f462ba9dfe292e56b76b3fd09a71e5426e82f16ebca2a96de260b36e81653829392f769da64ccdf689c9c |
C:\Users\Admin\AppData\Local\Temp\Akgc.exe
| MD5 | 25e3aa5db8f73edb5544ed9bfbf38f9e |
| SHA1 | 5e8a2da5b5e45399d0dd64af76715ae9d954a986 |
| SHA256 | af9403d065314c5d7abcd3861c6536133462f2aa75a64d70aeb5fee2617f7a74 |
| SHA512 | c08fae684ed801c7688e768b2964b328a146c8098da555486148e3ae5a64f788128a79fda528ab5020bec635c7f2f77a701a8a657a24181945817765a407575f |
C:\Users\Admin\AppData\Local\Temp\assc.exe
| MD5 | e3f4a17d3747f71a86a63a7113b7734d |
| SHA1 | 1b86d4a788403a99061738a59003fbd108842e57 |
| SHA256 | 3ef1d5c86eac2e4f50c2749c1c91031e3b246668bc8bd108ddf7ecac3a3ca503 |
| SHA512 | ade6c78a876758539d433c1feca6dfe2d840f8cbaf531bbf6b13d268240e06f0f8fa52e00bb158ded4b6bc8095e007fefdfe246df415d1434f763739c74155f0 |
C:\Users\Admin\AppData\Local\Temp\cQEA.exe
| MD5 | 30bc7aaa6cd7bbfdf3901793e094714e |
| SHA1 | 63ea4fcc9e952e97275c1d8417973348f690ddca |
| SHA256 | 9b953721163dfaa29990450a901cf397f5d54dacd588e714e81d6b3f905217ed |
| SHA512 | 7b9d3a388ae1ba32f25feedf401298df253c7e922d7300fe6c2aab28b0d57adc0c0da2bc318999db00fb61a2a9d50f571f48c69adcd3c3ec85e09fa2fe422ee2 |
C:\Users\Admin\AppData\Local\Temp\KkAo.exe
| MD5 | 91878dcf304f7f7fa0e9abb74495aece |
| SHA1 | 1ac90db86449e105cc0076964262ded1f630a2a3 |
| SHA256 | 6b350db90fd33fd1e488dedc62d351005c872489041d23a12dd6fa35a5d5f55a |
| SHA512 | 99a7b0c214c938c1bd41d6db56a435297a0bb80e07cafebf854e663105728e4d228805fdc20d2a9f261b877c1260a8ce7a9816cbe9adc8f44be728929c6fe866 |
C:\Users\Admin\AppData\Local\Temp\scMy.exe
| MD5 | 58c5c9485c7300ad7886ab95f6b636fd |
| SHA1 | 1f67e0f97bbd842c6f12fe9873b9ad1ab6025b0f |
| SHA256 | 0a0ad0c8894ae5eb87f04e35c01662c623de1d345b086e2b8076c8282ecedc7d |
| SHA512 | 099c7b768bdcc19b6e8575c69f8786e774f088b25839d12feff409331c179f0eaee2db7b701a80ec2476610e007095e6126f9c036f0b0296e82294835125fe93 |
C:\Users\Admin\AppData\Local\Temp\UoQc.exe
| MD5 | 52d4e6fcd9592236aad9229c2c690d7b |
| SHA1 | d10dbf4423520e4adc78883909217cdf72906df0 |
| SHA256 | 806e9f06e81103ff47196a26578ca9cc6e8347ff08476bba39c6c9a74a32de0b |
| SHA512 | 6a398353fa86c9d876acd24ae31bbbcba5835be7fc806aa94b02c3a71ba4906eedad4da08a153693913ff746891f77d4e2116be47b8ba219e53fd4ee9140cf31 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Error.png.exe
| MD5 | 0250ca958875178ffa1243a0b1a31f30 |
| SHA1 | d7164f23e1ed1db54e9b8a922b8553994aa7ea89 |
| SHA256 | 3d0117f1ffacb6817c360051e255c062d9e492b7df8fad039094d5919d900d28 |
| SHA512 | 2692bbe69bc8a4789087fb2eff8ef8c84d6fdc2a7725242129fce77b62ba7a7c89069a2d7968ece6d7c0ac5db5d238a48a0a4b5a826381dca36098bb393a17b8 |
C:\Users\Admin\AppData\Local\Temp\SYIA.exe
| MD5 | 12e8192e7f05b1c102988f21206b7cb7 |
| SHA1 | 0e35b9ad339fb446f5f772e4389c55969b1a5da6 |
| SHA256 | af7a0f19b0e23eaa536daed1565203371dda38b82c320bd10f831c404837a00d |
| SHA512 | 5169bd8dd11824e6a1935a5fafedadcb527ee6484a16abb08eb9b25edd4d5f9bf02ad20e205aa3d328b35e7b4d5d9a6cf2e756ed90bc587ca05b74de14391176 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMLockedFileToast.png.exe
| MD5 | 5a1fe70b23268cb1c05583e014681929 |
| SHA1 | 65cf66a858a8385a9b44a6af423a6d8811b3a707 |
| SHA256 | 959e3d21007d70c6642e0e2886cd6435fc6b8f36a4cecc40ba7e50080daef920 |
| SHA512 | f942198673fb6522d75ae7e38699412e426cbb03504d1c3725acfe4b3e9a286ff40d53656ee7fe8c120dee0b55f768defef8a2488677b4deb58a597922b938db |
C:\Users\Admin\AppData\Local\Temp\qsQS.exe
| MD5 | 90355ada61c2f6c58b5ba571e58bd7a6 |
| SHA1 | dbc255b25549ef9097c85b3471ea5f0e51922fc5 |
| SHA256 | deefa5c4f70f9e0282af9943b54f49f9da31ec228229d26814084ba6c3e4e62a |
| SHA512 | 8583f8adee9e451720a00bfae8b0e386280d677b2987f0f3e74b0138450fede0d86746809de71136366db078894fcf64b2ba88e348e9b0628eb54d60bc573ece |
C:\Users\Admin\AppData\Local\Temp\GYwm.exe
| MD5 | a372d4845598e0ff1cfcc5bba637aae5 |
| SHA1 | ab703a19e376d1555a7e8735c2a5e3307ded928d |
| SHA256 | 455b4384f67ee5469ec04cae63f3e9b1baf73b4515836b139c266835fae5d8f3 |
| SHA512 | 6b53e120486d62f99b0ae49799090e7bd8d974a2217919d0f5110a8a40ae74c4ddd2e9dec928544d8c64ee3659ed11d7e3c21d72a8d2cb5cf529b2aa620da95c |
C:\Users\Admin\AppData\Local\Temp\KIEy.exe
| MD5 | 7510f93f027536e67749901b607f455b |
| SHA1 | 2b0c9f7c05c035c8b3a1217da566c561344ff371 |
| SHA256 | 7327af01135f432f35bf5bc0a8062731cdd2b71e7bc6935f2c3905b2ffb929a1 |
| SHA512 | 2a3723016a6521826bb11ad89d917066266a620a5282eba6838567c7526a27f8ef92ba659b4c1b41ab7620504e4d2492fe7c2cd79ccbce0c96d885be53c5a27c |
C:\Users\Admin\AppData\Local\Temp\iEIA.exe
| MD5 | 21be810436b85be1281754185c58ba12 |
| SHA1 | 91d1662196aa394b9cac86ae7aa63e996c197f32 |
| SHA256 | ad8cbaf50e721832cf9e0af2f594057f018d999414f9f36d6f905688c4bd3305 |
| SHA512 | b9aa24b8244fcd010545ffc9bbf570c223c5d016d8f3af27de7ff9a4417e9e83175f740f31a65622a6406f758595e32de71f9b8c27e013613a638420be578d59 |
C:\Users\Admin\AppData\Local\Temp\qwkW.exe
| MD5 | b0364aa0190a7b6ba5855544f80d334f |
| SHA1 | 9eb5ad74be34b97215ce9dfccc2a2961ea5ab833 |
| SHA256 | 8a296230fef7d5148149abc06f2aa3d5fbdfc8ad69699069392200dc05eca2e0 |
| SHA512 | 88d9ba2b07328dd023e25364028a6c7ab4e9cb088f28af2f5742ab8a463ea6fdc31651e43ee521adc82c6a9b45f18bc3d01108f56322588c976f39fa6423ad58 |
C:\Users\Admin\AppData\Local\Temp\WUUq.exe
| MD5 | 436f6bea0b40b148c4b33c021cb1a8ff |
| SHA1 | 16e53f083bf6dc8c47edc7d6b1493a3b69bde580 |
| SHA256 | b803f8947859e9b031eb02f57be01b4e7adfc46f22dc85b0827608ea5c96f863 |
| SHA512 | 0bd5b2c2f8e54bd734939f11637dabe8648d5b59464c9f6146c8af7144e882233237a92fe9c663e1a54dc152a21b1853e8094ef1f991783763793a22744b439d |
C:\Users\Admin\AppData\Local\Temp\CsUA.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\SUMe.exe
| MD5 | bcc79f4f572e2b9a42c20976d88f6e70 |
| SHA1 | f6d6415afbb9e930455bfdb1b873ec3a3dbbe57f |
| SHA256 | 97b18026df9bf47ac09dac98fbf3bb89ef75f8daa10e1499cd7608c6a52f00da |
| SHA512 | 9840c608174cb688eabca78e8a212028594cdff4e9f6f8dde91e35eb201154348d2f836b1e1f0d276f1c65c20ae52e7f5906c2803e56b74d657cbf0de35fe051 |
C:\Users\Admin\AppData\Local\Temp\OQIY.exe
| MD5 | 439092c50ef4b3d4a0660392d4ddd71b |
| SHA1 | 19b912c38371d34ca17fce20a71fc4b634ba18d9 |
| SHA256 | 6c9f265411d70b237ea297ee65938d32042e7239b109bb6e02be69c7d5ebe000 |
| SHA512 | aaf1109554530bb24d27f1748428f92f25117e4acf1aa6d9d9bf3c601c73943e279e131fb7fec16cf8798124c744f6efd7709666ce89800cf9da24d11d46c1d5 |
C:\Users\Admin\AppData\Local\Temp\cUki.exe
| MD5 | e1f0eba84cc20457544bc7bcb98dcea2 |
| SHA1 | 968611813c255e0e35f380454b0df0f30afcd51a |
| SHA256 | b59d53d9370b127be947c1d67cf6ba59d8b38c8e3b617c363389280e3a2dce15 |
| SHA512 | 28f9c7ccf599da12b8bedb5025ffcbe766dee458d6c56a41fa3643d107c0e7b378e69c741f28e809724dc5fe132601059c01dbef654b936bfd2accecc0acbec6 |
C:\Users\Admin\AppData\Local\Temp\yYAq.exe
| MD5 | 500281e22fc62870f09a46a0a37f93e3 |
| SHA1 | 995a7699493dc422df5d746a9453a5b1953b649e |
| SHA256 | ef6bce197edea736332c326eee2a950ef0b8dc14f6ba33f56e53434212f7aac1 |
| SHA512 | eb339e9e3a7f72fc1ff0769f8a9246c2658d7c7083570e7855920adc54269ea6d8d375de93b557efbf78f9544de08d5beedf3ad7a47389155f3d2edd3e6a0867 |
C:\Users\Admin\AppData\Local\Temp\coAC.exe
| MD5 | a007df397279a43b87283e813c26df9b |
| SHA1 | 7ea52c835f57b90de1d4a726060c08125f0e2e05 |
| SHA256 | 94bd6fed27f59acba4552acc1675e4000cf50713393a946063216acef14c0906 |
| SHA512 | 531f03f876123c296c3693f0f2b6f1ddd2c22d3c9d9db2162f20294db742aaf352b5cb361e68f692426945f081614c9356cfa4f0636ba36092faab4e06935d96 |
C:\Users\Admin\AppData\Local\Temp\CUYa.exe
| MD5 | 9c3827b64d27f6b7fc0284ee921eec9d |
| SHA1 | 401f95e433c129b6a92c0b59be11df4c868ec419 |
| SHA256 | 70a3645ef07665a1bca1a4495a0eb2422d0c8a962290c82fbf4698f7986029cb |
| SHA512 | b1cfd5b682ed22ce61d2a04cf5a9690c6f9b7c0dc7cde6c7222df72c8cd5a23179d210245927a6b0e0848de5879569639cc36784c88523dc293ef295f1573691 |
C:\Users\Admin\AppData\Local\Temp\GccM.exe
| MD5 | 9ed3914bbc0a97a359d178298c76c1ee |
| SHA1 | 31070dacba45523db89f5039e37abaf8e53fa837 |
| SHA256 | 3589244c7f9cb36077a2d9cdf13c8a25baac2fe6cb9902d8bd0b88d44154253e |
| SHA512 | 483634512062c20f5e74d4fcc4ff7f25675d8eb11a70f39409a7dd1d08dc134b0e59c19f83587d8cdcfc408c97086a81901c9f4fc97e1bbd2b0d371ecd5f000f |
C:\Users\Admin\AppData\Local\Temp\IwMC.exe
| MD5 | 6157bf537db0122d2ad0d6291bf8f9e7 |
| SHA1 | a5e71acbd03bc3fd3466a6a320f77ee4f85776e7 |
| SHA256 | 015a945d932f5414131688e0e31ffa6b045e6231fcc5405b2dc1399ccc70ce35 |
| SHA512 | 67132628e9fa2dda7f682a30ebc41d180fb1f519f338af65432a403654a6ba0f865b00006e1a12c2078cd2799c0953233f2ec1391fedd75ad7a57396cbec1356 |
C:\Users\Admin\AppData\Local\Temp\aEkk.exe
| MD5 | 0b9807195b76378ce8416c57798e92aa |
| SHA1 | 6dbbef752e326b21f46c9e31ceec3b143b9772fe |
| SHA256 | 33a0f5e0af56e48e501c81ad7453368f410a80e1aecb4b8d350da01f5a0027ab |
| SHA512 | beb181abb841f0028aeae9e21e6bdbca1ebb8162022c09c47be087df3206d146bc05641f1c3ffea2e7a26320ba6b5ab86aa57f792f8a3b2803a33cb77ffab834 |
C:\Users\Admin\AppData\Local\Temp\GEom.exe
| MD5 | 9ca14b68fc83c9804a89eb6edc18cdc6 |
| SHA1 | 4cc9e773b607fdd7665444257ea4ccbba40b2987 |
| SHA256 | 39efbb43838a8446177a315748d4c885f13fe8a91cfd3fac1a8aac381aac0dd8 |
| SHA512 | 767aa2b45835447d0574c38795c3181d808a1fe80c9b7ca2aadc7d16984fc8039fec3640b055f4dd55c582a93ea4a04ab21399df72ac5dec78223280ba83c2db |
C:\Users\Admin\AppData\Local\Temp\MIUM.exe
| MD5 | 3d68a762dfe2fc9d34ea803537a5f611 |
| SHA1 | e290287b77bbcc8bac7f8aab0501daaed791ba6b |
| SHA256 | 17c4a8d3ec9c8f61e440c200cf0f49a3d94588686790c7ec0f69a431592141a5 |
| SHA512 | 639cb690a41683dafd9433ac87dca4950af2866c5803bcf777da97c9c2b38af9cc547ae41bc57f654257872bea0f4ecca264cb0e1f9fc9a56af40899783a1c9c |
C:\Users\Admin\AppData\Local\Temp\KEQQ.exe
| MD5 | 2bb8e128a634e0702b2a67174fe5f1d1 |
| SHA1 | a7d9b807e6a6bb6efd13864dd6b3bcc88d05b2d3 |
| SHA256 | ce0293d46736da4609f248fea08bed83b7df60c364c58bc9d98e0705a83eeb78 |
| SHA512 | c4c086ecbc272818915713a3dc571d331eed6ecd3da0369dc34e8118b985b52d191baf8e62c8c6eb181b7a2ddc57bdcd8a3ea0846e0a301933a4d74c9a529027 |
C:\Users\Admin\AppData\Local\Temp\wYQa.exe
| MD5 | 95490b45cff6c9d95ab02302df7077e4 |
| SHA1 | 9815f75fefcfd4d37c754e6c2c530d9561c3882f |
| SHA256 | da1fde59de846b3967d3c0b8b9ee900615b76396fefc80fa829077400a70ea71 |
| SHA512 | ffc5cbeed8b2c4c4642b7efe11ee9c7feac69e651357e58eac83d55f775859e7201ed1fceac4dd1d097d81bfca67a12cc226c871816804433cb2e303265f1ec0 |
C:\Users\Admin\AppData\Local\Temp\wUYG.exe
| MD5 | a3a1c642e854c5d917b74ef08038c12d |
| SHA1 | 02bc21171f2efedfb55e9c1b654fca1f2f51b995 |
| SHA256 | 28dc64aa53cb886897f464c37f31f63ef3a693ff1aca4f77f5687ff4f5164b26 |
| SHA512 | f8c2ee0d9f6d81623851f6ede4a437373f5722d010d3b9954dab251c34c980b3c7f3712d0f7a78f0ebe0a2b2ead6d5c2143738d203c67140a5005b007ea63fed |
C:\Users\Admin\AppData\Local\Temp\eQwA.exe
| MD5 | 51732cd7df159f0485d65f77ffc0f41a |
| SHA1 | 9558305deb2253d962fec4d6e60c1e6c207f5eb8 |
| SHA256 | e5b99d124669a46894ad373c8ff2c0769269cedabbf3fa41ec2cf47005b89111 |
| SHA512 | 0303b69cd2e73c95bc142acc6cd97ab2a20df7e31e79e7fb61754497b2449f0fc81ba8c21bb0012993d8ed7d9c63c459f05e15bda74ac917b67004d307b5616b |
C:\Users\Admin\AppData\Roaming\SubmitWrite.gif.exe
| MD5 | e92b3c3c1c7d2cde4e12e4739bed061a |
| SHA1 | 56c1634a3b7ab60a4e7c3c4e98b2d2043757bb92 |
| SHA256 | 5b08fe30dfd4e9f85443e087ab255d7215fa985c7680ef0af878c2ced6d1e559 |
| SHA512 | 322873d5641dd4747186606cbe52e0945a745e4017414ec950eb73635ab948210e028077d7772521adaa2ad708ddd7582137e43f2f1430a6e7b2ee9241dc3d53 |
C:\Users\Admin\AppData\Local\Temp\SEcM.exe
| MD5 | 5a6ad929b0184e7e656a9a51fc7888e2 |
| SHA1 | 2e475fd4a62de46cbe1e699593cc7c2ab1f24c61 |
| SHA256 | 28f1d4b4888f7ac0e38085f3d9dc89b3069b1446bd24852f910e54d933a3da76 |
| SHA512 | 5bacdb11184cd4c89c18a2e989420ba6f9c364b8fcd7c7a820755e3c73ed63ad0535d031690a66a4505fd531c1c6add9b093d472aa16e50b94c07983b5f54698 |
C:\Windows\SysWOW64\shell32.dll.exe
| MD5 | 5d1f378577bb8bd9ea4b6577cc78fd4d |
| SHA1 | 549ce8f2e57f43eb7d6a2e9fbdb69abaf2e0a571 |
| SHA256 | 1991d9e136e84e311ad127eda548dc650fb0363456df93e7ff80e4cf6cd67188 |
| SHA512 | 744a25b23ac7e250a1b1c5bfe19006b55e779de60756a1feac2cd148884172723905f6ba8b9e1a678314028ee34ab022a0b2788adc67533c99c5883adb357606 |
C:\Users\Admin\AppData\Local\Temp\KwIc.exe
| MD5 | ced2a14248412deee5a966cb934e2d84 |
| SHA1 | e9db1854383dbd2b7a3528dd752ac55b5ea93167 |
| SHA256 | d10e04d0c4231138b6d112c59903eac213fc5154c502801ad948a0664233710a |
| SHA512 | 6f6d6cd6db20ba8bccfcd1f2ad88d229a40bfd017b6b181c6e7ff0e3b680e10b7e2d10db50f987f0983b95b467fb9357de903346dd10d1070714010976f8d5a6 |
C:\Users\Admin\AppData\Local\Temp\mIMm.exe
| MD5 | d5897a8d0a2d33bb2cfd22809775f8a6 |
| SHA1 | 365eb8fb1976e8f5d2fc69c42faae89d1245dbed |
| SHA256 | 0b480881c415b762dccf8b247a803cff6c9f7a10a8f5ed28623bbf0e48fa6bf0 |
| SHA512 | 9eccfb43e5395a9524cc75b98e9e8373761b92777f9e0f55c525e4b5a2941ad1415f10b5aa66de161bc9f24faf1cf57392d7d3f20774e2d2943398caf37ee62a |
C:\Users\Admin\AppData\Local\Temp\WkYU.exe
| MD5 | ac231deb85f8285437b0be49943fcb28 |
| SHA1 | e0c33dc721be176a8b45bbf4ccb4c9900bb9a4fc |
| SHA256 | 9ed47b49d8bb90541f3351b1591b3becdecd2300d113e3b8e203d8e721138354 |
| SHA512 | c66658653131df684dbfc05493a596b0c226f6ad1c232a9964d7054ff730c0e7fa8e5087f676aa5368bd31818998b2fdb93e01559106d99ed7ea0ab03f29a4e9 |
C:\Users\Admin\AppData\Local\Temp\eggo.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\Kwwi.exe
| MD5 | 9eea391412a9979874f94b4da4888387 |
| SHA1 | 2dbcb4bff434f83b623a93eabaeba7cf0dba614e |
| SHA256 | 005fd951a59db2b38f315f3b01aadf996783ee2d07a8cdfecb2fc43a8d7bab77 |
| SHA512 | 206793a85b77c2657034461017529ad320867f666209d8ef925d904773c223b4fae6f3745478f7fff3d4745d83316c422fbfb61bf6627b8cd907f840d9fdcff5 |
C:\Users\Admin\Music\SelectStep.xls.exe
| MD5 | 0dced73b1f824b1a674e7fb61906f76b |
| SHA1 | d5b44ffc225e8ef0546356d135b9dd06b2e738e2 |
| SHA256 | d5f6eef1f3db7955f0502dab7e3b94abae4f3e491e1ea780a96a1f4aafe1af08 |
| SHA512 | 1ab1e03adff3fd885388e53947e394cef6c74f9aec4612e918a1772fc575b81945ef91264222e98285352919431696ada7177b51ea13f1a739670029b27f48b8 |
C:\Users\Admin\AppData\Local\Temp\uggW.exe
| MD5 | f512b82fea2b914a1759a3903911cba7 |
| SHA1 | 80da59a552b269f65867de38193886371e2340aa |
| SHA256 | ae6e1e75d3dea1841a7f59804bfa3b55a95ff94764e4f53828df590d808f683f |
| SHA512 | e81e6dc9119ce85cc94ef641ede5a9e00ea76e6e5a01b6e6658ef23564d5b37cb91011a85c7a0ac432c4e73dd5daec8f9fad111f064dae91626b1e598588426e |
C:\Users\Admin\AppData\Local\Temp\akoK.exe
| MD5 | 1a9f4a2b6ace734d3aaff3987153963b |
| SHA1 | 00e0bfaba0c89e617e850198ffb1f0a11b32984d |
| SHA256 | 15249336382a4ff0d4d2fbded263fa0075fa9c791723b8fdf5efd1be963d97df |
| SHA512 | 80e84e309a2fe345a7d12acaa3bc83dc3891585aadbfc152517573e84d3f60c412978774d3ca10885d45957e6c3d6cc98e6caca86e0631c928bd5c06ae57c22d |
C:\Users\Admin\AppData\Local\Temp\AsMG.exe
| MD5 | c6673a04db4069b5a9133420476cc51a |
| SHA1 | 83095ee41d0995fe6e3941affdd3c2f89c703a4a |
| SHA256 | 7dea2b65c3df73fc8506e691be6dd8d4928fcfebec56af67db4c563e4bc104a8 |
| SHA512 | fe1c86af69af3c6e693d68870a1f719919339624a3108f52943846122b2aac680ba40364b796be15919ce12dc41dfc228720efac83557448a6f42e439d7ca25c |
C:\Users\Admin\AppData\Local\Temp\AEQa.exe
| MD5 | a2b479a1c585f9368aa84e6c0e067141 |
| SHA1 | 48c8c0b642e9ca537fbcd45d58991e3cd307e7e1 |
| SHA256 | 046af6647d58cd127923161c114d6a88e570f6eb9590e6ffe56bb869384cab6e |
| SHA512 | 537e5aaff72399ebdf66a704a16d9c604aaf86c1855482c83da253eebfe65f327b00a21ad25824adb505d4d1c3caaaa86efc881fc28f33cb7baf3036d8dec1b6 |
C:\Users\Admin\AppData\Local\Temp\ygwM.exe
| MD5 | e4646e05f7768a7da804b17b7b3e5b31 |
| SHA1 | 2b357417cffc6163d85ee5960899c31e26e8c6a5 |
| SHA256 | d8151f65dc2388de24326f97ef5f7f7e57217478bf000c38c80fc67a9caee8bf |
| SHA512 | e17b290dd676470ab3d846fb9ab89dd7b5f2a00d6c6c18cb8aa6805611afa4e45ef24294071080aa5ceec44b1ff4032e23a17397b770b7c1b1523c4a09a34761 |
C:\Users\Admin\AppData\Local\Temp\cwQG.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\CcAq.exe
| MD5 | 13dc0bd596251dc668f61af97677b2d4 |
| SHA1 | 8fa4c85278570e3024d07a675a648e30593d7236 |
| SHA256 | 61cc1112926abec3865a5233a2267be843fa40897f0926492cd08e652b6477ba |
| SHA512 | dec50b1523be8de977a52ccc2644edfe5df983e2d5145da3ee49976cd6935b0cd0590ff5a728afacef83533f9374f468ca4157c7fd1800eef6194d37de79ef1f |
C:\Users\Admin\AppData\Local\Temp\kMAu.exe
| MD5 | f3f10120d165c1b7355f9bc314515402 |
| SHA1 | 66c051731c2fecaa5644b425b5afdddc42949f14 |
| SHA256 | 5a5da669e428d7b92c746a798342a718f4e63da2e00cb61a6b756770b77c9ba4 |
| SHA512 | 348bfd7ce61395d37861a2e7f1aef5e47abb87a8bdffdf59bfb406f89f9668579b7432cd39847bcd899bdaf57602033012bfee2c4971b16adad753837d3210ef |
C:\Users\Admin\AppData\Local\Temp\EQYc.exe
| MD5 | ec3825570ea90080ca05a22fb1d08295 |
| SHA1 | d0b06b4eed2cd9efae38cf00cb293024ab94d18b |
| SHA256 | c06435c75335f4311a0fe8edf05798b2fbcd7d2ef54dbd0aca363e32dd0d9fb6 |
| SHA512 | 1db208b5a61d01106ae9a6d26c1778b5bd63d4cc5776dbe67a971baf195a228c6f40b8358f0eedeac8764b316aaa7a13ec86a5e59c84893753180c4282c0fd4c |
C:\Users\Admin\AppData\Local\Temp\CYAK.exe
| MD5 | 5e48c1c802ed141afae7d3220f6c646a |
| SHA1 | 1a2368150ad6bd13b6ae6aa57818b6857d2abe27 |
| SHA256 | 06691b42b479fd45b898a6d3ff0116290209534141ea4e067e50c5f75c56834f |
| SHA512 | 58f1cd43876a49f8e0e76aeb6050e2b969dd0cce0375ae2b6bed7f7b6ead3110d6df97cf5ddfe8857f22493a9a7f375166a9360a6d0396868d5c491a45d694b3 |
C:\Users\Admin\AppData\Local\Temp\okYM.exe
| MD5 | c98e79b0882f07bc4f5dabe3e2608bbc |
| SHA1 | 0a2903bb31f9edbd6212b0c19ba1e84ed9892d80 |
| SHA256 | 97a9aab261bc08931c85764e02334c8fc8033ba87e4af9996e8dcd3014b673e3 |
| SHA512 | 507d474ff7c48e4fb77535b02dbd00403c9f44af0660ab3524bd0285c11dd7d3c97badbdd286b0c4777ff020a6d3cee020e509c7bc5e25bd473e80cceff52a9c |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | ab2d4ecd7cf40ae991326982169d0465 |
| SHA1 | 2bdfb33b2915af8304a196f46742bab76ee56503 |
| SHA256 | 3cebda4dbd46b96d7752cf1e1d696ed9830db50ace7c6db641498a17a8a23e34 |
| SHA512 | ff8c2f1314d3890f47cbe13dd60e303deda6bf0ef95831263570f3d6238928df6595ac6c022ab752d88f1c380abb9801182a222cf9283f99ad27618ea987b969 |
C:\Users\Admin\AppData\Local\Temp\oMMk.exe
| MD5 | 6849967486d39fee31a579bb3f7d1b56 |
| SHA1 | 26479fad235dfe842aa8dc73240fd5ae797abecb |
| SHA256 | 31166af3dfa9158feeec4ffb5a05a5b68318fc646b177e5ad4a691b1adde9cd2 |
| SHA512 | fed92fc202c8deeef9d4f8db5ae277e5b1f4fd4f1ac77eb87152bbca8a515b0bd4504d2ee9b6ccb7747f1bca316c191239eff278f08457a84a754ca0be9a1091 |
C:\Users\Admin\AppData\Local\Temp\sUYQ.exe
| MD5 | d23acef55ee9651dba605d0bc1c549b7 |
| SHA1 | a2f9ed905fa747610aabc580b7554765837161d8 |
| SHA256 | 2977c6f2e9e4e5cee35cd3cd1dc89892b60510f8debadcf9d224f15f28da389f |
| SHA512 | 37d91ef3da1de7e7d4bd90c13b2173c5c1f076a6618ab6b9e12630ed66dfc1ca35da27d5079787841adfbf3320c479896fc80e2d9caefdebd7cb50f2b3120f4e |
Analysis: behavioral2
Detonation Overview
Submitted
2025-05-19 14:50
Reported
2025-05-19 14:53
Platform
win11-20250502-en
Max time kernel
150s
Max time network
113s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
Renames multiple (83) files with added filename extension
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\zwwEcEQs\ZSksQgsA.exe | N/A |
| N/A | N/A | C:\ProgramData\VIMooogQ\yuwQEogk.exe | N/A |
| N/A | N/A | C:\ProgramData\VIMooogQ\yuwQEogk.exe | N/A |
| N/A | N/A | C:\Users\Admin\zwwEcEQs\ZSksQgsA.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yuwQEogk.exe = "C:\\ProgramData\\VIMooogQ\\yuwQEogk.exe" | C:\ProgramData\VIMooogQ\yuwQEogk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yuwQEogk.exe = "C:\\ProgramData\\VIMooogQ\\yuwQEogk.exe" | C:\ProgramData\VIMooogQ\yuwQEogk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Run\ZSksQgsA.exe = "C:\\Users\\Admin\\zwwEcEQs\\ZSksQgsA.exe" | C:\Users\Admin\zwwEcEQs\ZSksQgsA.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Run\ZSksQgsA.exe = "C:\\Users\\Admin\\zwwEcEQs\\ZSksQgsA.exe" | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yuwQEogk.exe = "C:\\ProgramData\\VIMooogQ\\yuwQEogk.exe" | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-434880884-4028056734-3558218839-1000\Software\Microsoft\Windows\CurrentVersion\Run\ZSksQgsA.exe = "C:\\Users\\Admin\\zwwEcEQs\\ZSksQgsA.exe" | C:\Users\Admin\zwwEcEQs\ZSksQgsA.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\zwwEcEQs\ZSksQgsA.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\zwwEcEQs\ZSksQgsA.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\VIMooogQ\yuwQEogk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe"
C:\Users\Admin\zwwEcEQs\ZSksQgsA.exe
"C:\Users\Admin\zwwEcEQs\ZSksQgsA.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\zwwEcEQs\ZSksQgsA.exe
C:\ProgramData\VIMooogQ\yuwQEogk.exe
"C:\ProgramData\VIMooogQ\yuwQEogk.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\VIMooogQ\yuwQEogk.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VsEUUcMw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\ProgramData\VIMooogQ\yuwQEogk.exe
C:\ProgramData\VIMooogQ\yuwQEogk.exe
C:\Users\Admin\zwwEcEQs\ZSksQgsA.exe
C:\Users\Admin\zwwEcEQs\ZSksQgsA.exe
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VgscEUsc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LysQEMoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MOMccgkM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oIwIUsUo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YEMAQsAE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MIoswMYo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jukIUYgc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dScIQAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VaogUsUs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EwgEgMMM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MOQsQgIc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EMkUYEgo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JQAwYIUM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hEIcMEkM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BuIMMIkY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XawsIEQU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SscgEEwg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YWgAocAY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IeYccUwk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BEEUUAEM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TWYMIAEA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TOgwoYQg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oqsoIsYM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IEsQsAAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GsckEUoI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gSkkIQUw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HkUoIwoI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TYYMQEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XgIwkwUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\auEoQIws.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AeIsUAss.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WKwIcwEw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SEsAUskI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nAMcYsUY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BKwQwYMM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dioMcEEw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XyEkwwoA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eEooAgUM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kwosssco.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\egEQEkQc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AMIYgYMA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xKMsoYgI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xsEUkUME.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nccsIoYM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BssQwcsc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yKIcMkEk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WyQIoAkw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KcwMooMk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yGAkYUUM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BcEUQEgY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hOMEokIk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VsYMAQkU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MggQgkAw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oMsoYAYE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oSgMQAsY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WEQMcsQg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BYEkgYYI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bGokwcYE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dIQIIUQg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nocgUIck.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cQIcYAcc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qgEUIAMI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yosUgkYU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cOcoEgMg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lswAkcgM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DoQAUQUY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pQkkYUco.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gUwEsYwk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ImccIcoc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OIwIEgcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xWAookcM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FuYEoMEI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DGAMUgYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zqkEkYcs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iwUYQYgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyAwkEQA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iesEYwkY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xskwAccA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\haEwoMAY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jyAQskgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TocQkckk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wKQQoUMo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WmMIwAYs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YAoEwAoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fQkcIMEw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rMgogosc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VCwswgwo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RKMIYEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\imYYoUMo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kIQMkYEw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sKosoQUw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMgscgYk.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Tuckgcws.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DUYYQggI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\liIEUMYA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GeoMAMQg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\auYEsAUc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MIEAMoEY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUYogwcE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HUokQIEA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DAIkYEkc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xYwcYQkc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QAsUQkcU.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GCcEkgsE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSkUsAwg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IssIgEgc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\liwggAog.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lMUQccMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fkkMckcc.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fUcgEwwA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KiUcwIog.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wEUccscQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uuYAsIMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PcoscooA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nUsMgckQ.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\byIogYIA.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AMcEEkYw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\egYIgEoM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EaIUAAMw.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EEcwEcAE.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NCIkMgYg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bIIQUMcM.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NcIYckwI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cuwAsgwo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oagEoggo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UOMgIsAs.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rkEAEgko.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xMAkMQsI.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HqMEcIgo.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pucQsIUY.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UkkYQUIg.bat" "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock"
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.14:80 | google.com | tcp |
| GB | 142.250.200.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.200.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.200.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/5340-0-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\zwwEcEQs\ZSksQgsA.exe
| MD5 | 4b5116e4f6104d2ba35477d45f3a60c7 |
| SHA1 | f106ade3778d5a28367f501ad6f464a02400cc21 |
| SHA256 | 5d2ac25f5c98e9de67fb5bce450d882459f194619ba9978959b5072542fe8961 |
| SHA512 | d3f1c1814905b988666d5f983e8e27ac44d8dbd42944b436b93ea82de9ce5b6d4740decfbd415fc6ba69af7a908a0abe0da6d68fcda8026c5acb16ad5ff5b6a1 |
memory/888-8-0x0000000000400000-0x000000000042F000-memory.dmp
C:\ProgramData\VIMooogQ\yuwQEogk.exe
| MD5 | 7999f18f4fc6939d368c4481533c80f6 |
| SHA1 | bec729e4a25fe13c3b8150b2f2e7389511b4161b |
| SHA256 | bd567ee196f995269bcc758cff0090d9799f8aa9e4a6a98b392b67bf79d1c562 |
| SHA512 | 5b13b22959240325f56b598d951cc33320888886360804618bd61108c8d8b162cc0fe3cb9733168f6938db19a78e86705b5ed5d3fd8154243e8514d48b7d08ac |
memory/3248-14-0x0000000000400000-0x000000000042E000-memory.dmp
memory/5340-19-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5848-20-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VsEUUcMw.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2025-05-19_b1d41c804f79a9153d4fe8c6e8be4ece_elex_virlock
| MD5 | 3b125bb340a0578841a80d9da44c0c04 |
| SHA1 | ca10ceb3033fd1f92d38430f95eb86886582df97 |
| SHA256 | 966670b68b945ec745c0a4c739248b07f10799ee18c9c79d5e60789bb9a3728d |
| SHA512 | 9416a8399193ea3ea750bbee1910844be672a47266a9b7b987a4b5ec67d87701d58da8c0a740c0dabf9b61deac1ae26644cbe8d27f0efaf93ad528f5bb9fb4d1 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/5848-35-0x0000000000400000-0x0000000000439000-memory.dmp
C:\ProgramData\VIMooogQ\yuwQEogk.inf
| MD5 | 1d6f9b779b559716034b64af109a3501 |
| SHA1 | b47fc8abb56f4071066fc856a65ba1f7cd471637 |
| SHA256 | a2613e839ebca37344982f51cec2b5352420ffeb777aa05949e212d52d4c76da |
| SHA512 | 9607a822fc16b8e4bd524faf8d7a3d64fd1338bb658b088fc441f46f4a13f552f0f10b5287ed0d695041cf7f9937ff84ae207396a34fb2ded11ed00f7089df36 |
memory/4956-50-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4564-61-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\zwwEcEQs\ZSksQgsA.inf
| MD5 | be8002a08fa1e813b9721134c8cc99c2 |
| SHA1 | 6edeef7c9a948ba60b23fcdc4153069e914cbe42 |
| SHA256 | f0af2f7c7e1959894f54538b73777f46205ff0a111f5c9c0cd0bd72b654c7c2a |
| SHA512 | d823d1d1751ca79bd53412435632889652f28fd9302dd5887dcd015e377da6c248291fc5b0fc56bc49c334ec621c17466df00b2955c9edd8248440c93aefa1c9 |
memory/2748-76-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1712-87-0x0000000000400000-0x0000000000439000-memory.dmp
memory/936-102-0x0000000000400000-0x0000000000439000-memory.dmp
memory/832-104-0x0000000000400000-0x0000000000439000-memory.dmp
memory/832-114-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\zwwEcEQs\ZSksQgsA.inf
| MD5 | 90906c4b007403d6d8f215188f755120 |
| SHA1 | d956b3fcb1a184171bb99ebbed4f4a840cf7c282 |
| SHA256 | bc2d719812f57c6e885053b2bc155542c8b9fbe3533bfd14d16dd653ba3aa504 |
| SHA512 | a89b9f1992a378dc9971471cf981be6d6bc930040d43b7cab43b9136695007f7b949c8a00468f14cc3f582fc98a40cf06e24f4d703fc33c9f5bf9a27a86e3b0b |
memory/2444-119-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2444-130-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1828-145-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4936-156-0x0000000000400000-0x0000000000439000-memory.dmp
C:\ProgramData\VIMooogQ\yuwQEogk.inf
| MD5 | e0bdb4a76d9744cf0a5dd05f38183910 |
| SHA1 | fa852e95e85e2cabca5ae7e1b293606bf6eea18f |
| SHA256 | 3a98fd158e5a25362713896a46748142ce8cc59e1ed7f28f11b34f3fa0356e11 |
| SHA512 | 3d0bf10dc397b1235465ba4fbee650b4acfc8ef34b646eba53d8c187712951d1218351db98fa8776be17d3e94d1ad7b67311cbb6dbf32f5d3a4bd24a6e656273 |
memory/2060-171-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2308-186-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4560-189-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4560-198-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\zwwEcEQs\ZSksQgsA.inf
| MD5 | 4f9e51612808583d9aae83c4a0064525 |
| SHA1 | 62dc6033d97c1bbb33fdbd422d4a6f866d092d6f |
| SHA256 | 5a54a10ef3273be129dbfc5fa2bb3531c0f3d3ddf881de1c9d41194322b4c34a |
| SHA512 | 9fd3013a21cae07b77fd3c8059ba58c357d24b2f1adca53386165f7bb4dde8ce23a7635dfc498b13f15df7c1711cfcddfd6137d130d382be9d75d9de9f90003b |
memory/1384-213-0x0000000000400000-0x0000000000439000-memory.dmp
memory/6048-222-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3440-224-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3440-232-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4256-242-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1828-251-0x0000000000400000-0x0000000000439000-memory.dmp
memory/404-260-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2060-268-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5328-278-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4148-288-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3712-296-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3932-304-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1984-315-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3604-324-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4992-332-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4636-342-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1956-352-0x0000000000400000-0x0000000000439000-memory.dmp
memory/6072-360-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3400-370-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2352-379-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5200-385-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5716-389-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5200-397-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4756-404-0x0000000000400000-0x0000000000439000-memory.dmp
memory/6056-408-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4756-417-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3584-426-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1828-434-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5896-444-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5524-453-0x0000000000400000-0x0000000000439000-memory.dmp
memory/828-462-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2544-470-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3616-480-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4744-490-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4928-498-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3252-506-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5140-516-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3380-526-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5276-534-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5180-544-0x0000000000400000-0x0000000000439000-memory.dmp
memory/828-553-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2992-562-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3616-570-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3036-580-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1824-590-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3252-598-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3128-608-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1920-616-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2112-626-0x0000000000400000-0x0000000000439000-memory.dmp
memory/6128-634-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2512-644-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5624-645-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5624-654-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3888-663-0x0000000000400000-0x0000000000439000-memory.dmp
memory/404-671-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5708-681-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4872-691-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4956-699-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3912-707-0x0000000000400000-0x0000000000439000-memory.dmp
memory/652-717-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3432-727-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2164-735-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5456-745-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1112-756-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1356-755-0x0000000000400000-0x0000000000439000-memory.dmp
memory/1112-764-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3384-774-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2240-783-0x0000000000400000-0x0000000000439000-memory.dmp
memory/6088-786-0x0000000000400000-0x0000000000439000-memory.dmp
memory/888-785-0x0000000000400000-0x000000000042F000-memory.dmp
memory/3248-791-0x0000000000400000-0x000000000042E000-memory.dmp
memory/6088-795-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3488-803-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YQkQ.exe
| MD5 | b5ff75a849ca23c895d1f2c1ea60f012 |
| SHA1 | f82f02dae77c8308a755b2f9a8cf09e66e22a792 |
| SHA256 | 3ee5b6d9b29e399582afc81e74a64d8a82bf5ef8bcce0adcfd4acc2590c50acb |
| SHA512 | 5891cb2a2569ff06ab618ee9939354b1e10624b7695a6e67d44838bd647a7c686e3c117e4721a75c73843c8d552d7a7b93d43e8becaf6dd28ab3122ae2b19084 |
memory/4444-828-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5000-829-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ukMg.exe
| MD5 | 23619df00719960dccfd50f17c0476ab |
| SHA1 | 1a1de87a2b96fb057b327a368b42add25b856329 |
| SHA256 | 078b6f9c83447697699f8d5c0664b96aa086826b9e869d21d84f95136f664e58 |
| SHA512 | 744087c931e5ac624427a53b748a9ed1abf4d1277c59fffba20ecc0c83f27d00bf168b5476a150386bd1f9952cc1a1b4f0160c7d2e377849f80510adb30d6244 |
C:\Users\Admin\AppData\Local\Temp\EggU.exe
| MD5 | 5ca3e777c33e21531cba450eee7be76e |
| SHA1 | b173d34e8ff752eaa9e80a07457e14cdb2a7e131 |
| SHA256 | 48b08911984c95c02964119bf653420e9461f1573cac28e94094c18e812d1df9 |
| SHA512 | b2109cfcb66844bd014e0ff74e7b9923f3995b36b07152fc66feb7c21d00e97b1acf0dfc259977c3ffc5eb470983c354bb49f1c2451f9d882e702103bd8f5666 |
C:\Users\Admin\AppData\Local\Temp\IEcS.ico
| MD5 | 9af98ac11e0ef05c4c1b9f50e0764888 |
| SHA1 | 0b15f3f188a4d2e6daec528802f291805fad3f58 |
| SHA256 | c3d81c0590da8903a57fb655949bf75919e678a2ef9e373105737cf2c6819e62 |
| SHA512 | 35217ccd4c48a4468612dd284b8b235ec6b2b42b3148fa506d982870e397569d27fcd443c82f33b1f7f04c5a45de5bf455351425dae5788774e0654d16c9c7e1 |
C:\Users\Admin\AppData\Local\Temp\iQEs.exe
| MD5 | a580643b70d046f8dafdd8af48330f94 |
| SHA1 | 614f7a52b0374d90af253ca0d7e218c534aa71a9 |
| SHA256 | 57e7514c69df0433a9b67dd9666ce419902f103870e80a43f401069df11adf57 |
| SHA512 | 66e4bf944ac513f398cc5190ad2497d6670b64ad4d7fd7717156dd472c7fc8f662a44d347b758c1466526b2b569519b42fb1e6b2ee6827c065f3d8289174bab1 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | fde556a3b818bfdeb64cae148eec67b0 |
| SHA1 | 807cda89ac09c971fd7a2ade350f329c50f89eb4 |
| SHA256 | b012733a5b95e191f7126d4f083a081c4489731457e0b208b676e04d58ba000e |
| SHA512 | 63ce095654772e10e5eea15ee4a43dca261f1a5dd22a7714020d8f7cfd93b41738234c543d64cbce8233bd0631b4882599c8340510245525d1fd4bbde21ea7d1 |
C:\Users\Admin\AppData\Local\Temp\ocow.exe
| MD5 | afd31ffa26f861203d78fde0b0cd1c98 |
| SHA1 | e7013dc997d35f8fd9e6f50b94b5bb349ad4df15 |
| SHA256 | 76f84e1cacd2e98bbf8a58f17070794e152de990fc4e615933c01416580720e8 |
| SHA512 | 709cecaaf29fd4a53de7b6d0e0f746cf553bb81fc7423930bbb6fbd762b604e3c17cac3f3f9f61b2e277e9eb74632ac7bba190c47652394f3e2ee76a78c049be |
C:\Users\Admin\AppData\Local\Temp\Icwc.exe
| MD5 | f53451afea92c7c874c655db81a3f949 |
| SHA1 | 7c94783723066b031232846f7c847cb726459678 |
| SHA256 | 2cdea4661f78a195431c568373fcc4f5a4ebbace861c7cf7964029e2fb830a6d |
| SHA512 | 6500e8cfa3411dbe77b28304e9f5371eb59e458337f91a9230eef53953b4166faa3a8aae16434db6d9de71b952e409e0d21b4427a7c3dca246856fb710bfade4 |
C:\Users\Admin\AppData\Local\Temp\GsgA.exe
| MD5 | 60f416414fc91400fb10c33eea59f407 |
| SHA1 | a38ffb23a8421578b14d15e324c9a0b8a590ea25 |
| SHA256 | 2a29319ec2263fd366ed05f885973afa128abfa49d1a64ac8178a2c60f930d96 |
| SHA512 | 17fa7bff9a63bc1f08472fb0ecfad05a6d9251badd7acec439f1f30fd7a84a44c0f3ae61a5e9afa6a8f22802c6edb0b6a8e3bf5d77a94776f924896b6ccbe42c |
C:\Users\Admin\AppData\Local\Temp\WoYW.exe
| MD5 | 7796dc5d022897416aaf519225f78664 |
| SHA1 | dffa4477fa352da59a5fc3b0778fffc66a45d3aa |
| SHA256 | f246b097d644b078c4e0fcdb36cdbdb6bd65fbeb075843cf59f583329f75cf00 |
| SHA512 | 081814c75c9b3a04fa228fabc86558bdd1943a0a4b08fb28cb46a147fe6b8a7b626baacf112ee2a16d7ab7b9a526c721d4ef594067f1f720651bfe2a94aa5911 |
C:\Users\Admin\AppData\Local\Temp\gYkS.exe
| MD5 | 4741405b80e4001e285c6bd0f2cde10a |
| SHA1 | 22b6d37d7639c6b60bcfd6fcabda9109cefec695 |
| SHA256 | e0ae45dec8c17d77d2a5cc1ce0c94e64343904cd502d2561c2362aee12ae1b2f |
| SHA512 | 0735b7025487554a7dc42522cba751a904e2fc849ab3f810ae63d31d5fc08024801f7b4ea068627736e1cebdb4a7a2e5620a2033a4876a747f833b00276a18a7 |
C:\Users\Admin\AppData\Local\Temp\UcoY.exe
| MD5 | b1cc31fb28b491829d4bf22e6f2503bf |
| SHA1 | 0cf1916d959aa8f53f351170a6c0ae072c55fa2f |
| SHA256 | 25353d9ca26e1ff45de3350c94dbc4673fb1266b9400e475b41cea8cc8ebd17e |
| SHA512 | f2404f4aba1fd4fd46c1293f704a4e327b54108a9e7dadc76d3f00c2a3ab517aae4e8ef61b400a3a4e7a5583d8ae6a38f9765402e4eaa96fd97f982a9270aa98 |
C:\Users\Admin\AppData\Local\Temp\eMow.exe
| MD5 | 34f4418bf3c342faf2b5754371617800 |
| SHA1 | 34018b5380d2042c713bddab82b7e996e8961dd3 |
| SHA256 | 3e57fe1173eaf59587e56f4d566b3f735d40d5ff9eeb9a135599c143752dc9bc |
| SHA512 | 0ceb9e6dde69b2e5c6af2e2e28c564d6e62b4716a111981ad1a2c2c315754d9fb819875df555c9b03dc711cad5100254bd4e268b763f0e567aa4837d5f2fdc80 |
C:\Users\Admin\AppData\Local\Temp\YwYO.exe
| MD5 | cda8728d76b1baec9456f09f80e4c093 |
| SHA1 | 73f47b8ef4b8ed395cd9d4ff4d562439243e3edd |
| SHA256 | 330d9478eb9a3f2ce245a10cff5d8bc9d8a791847890dddaec17bd4cd0019814 |
| SHA512 | 508c20eccf680987c9e1f2e34072084d3fd61ec3e9392662a7ba02e42aea82b3270dd85fedc4fcfa9c290af154f43cbb85115253a470def82592a52a0f5ae805 |
C:\Users\Admin\AppData\Local\Temp\McEQ.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | 824f99e1ed48722f982efaf5714020b9 |
| SHA1 | 393a4d6c2805c28538a525043882eaa75d06c105 |
| SHA256 | 34b501ab3090bba03fdc9fb3af697e0e759c92b57e4fb738f91dfdfbff31e061 |
| SHA512 | eff9ce75a6834fabbd8fc7e65cc10be8f86938524eaae3c352defb8122f03135b7f366b48613d207b33b21e65ec616ca9b820d5ef53a02b4df84cf18db4feefb |
C:\Users\Admin\AppData\Local\Temp\sEoY.exe
| MD5 | 8b0057d5c9b013a888717c0add67e3f8 |
| SHA1 | 92d4c79ef9e194da92f5c28a124d180bf5dec1eb |
| SHA256 | e5b30ed926946871c9c9eb08cc2703061b100d67daa1d731208b51a5b4e26000 |
| SHA512 | ac278d11d691b0d732ea95837c4a40248822d3acec8570558ead10270bca30f68aabe2fe0b0624a357e74a794701c5d09ea22fd1ef8bcf934929a56d1ed1a8db |
C:\Users\Admin\AppData\Local\Temp\KUMk.exe
| MD5 | 950423a39029c9f10158647d834bad30 |
| SHA1 | 36efb44b17d7e059b89da9e561f29f5f84483d41 |
| SHA256 | 4a2546ba26217bd7822c331cb73f5f97762d7b228ff058f461273f585d1029b3 |
| SHA512 | dcb9ac9682c885e44d6b7fd3c265cf95e988c6f9b8e6295f289b7658786e3f35172e2e156b25155571ba9e16fc49c96e0587b4dc6cd5e148a996fc0297f3c616 |
C:\Users\Admin\AppData\Local\Temp\ycIi.exe
| MD5 | 0ff1f9f0c74af098de298bcd7d0ac1f2 |
| SHA1 | fcaaae234fd53d28f729dfc8c4f7c9daf69fe9a7 |
| SHA256 | 85af2f0831e442fddaa1585460c28cfb253faf2a1d14e017627ba895e45aeb62 |
| SHA512 | 9454020c562e46824fd4ec8b8c3155a7c4dccba7e873dc07cb83b653cc536986f1719c25dab2ebd3c163b1f9c7720b8b12556b3b3451da7263064e938bf2a110 |
C:\Users\Admin\AppData\Local\Temp\qMEs.exe
| MD5 | f0b7df95c93c27da7a94634aec7407fd |
| SHA1 | 6faa4dfbe987146a6b9af628419ae78c5311182e |
| SHA256 | 08942c686a22f2ed9057bbe709bef9a56c15f8833ab3449e50ea6bcb94739794 |
| SHA512 | fc76a05e16a09a9b0fdb24e221a649b8abe8b06409bfe5706ab90450019836c229ffa97a53b37302d399ae3593f01e7e55a3c7ea1ea058fe5f9d5bf0e7892c5c |
C:\Users\Admin\AppData\Local\Temp\UMcs.exe
| MD5 | 121baf84fa404a14890f6a4711788885 |
| SHA1 | df05a8b89b1b3d789a524e869d92d9d3ed3582d9 |
| SHA256 | 9d77ac0cbb44e6d543a5e49d53ef78254680f0779c76961217dfa56ceece3dc1 |
| SHA512 | 920cf2ef850afd0341257b2c11312b7555aa1e6f06fa996fa0648bf21552e90309d1cfd39da0cc145f56536246448ff25a9403cf5e072271616698c920b7d2fc |
C:\Users\Admin\AppData\Local\Temp\QoQe.exe
| MD5 | 92cd87d00ebe0014586b8fc175e0c284 |
| SHA1 | 23184dbb4148702deceabd24083931adecc5c349 |
| SHA256 | d8e05d739aa1d3ef675c134f24e1324dfb5f14196d261b2cfaf84a195b184453 |
| SHA512 | a273e2a5b18fc223b8b610bf343541b33ad6908a81b57296ffe7acccc377ed662b49062894b772570ba53b2d526f61983b9155bc57fc15ad4d8f97ec6faa442d |
C:\Users\Admin\AppData\Local\Temp\kwsg.exe
| MD5 | 6dc1eec33535950e0eda93fc6e146a77 |
| SHA1 | 3b614414aa8590e296aa3f5978402080a75e559f |
| SHA256 | b3d04201c30ac0dc84bbe04041eceb9fed4f07c8b6121d6e6d0c1ae49f009ea0 |
| SHA512 | 9589ad3c4d64c9d15f19555291f832066fb6118536da8a73884fa9d2c670f0d27ebc2b78938e8c8ed1cdd167e89cd0a2c9a9626e4496ef22f381b5c35a224b03 |
C:\Users\Admin\AppData\Local\Temp\GkYy.exe
| MD5 | a007f3e543a49ef721cbb17625be1724 |
| SHA1 | ee0f979d15103b8864e874895242791886ca1e9a |
| SHA256 | 195f4298e535f6bc6b3351b3d83af5303e13d2e9de4ea46b61cada90e00fd040 |
| SHA512 | 69d90f9f2ef10f987530ab61a5d1845c1154dac53bcf4f5dea492a2113334e64be9b78cc143bde85b834270294bbac89c9a565b252c73d66c5b0d612d5dac61d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\flapper.gif.exe
| MD5 | 7878a56a0976d9fb67033471acb8f5d0 |
| SHA1 | ed20f7d3a35a17354f2a6faaabc8761cf590eaf4 |
| SHA256 | 0cf8fb17025f78ce77954d6fff7b8bfcd100e537621956e389ccab1282000908 |
| SHA512 | ca470174d12307eff98fbf4e92bc5e4f58ed05d0ebf28e30beec789f5decc91c22f99cf4f83beb946559acfb83b8789abac327daf3866c643e6988ce6965c01a |
C:\Users\Admin\AppData\Local\Temp\gwEG.exe
| MD5 | cbe86ddb5cfe5051d91314eea7b4516f |
| SHA1 | aee5b0f5ee2f37688877e25edbbb949fc153dcd2 |
| SHA256 | 1b7996eeed7a12f7b8d7ba9e0d8bc8eb36cf2c80812345fd058fad1c93a18994 |
| SHA512 | f6342aeacf37d0da0b4e20b30eee8abf9ac84b211ff9df1d774a1f4bf76e081f1fec122818e2f9328c8952d4e6491942fa88f30087ae173b23474724bd554f56 |
C:\Users\Admin\AppData\Local\Temp\SoAe.exe
| MD5 | 08996f9e6f36eb0b2309e6772ffac1da |
| SHA1 | 2aabbb79684742c5c76db7c676a146f195abcf1c |
| SHA256 | 4d2d5525fe9c6b529a328c5876348c81ac26b55265a6b9726ac918ddfcbd6a16 |
| SHA512 | 77c9129feb8b928e5714c9f46745cc1b268c46cf82db6dc81c1f2d43747dc844351b691541b1c28e956c1ac4df3a2ad71b4747a7a34d6abc2c5d6fb838b5a2fd |
C:\Users\Admin\AppData\Local\Temp\wQEw.exe
| MD5 | bf8867ab8b379df3c428d50a952ee543 |
| SHA1 | 7c1078b96b9d731c86a006752f4c80f7002e8e8f |
| SHA256 | 4a54ee3546233f1635bb0d37ad9231d1fc8d11d192285413918f9d9e77c6b3ba |
| SHA512 | 3244c90ccdacdb484bf67ff8a7abfb18a560f2f805e4ec0c65d80aec5ca882083f051ee9ad0a1f3544588ff07ab0c6300115ac9a96043c28c422b18138255cdb |
C:\Users\Admin\AppData\Local\Temp\QIcm.exe
| MD5 | 43b0b1fb18582854727d21de48db9870 |
| SHA1 | 33fb8e02e3def38138c7bbbce5affaba704e7530 |
| SHA256 | 964885bb3da73abf15b3dc1daf234ace7910244d3ea266a40b9442ecd3d2fabe |
| SHA512 | 7a6799d42fddcff8d9d3640231bb4d9ffcb7519cae18d283fc3adf1f0aa2a27462b8b42ab99e12de4483e927b89b05eefcc95ee112e6377f585155ff1863d7e7 |
C:\Users\Admin\AppData\Local\Temp\iEUi.exe
| MD5 | 23f0390596111ed2fac1f04b66b90ab9 |
| SHA1 | d69ca6d9f3b3113fff5d0f2cafc6c69b764162d2 |
| SHA256 | dbb735bc15680f6e72e5f3c56a6f0cd2b4eb06c9a5243a11c39cdadab63cb79f |
| SHA512 | fac559112d2a976b9bc20991b05e2cb19f06785cdea813c2594ee7b2679af3898b75eef4efa8487613d645137084525830b7b0eec6c7607a72a51c8539697feb |
C:\Users\Admin\AppData\Local\Temp\iQIi.exe
| MD5 | 8a92093c1027da5224bf7b224bf45af3 |
| SHA1 | 528ed370ee3088e537e2c14bb0276f3b6f4f9004 |
| SHA256 | 69c0c9267dac13ff9a219c6cea38d01b87c3acddc2b8786828af924ba8dcc662 |
| SHA512 | 690088037695b29f9c59ac426ddb696d6dc6ec2fe13382d448bbf9b076ee19d583b50089c8be3ec16a46d0c587cbed61d70c124511cf720c63ee325001b89749 |
C:\Users\Admin\AppData\Local\Temp\YcAe.exe
| MD5 | 9afd3f16b7e13dd7c261699d7cc5805b |
| SHA1 | fe9f66899a2c608823e3184d65efb765ec304a19 |
| SHA256 | 310ada08b1d631c3f08402fc46960589f0fcf9e943f2e9730366d8dbde0764d8 |
| SHA512 | 45c085086ccda822b2d7619286098b6d53ef17c73a621a914b61a7744da328a45a249966581bef257c5f2ae369fd9f91448c127be0d9bb8f64666a0022a84629 |
C:\Users\Admin\AppData\Local\Temp\EMEm.exe
| MD5 | 3850cef7e9e9a0e08c6c89805a5b2b1a |
| SHA1 | 131c3784d7c97bc4b1374b37a6a810c5754383c5 |
| SHA256 | 137c749c18670ce7a8e6db0bb34c5de7f2b8d0c706b3e0d63e9737462faf68d4 |
| SHA512 | 8d6890e59db575838fff5270b2a5ebe905e56130d97b662367186e6784e3bff27bd9d4d40f592989c3b6bcd27d104677dc74fc00b615097c29599c5914703f34 |
C:\Users\Admin\AppData\Local\Temp\sYoy.exe
| MD5 | 5741653e5a94e9c5160d5b79d8eb45d7 |
| SHA1 | b08a4069afd51ffcc2deb17c27889989e6d8f35b |
| SHA256 | 75ed420f176eb3b9bb73964113c82b25e68b8d2dd5a182f8f22bbc85a0afae42 |
| SHA512 | 5c249b98327fe70704f6e64a0117655f53aff5c3dac7800b15799f57b3c350db82afc89cb49147372ad769e0546de92f7c3aecf4a58a7faeb55e2879125efc71 |
C:\Users\Admin\AppData\Local\Temp\SQco.exe
| MD5 | ebfa746b1faadc21844a4c8181bedb05 |
| SHA1 | 8bf378c88c137ab102cca251d2b848096698a69f |
| SHA256 | ec09d4434f6df0b80cceb3301831d63bec21a497a6455891318c986740a5b970 |
| SHA512 | d0126e595d7266ed190442afdc4896f2327bff228db14d300bfd35c80089bc76a969a253de4d4d194d412edcaafe50b4205733cdb4d9d7c00b9d9a8bf4775c78 |
C:\Users\Admin\AppData\Local\Temp\yIEu.exe
| MD5 | 6a9f4aa53326baa4c6a6fde030230e40 |
| SHA1 | d952f79a17492df75bd9af8a192df9c192c231d7 |
| SHA256 | dd67aaa5c6d6594ecbeb0ec7f68dd690527aa990a5a2161a952a8b2923f3f105 |
| SHA512 | 75684613d849d1879ff67228f4c5576475d13180e436f57d9f4df08479ec4ac07ba3bc7c11ced422abee4e5948d4ff0c07b5c6fe7f4f00e54e734e1593c0c2dc |
C:\Users\Admin\AppData\Local\Temp\MAMc.exe
| MD5 | 3daffbb63e4b31da0461a592c99b3438 |
| SHA1 | 0b7a332001da6d7062fed86e4d5a8a7f89f1f86c |
| SHA256 | 2f766a1e2aa356f766d7205c903e599ae2c68d3644318e16097bf127996861d1 |
| SHA512 | ba357cb504f40661aa4ea0a233c187dcf35d8057007a05ecabcef0354a36a74e98561de516d130a7d76694522e68fc1b8e6ae5a173d4e57e4cd925bd7175e237 |
C:\Users\Admin\AppData\Local\Temp\MEIy.exe
| MD5 | c040de4cebd033787723d639d80a6ea6 |
| SHA1 | 03559b31a4ee7cac051d780631a49efa1639a201 |
| SHA256 | 6d2b8577591da9f6362ccd037a4a4c054ac03365ca8874a0be564371d3e4143c |
| SHA512 | c31c69669ba544dbd5877a5f7fccbce6fb6cda0e9c14912822b2f08a65df3734a1f88cae4f2a60e5a2bbc809fe67c659212aeb5545de263e0f88c43776cd3769 |
C:\Users\Admin\AppData\Local\Temp\qAwc.exe
| MD5 | 90ada17a279c6d641f2dbfabf537cbf8 |
| SHA1 | fc32f113ed67b0d544133b527e16ee343a464fcc |
| SHA256 | 896b56a6785964c6b564c99d9012c6925a2850603630f2f0ad358fb905742892 |
| SHA512 | 95b64da5a23acb271c5d1d5fcaadda1d2357c6a4515a3e458e090595f11537631dd3e3a82240248742e19424e09221b30035ccb15d7342535afb856512b4717a |
C:\Users\Admin\AppData\Local\Temp\sQkq.exe
| MD5 | 2038fbe1cb58e32f730c8ede862e4b7a |
| SHA1 | 6affd3a073fdff5a4933605e0bdb95f3ee513b6e |
| SHA256 | b423c9a95f1c6e620101c44b47038aea738c9e6ac1eff5976064a80405462c73 |
| SHA512 | 0708cac249c59376f14f6e36b74f390a3a236296c2c1e169e119e834d6129990870382b83f43839447370645e9a055fd14f459228bfc051a654fb63d469532cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\256.png.exe
| MD5 | 200480e8ee2549ffb3cf0af83c744b94 |
| SHA1 | 5be33fdd4618bce5ab6b0b5d0c1d2dd191a4b193 |
| SHA256 | 224a90107dfe06c7b3f6ee5ee54403e2b7089db8a64c870e753e32e074eee8ae |
| SHA512 | 5a0c2cd95c355f980d1b03ee14e046c6d61913789be45dda4580c9a6e838475189ef33df920507fe11b55aebf841d8da1fadcaa2863c7c8be2bc721a438c1f0c |
C:\Users\Admin\AppData\Local\Temp\UcIG.exe
| MD5 | 66fb1f6ce20af59098dc080ebeeac64a |
| SHA1 | b2fa380a7f4569690eb55d6ccf9189a843630ca7 |
| SHA256 | 28a3bfd382fcbdf5773bd5eaa97ceb4b7161be3441549ff5931f2f8c5d5ba2b3 |
| SHA512 | bc466741c868ab9cfdf1abe0f78fd87d137714247b2f1ba40ce7bb4cd54602f03da50ad6fa6ba9661615dc394111005ac12f386b1340027f53f8925595a4bb7f |
C:\Users\Admin\AppData\Local\Temp\QgQW.exe
| MD5 | 15474eb52d1d06c586231c44f361b958 |
| SHA1 | 46c5d9b5676f3a81a51733281c8f90005a6ad906 |
| SHA256 | d58b1c199b9b34aa7fa87cc9b616800023ba8d63151f623d0bfd35fa8ff38d88 |
| SHA512 | 048b65d778e828295239ff3241c59f8d95d2247779a02078ae6bbc2a8674e9ba80e438a2500fa3dd5589c87a544fe780b65781b36835ff89af32f6cca3780e47 |
C:\Users\Admin\AppData\Local\Temp\aIkI.exe
| MD5 | 67f0e2b9f395536eb6437b964db22f1d |
| SHA1 | ac56dfb5caa999dd459c08740863fab1ecd13d95 |
| SHA256 | 83c195f6230af5d14653cd27215178b5ae75532b6e03dc67c0cb0fb437180fda |
| SHA512 | 6a7c086bdd01f3b24fcf7d8e1d38a6c1fcc59d0b0447f4324afd02af0a6b93bc75f4c176dd947c7a47723a757850d9271bd8d1922f7e6e9b632142b001d3368e |
C:\Users\Admin\AppData\Local\Temp\IEkU.exe
| MD5 | 667ffcbc6d94f82696f1b43b5b20a2e0 |
| SHA1 | 9f7b7fe6eb509e4398c8143e65e2563be76ed5ef |
| SHA256 | b0c687095c5cca766798faa84001a81aec1ebcf872c4629ce862ec7ca7382695 |
| SHA512 | 649d7f39648db8b636ce1df578f17e04044b17bd5f5ace940e07c5ad15bf5cf4a9a304381086ea04530ad4afbec66e9190437570dc6607cc43da61cf0c4af801 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png.exe
| MD5 | af72ae60144628af57d9404ef5fb7df6 |
| SHA1 | 89fff7fb9835bf98ecba5fc8cad4ad25ed3cf5df |
| SHA256 | f02b907872236beb530c7f1044b4ef32b136231713055183f50fa27f3c6279c7 |
| SHA512 | 27807c2d3b295ea9ae672f815b8f0ed0a433c11bd2efe4222c2edb4a080c6bcd98a5dbdfc8f67c6042b01efc17d0d6346161b0d95020039c8e1b9aa9172b6fc1 |
C:\Users\Admin\AppData\Local\Temp\osce.exe
| MD5 | 41c097a7adab0e786fead3e49efa6583 |
| SHA1 | 4f65beaaa1cdd6d978eee58955173f1df262ff05 |
| SHA256 | 2e3f91f1963b51c89facfa6699bcee2015f017fe5181d2f10ccf1520e6ee25f6 |
| SHA512 | 6292dd6101375ca121830e3410fe888911f0502f5c152bded3cdb74c776369309bc6a276a586a81ce72d26f7b7ecde40768b8ac0c7573cace1b42c1a4824f5a0 |
C:\Users\Admin\AppData\Local\Temp\AQky.exe
| MD5 | d52f60f8dc3b9b570edc4b41cd8e4611 |
| SHA1 | 0f01fbc55715185810c9cbc7589035d56496fd5b |
| SHA256 | 96cdfa0439faaf5917df04e7cb78064b0f61d350d0f8679047b882e40c575c97 |
| SHA512 | 9a3d78dd7fa9a4c46b27e4a6dd5d6ed842d88628e3a6999a41a417f910702ad1b0ae7461538d7adf64fb6ee1b2d122ed02f9ff27ec1bd62ae3b59f3ee4487a6c |
C:\Users\Admin\AppData\Local\Temp\YoQY.exe
| MD5 | 44b2efca7171aa96ea8ac58f63fabe20 |
| SHA1 | 22ac95a9fe935d5968dd5136238e2c8516010c0a |
| SHA256 | ab9ba2c297f56ae8b65a4ffb084b014da6cf5fc2b0a6a8ecc02686b10efd2c0f |
| SHA512 | 33d2c48c839667fe5cd4d4351554da2bac1ff1aba3789cf363fa81205a04233e604099979136cc36fcc62da1376de4a29d1a71069f698830b4f1d02640c106a9 |
C:\Users\Admin\AppData\Local\Temp\IokY.exe
| MD5 | de16f0ef7d63c11a87f3d86faf5527a0 |
| SHA1 | 7f9556cd39ea09b0457a4b6daaced7ede7651796 |
| SHA256 | 974cf44b37a5d8b71201a3de1a6436df733736802cc1888e40ab53fef31f57ae |
| SHA512 | 6d429d19c5d88e1ba1e3c9f7a07992a0d9743da7ca67ba62413f14dc8f0706657f4978f638bc50f29711321bdf3eaf57ccb11c2b4ad6284804ba8e0efb1c65e0 |
C:\Users\Admin\AppData\Local\Temp\YQUc.exe
| MD5 | bf555b1da5686e04863a2cdd0c4fbcd4 |
| SHA1 | 07ef5a2ef056e4bd49a6b65e027662f6d6217778 |
| SHA256 | 7900fa0266c080e4426fd7fb92563a6b3004297e6041436479095c8b9662f6a1 |
| SHA512 | cbd0b6556503046977fe11558634fb42fb5e9af2674f441012e1dc603dc51037308016915ee0b25f005ab526bb5554cd67a2d29f8b5017af7c2a54d0dede48f6 |
C:\Users\Admin\AppData\Local\Temp\GwQO.exe
| MD5 | ea4ef97a193bae202039a8acf0baf085 |
| SHA1 | 7184f1290aa2d966da2bfb63d2121622ec550da9 |
| SHA256 | 9f8217c54cbe0aed3c3bada3453f8d83c08709e97f257065931fc5766df3d2bc |
| SHA512 | f52f539cff702a4577c128dc80b852ed4440aec06cf02072dcac297c0649325657b3fcbb7956b4d13916c8ece0860a5f8b151b2de789cdd98971bf6d7853fd2b |
C:\Users\Admin\AppData\Local\Temp\yMEi.exe
| MD5 | eb568f8b7e2a1765da905ca0b69142a9 |
| SHA1 | aa409a6c3ea5c1c0cd0934f122864051ab904a5f |
| SHA256 | 8cb2f4b7f87a5b7e506fe8f2cb0fd5076184c480aaf346a3df782fbb17b5b56d |
| SHA512 | 5279801ab27e9b45ae427d58d05fdef2b6bf08ba2a22c4e7567c33a5a2f1c8a0d3839372b81163c1319b4e88a61909a1ab0aeefab9296265ae8493bc712a57a8 |
C:\Users\Admin\AppData\Local\Temp\wgUo.exe
| MD5 | e782f9e933ac897d5b994b76adabf9c1 |
| SHA1 | b89cfc094727992dec1538b68d7265a3692633bc |
| SHA256 | e1ccafaa8d943ef2727bed48ef15dcf58902a410a44838e4bed75528a537e22b |
| SHA512 | 61ba709373b07d2e342a440dc76a3767729062d3c9d715693db1677041016decab09a7f16ee552dd3d65e54b8ae160a079b080161a3d303eb4cea1d532af2f92 |
C:\Users\Admin\AppData\Local\Temp\WUgo.exe
| MD5 | 93cd663230e428427b076c79759728cb |
| SHA1 | 5370edd614cbd85d110ae3f57bf40f93b3744c09 |
| SHA256 | d52b8e82a242eb0a9a59025dc27893474c4c876393f9a3f8a55e5cff5660cbf0 |
| SHA512 | e2a7b766904c820ccfa247547d99fcd6107cab079530f38e48dc7c45ca2ed72d4189710432f4920f5414339c083997eaa509137f977a532dcbf506e02cb1dbf5 |
C:\Users\Admin\AppData\Local\Temp\gsEq.exe
| MD5 | 0b736f0e44afcd8c90d769af4279402c |
| SHA1 | e67dd5048b62f147f6cc13585cf0f9bae95945f4 |
| SHA256 | 9f7ab0fdc9455978bc6bf40544cf526c864c327e9083febcb0859aee7a801d8e |
| SHA512 | 3e2b8b300c66e64f708f1986dff725fc3d7d139e8ef02b31c2b5dfa68e15cd0ebbc4d9e37e2a18da390f4df80968741564c9cf39a7cb6b16634a9f37743573d3 |
C:\Users\Admin\AppData\Local\Temp\WIQo.exe
| MD5 | 7f314055b0efe0c6656f2f214954ccd3 |
| SHA1 | 783101cf58040b131273c0d10abad8409ff75699 |
| SHA256 | 7802326971c3cd8863b40e17f04ee5b6d339d946d85437ae032db2a8d9655b7c |
| SHA512 | b67e9e38b1163ffbddfc68149fc460782f194a9c17dd5c632aa1771b30d5d0fb0fc237e499ff804bd1074e424e0442b9b2f4f6098316f3117e318afc0d4b4709 |
C:\Users\Admin\AppData\Local\Temp\cAIi.exe
| MD5 | 4764cd78d8cc86f093919e219daf214b |
| SHA1 | b5e074110e23fa098568246e913792fc8aa1a11e |
| SHA256 | 4566d4d2963b32cddf29148dbf012381d8633af4a4c70031f91a05a1c2dea06a |
| SHA512 | 404b6ad252d3556a6f43d9ed2c4142b0c0e2bc483bd1d55755ad2449c4d8675ef2b38c4f6e4aff17a83bcb0715f3939d438c04a527d368221a531afce04eab54 |
C:\Users\Admin\AppData\Local\Temp\wMQM.exe
| MD5 | 33070b88ec7624f4c0a14841b929925b |
| SHA1 | c1d53588ad2cc54f49481b9a80786fe17619b550 |
| SHA256 | a3e8f72f1a223a74b2ebe3f6f324851217eca4a68ce35121f51f2ed59a5f27fc |
| SHA512 | 55ae8095932ce9cd3cb6605dc383874f70133f4f05b0e6c26b64b1ff902cc7c9836d3cc87e3d51a0a45682173fcfc875abde7c247ff7f922ebe17c49b1e82d15 |
C:\Users\Admin\AppData\Local\Temp\MgQc.exe
| MD5 | dea81cfd20b22c97d5a216f5162d4135 |
| SHA1 | 71beb8ab01a7893e413bc94bd644acdeb1184210 |
| SHA256 | 5a662f46a6b707af748f6592b0c9af9cc91129605dac0f3dd6b87fdcea723438 |
| SHA512 | 91fd7313a5837db9ef3a07135945871916f9d9eaaa45e0f0d3579a7e5dd05318a5de0a8de3391f69b5055ff6bd9dd8db00063b647fe0b6dd0b53140cbfc4ea86 |
C:\Users\Admin\AppData\Local\Temp\Oggk.exe
| MD5 | dacd968e01181b9dad7702ca7468c9d5 |
| SHA1 | 396dada4327203644d049d5c79ae888f0ea28309 |
| SHA256 | c06fe2816901ff83af1e0ec2c199208dea85cc04907fc1410e24f3b1b2d4605b |
| SHA512 | 6825279fbbbc3cfe293d25d641f38461267b349bb1bd96c0f2bd893faea2c7aff7216e992507adcce4224e479cbb1d25b488be2132a7c84a14faedb0e731109b |
C:\Users\Admin\AppData\Local\Temp\gIcw.exe
| MD5 | 74f6779aa1e63940764adb6c499c12f5 |
| SHA1 | 09d2c91a8e30a2fa6137296ac671df1bd167d48d |
| SHA256 | ce7d822968eb18a6a7d443bc31944e0307ad8ee4adac77c61591d8da01a2b802 |
| SHA512 | 941ac6317f3a768cf35711cf21300cddf55155d58e82a4c12e6ca8699f3a8647508da7635cfe3f0e1a6549cdbb4be6a221e71e5d37602a0315348144f56e3352 |
C:\Users\Admin\AppData\Local\Temp\EIcy.exe
| MD5 | cce3597acc046c4bae927df6b383f002 |
| SHA1 | 79b2a02002417cc2026e3bdc8320cd8acaf0102e |
| SHA256 | 2dc6c2433481595dfd30c7a45465b9034d2685d2ad11a5d224eba32cdddf3d78 |
| SHA512 | f651d0739ef8f96648aa0430c9f4770361a8f35e0d287ee97331f08c2c5f90752b3537a6da259d65472ea943640ab9cd18d9d4ea8b84941a85a900419b64bfbb |
C:\Users\Admin\AppData\Local\Temp\SUQq.exe
| MD5 | 883bcb4d695db2a1be09415c9c15c68f |
| SHA1 | 97bfdc423ff9a4ed1b0727b2e2a991a0c8ff939b |
| SHA256 | 7b643a2b7151d888ba24a4228016375ec79c077706e10cea5367be0e7d409ffd |
| SHA512 | 24a1ed58ae3e5fec9cba5a75275a91cc089648a68f10e5f2187df406134f0c8f7353bd9df1feb4771730f26c87ddf053ec3b26d9bd298435f039bcc10a3c8780 |
C:\Users\Admin\AppData\Local\Temp\OQUY.exe
| MD5 | 98b960cb004788cbc06d0b9dd4a5ef39 |
| SHA1 | 0a14748d3724a4814347a0a6225cdfc7bd95a446 |
| SHA256 | 4e0b57c2032270cccf651a340b787434aabad0ea5d1c7727e5ba6fcce9b59c87 |
| SHA512 | cacb86082f91bc2f9cd8d74532112320bc8fdbf894ed1221c84e691da8ce16d12142abd408fd341ebe614f74f312fe967a28fd7e34be700ae5b3d439b83b6d4d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.png.exe
| MD5 | 45c5a1ec9ba32e345d0a7f2cfa01e3d7 |
| SHA1 | 9e3c721a27b83d0497fbd770766d884048a3e39e |
| SHA256 | 8b2eab0dcd823e4821bf412cfe11f149b43ec1b4f078aadbcebcfa3e00dacfb1 |
| SHA512 | 26403355b72a832eec1f39e396dd797f4f242db16360e0b0605713129d541c238a84f9e331ad8ea78b5f96ef9227a88251824d6cbd20060ab343cb937de7dc4a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ElevatedAppBlue.png.exe
| MD5 | 4c66afbbe4c9762ed9108ebe9f3ad61f |
| SHA1 | 5829273bafba691a0d398a0388a24c68bfd85221 |
| SHA256 | 499d5815d21e71e930b352fe9416d99fd62d20007889f89ab0e9187f309175c8 |
| SHA512 | 9a3ae4dd133ca21ccd1177e37f2f060803fc56786c4cb9724a420b2786f814fc0154e8bcd73fc9941191b12127dae4788470d5731550daf7ee629a9f80afec4c |
C:\Users\Admin\AppData\Local\Temp\ccQu.exe
| MD5 | 6e072fa91c8b6b0121797cfb8a751df8 |
| SHA1 | 2709dacf30f011f68b90c0f3db7d554f039a94e2 |
| SHA256 | e171accdb9c83efd169db17543e400943fc06d8608a8f70d7717351008aae7b3 |
| SHA512 | b2f209e88440f3264b296d4def6945d50dffdc2403732986c66f4eedb0162c780228208028a1ec46658547ba80664afb2141962b0fbeeadf5caed8959a054551 |
C:\Users\Admin\AppData\Local\Temp\WcQw.exe
| MD5 | ef510849579b78ee3d01b300bd089bd1 |
| SHA1 | bf0bdd558a978fce25805737b8fe2b272dd72209 |
| SHA256 | 3fd4df4409b25a67b92b3cad868b5bf4df0fa01c54864ccf857cfe09aec23fc1 |
| SHA512 | caafe9cff7a7bfcab5b46042aa5f2dcb635eeef3124cac237d23e6e896d32f712fabf5009d2503eea6386244928d457e7ccb597d885a1679082a393e952a7407 |
C:\Users\Admin\AppData\Local\Temp\aIcc.exe
| MD5 | dadec8166021ae6ad9539943aaf18ed3 |
| SHA1 | 90a13cf924027b6c7b489290874fe45c3e9230a5 |
| SHA256 | 358630df6c8acc0b3d1c8b9338869a37eac1cda7795417f1b4f70f80137947a5 |
| SHA512 | c434936869e547c6dd24237b2eb488a9c74efbacafffca4ba77b2c1e125ad871657ed9b3bb380a033ccd64e955de722d4a7b5cad180d8a05a28ab81e69759a0f |
C:\Users\Admin\AppData\Local\Temp\KQMQ.exe
| MD5 | a8c6312fb98b447fefc25a49d67f1be1 |
| SHA1 | 215e67049e7349b07b33abed0ef092a952b8a899 |
| SHA256 | 0c1d1402eab906f80db11c53e434e043a71354cf0ecf5166e27b228eb4d5e6c7 |
| SHA512 | a98196012b30a43d381939708d996138652c55a322f7c187c8b15ce0b5b316b3fb94cf1b12afba537a47be53e0f5727b715f20e1d417b144b4522756c6a4726b |
C:\Users\Admin\AppData\Local\Temp\KEke.exe
| MD5 | 6506f8badd04276454489f5ee25b9957 |
| SHA1 | 5c3eddc094a28d1f5329ab146d744f6783b0b0a2 |
| SHA256 | 57ff51c40dfdbef1fa7b1a778393283d965f59d2c4c1ae78be863108c49a4c33 |
| SHA512 | 568b96871728923387c9db766d8952d3b78c53b7305cc428a76a38c5294d2e182dea09b5f3f50c442cd0bc14303b0dbe45a64630bb732d328929fdcaf5d8e2a1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveLogo.png.exe
| MD5 | 6e7f24c57c483ab170d84b800ff73acc |
| SHA1 | c5585f4091845448947b3a040a342c3907b6e0d3 |
| SHA256 | bac1d1f8cb90106c9bdf9fcd484e3bf8cbea0f02a70c37ccda8a494488d41c49 |
| SHA512 | 3df6219e498b1303269779632918ea364ef7b8e7b6cee6c1cefc89d40458a30cee6338c702668a110dd360aaed11c9138eb4581a34fd36edf25ceb4879c36b34 |
C:\Users\Admin\AppData\Local\Temp\EkoY.exe
| MD5 | 79e232194dbe0c942999304135e3d2cb |
| SHA1 | ef6e29cbd41ecac7dfd8d41e03abc980def4e514 |
| SHA256 | c661ffb062c8de6b1142618eb67e082569aa1e0bb262618fa666a6917700c0d1 |
| SHA512 | 7b3a37427f394fadb0f24ef0be471c4d06af587982d6e756c1c38a07c175f727565027de0b5f89cdc5fe37cec8c12f6fac43b488a146f493d62f31af866d8a54 |
C:\Users\Admin\AppData\Local\Temp\eMEo.exe
| MD5 | b188299235c0040e1da29ef6c3065b71 |
| SHA1 | 404b2085d6f0f48f872b676cb3e1bb3430489c86 |
| SHA256 | 190621b271ac19437d477f769a27c7d1ecf777be1e33dd9b6a2d352f99ab6ad1 |
| SHA512 | eb5a06e808706ac03b0e99f0dbe081490d1753b58bdcb832f98e7872b66c6b92836a2d5985acd13c55ab187ec56c0d47a3e3a558ae216cad0912e4282e1449e5 |
C:\Users\Admin\AppData\Local\Temp\KEEc.exe
| MD5 | ed170ef89b24a24ee82aa530fdb4e882 |
| SHA1 | dc6d2082fd3802441d6c1b8318dce979e26010fe |
| SHA256 | f73aec40d49bed2c23b2eb4207d4a6e08b282606d0def8d057dfe2ee39447cdb |
| SHA512 | 95305a2f3c27d23ef8a56113718ccc8ac722fb35bfe227e45955ca34c5ffaaf0fdc61a62ff1f8fb2ea82fd9b3cdaf9c72b2c3dc98223ece8167c7d518dc90f90 |
C:\Users\Admin\AppData\Local\Temp\kAQu.exe
| MD5 | 1deafb3a02480ab45db0b0cb6a5743cf |
| SHA1 | f68783dab18089a0ee7df6b7c6581c00cbc4fe6c |
| SHA256 | 3776fd0a0448980a29211facf26841f738f232c03fde97c51a0b4a42f9b080a8 |
| SHA512 | 1f07c2c87097c6ef805c82308918724f197c1cfe6f0f764f722f12b32a20b6706c4391f0449dd2753c17dafb0a36a0cd3b5d35ac13cf4a3f962d09fbf5687af7 |
C:\Users\Admin\AppData\Local\Temp\SokQ.exe
| MD5 | 84ab4099e0d495afd1b43ceb387f85a0 |
| SHA1 | 7086f391d2bf8e063cfee0e8f24fab920d08eaaf |
| SHA256 | 3a64a337c71be11d492299fc7efe15eeb18b42b6e77b37e87dfa81afbf46bb90 |
| SHA512 | c2cc0e59fee31298911e7675b932ce7051ce945b576aa571d80d4e1e4e517dbb2d4a9443b70e40b6718fd01ef66f16cf09e0f99537ca86c52c35341a3fc418dc |
C:\Users\Admin\AppData\Local\Temp\OwQG.exe
| MD5 | df23204efa5a4ad4c41f4e20c46c2d75 |
| SHA1 | 47acf510b045039fc81e86471637b41bb6b375bf |
| SHA256 | 9b4ecf5f516afee9097a1255c2b3dbe3a7f7e93b218608f6301db9534c85f7cd |
| SHA512 | 9cec6f49e8a22d2469465be735c0eeac63ed6fd8437dc47ec0ade638b27c01c575c98c3452721cdb4ebc7cae293a6ac5511d582de5ec45867f31c79cb97501a9 |
C:\Users\Admin\AppData\Local\Temp\QkYE.exe
| MD5 | 705af69711f6cc228f92ed87d7b3100d |
| SHA1 | 0961f3f74e129e214c554653c280ce83c24808bf |
| SHA256 | ea4a615c6635cd473e7a7f41bc2baff3f622186c5f27dee733301e5500740167 |
| SHA512 | 4cbd08116e84b6638facd602505187116ae9b6d9f768e618160600cb069019305b25cceb6a1bc42a6122df3bcbbb3e7767b2fb91da9ae328d15ec2bbed44629d |
C:\Users\Admin\AppData\Local\Temp\wIsA.exe
| MD5 | c69c4780861c2bb9ecad857e2855b157 |
| SHA1 | 672379e54aafecdcf913d315ab3acca53c8214c2 |
| SHA256 | 21d6fba8d2d71b5b7620ac44004402e9665df175826a2938c6b7835fabb046d7 |
| SHA512 | 2da6e5e875830da06fe2e2eca9af33d6d794773ac818e10a99885b160559e6c68c687e31e5b6a19efea504d4edff1ce7e05ee08fe7a8beb1091f3fa563189eed |
C:\Users\Admin\AppData\Local\Temp\sUAQ.exe
| MD5 | 8ccec0ed9e683594ee6c8d62e143c1ae |
| SHA1 | 96ca26398ec6d6a2367989bddd2d12a771f2c170 |
| SHA256 | c52652ec566722dd7b511b73d9304ed398104587e695858c2a1771823b86253e |
| SHA512 | 5eaf0aeeac9142825d8d8a9184d59bd49f88121300565c8c15908b93314fbf2145092b3fc2b0f8e3475fbe2c60fad9c4b9605792f84f31b64ac39a27731ad807 |
C:\Users\Admin\AppData\Local\Temp\wcka.exe
| MD5 | 0366db1ea7a7165a73b0d5781242d2ef |
| SHA1 | dedb16604fbd1475732ae95f9a1fcbf5673b5b2a |
| SHA256 | c9bfb2e861002c02701cf35e96376d0dd714875539f61497a772b37b992a7f68 |
| SHA512 | 6774a97f7316ba52fedcd342434c790ef69908f056cf7fc78f955dd1e57392a5cf893a046fa56bed7692733171ac5becd567263624511638126a465de6c98cac |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-400.png.exe
| MD5 | 819e3606d189db1f53561d98d50a3b49 |
| SHA1 | 81b29d6344857d9a4b9ad6e77489a9f9ffe07ed0 |
| SHA256 | 8dc501c0842d117e126f1acf1776fea7956edf0066e83b3e4f2597c0667529df |
| SHA512 | 5871440f9ab6fc35fd6c26c4e5315c59c4e66dff7cc510841f1479b3075e3f1335ac0353a846b0c4a98a1ea24bbcd7bfc8b883fc8ee7754394c2e877f6c9b7c5 |
C:\Users\Admin\AppData\Local\Temp\KkEU.exe
| MD5 | 4e1a37604e7634b435843e32ff96736a |
| SHA1 | 23942fec233849261883a2f0dd2f17b1512081b2 |
| SHA256 | 6ae73f33790d0c3ab3818aa0f672b202b6b3eda22b26f68fe7f040dfe499257e |
| SHA512 | 23c1227d399e38f381d482596182ad2806f6030b020b5d8e484acfe5113de2f3e195b37e3cd97fb03879cae10baf8814c23f6a983ac3032ed8e6845a48d210b9 |
C:\Users\Admin\AppData\Local\Temp\QIgU.exe
| MD5 | 12e83c9d44f0d0904f59e9763a9cbb37 |
| SHA1 | 9f17fed3cc0e253a5d1a4f4466e49003207d83fb |
| SHA256 | ee90ccc430353e4c233537332e0edce8880b40a624943b0e04023bec0db9924c |
| SHA512 | ba558676a60e4591aa173a169c44628d95b1d165dde846fa7863fb048e934bd1e0d721be1b5c657b23a1ad2186a5913421d78059e0bc1664a9533231b0ab2099 |
C:\Users\Admin\AppData\Local\Temp\mcUS.exe
| MD5 | 366997e5d0f714a47bf4d09103dc5721 |
| SHA1 | 79fe06c52308e08374edbb2979ebf70035ad4025 |
| SHA256 | 36336c17cf88eca427589dbf81c6efe766140c14c53a84bed9145d8ec56a24f6 |
| SHA512 | 92bc8685b05e942170ace8503acaddac4d10f06845dc20ccf08405260a68c59c1bcc446c194279888d892436e50e9efc7ac5039a754712d729270762ddb61295 |
C:\Users\Admin\AppData\Local\Temp\eUUs.exe
| MD5 | 43bf3201ba0149c1a254d8452c4b4d4d |
| SHA1 | c70734e8e879e267754abb67a4e0540dcf93bfdb |
| SHA256 | bc1f3b3228dbd0cee0db17d83b419da4aa3bb946867e348f23d1723dbef394f0 |
| SHA512 | 4b8a945ca486708bfae752c5cac7a7cc1a08f204307f1683ceb283665f8962b6bc52d5f05c131888e015d02d91b7cff7df4943efaa2a75a4f659db65f233bed4 |
C:\Users\Admin\AppData\Local\Temp\Mcwe.exe
| MD5 | 7924173f78dddfcdb3dcb3be705b2a8f |
| SHA1 | df34d784eb5c9ce35e8a9ed85a189736838edf59 |
| SHA256 | b5e043b90ed5119867aeeaf3fb2e7f5efbb9c46ca08b21c0a6df3c6396cbc355 |
| SHA512 | b6345165a63c60a5adaea35a7285cbcc9701bceca4c616ff66deac7b931012e4399bc560be7f46bbda964700afdd86a516d08e167ba7e6e64c2bc8be1cd9a027 |
C:\Users\Admin\AppData\Local\Temp\UMIw.exe
| MD5 | 7d9886da1ed409f7c86dd6b7d6b55a6c |
| SHA1 | e968c6b5e1741c9f6dbc39563c6bdc8b85ca4597 |
| SHA256 | 256174be229d46f89d3195a9faef295b35c97ad29ce2c80375bf00a64cdf1da7 |
| SHA512 | 30db73e24481cecad9f56701b1b5d6e14f8e8a3499e089950524f1070db9aad57aced8617a26af8c5cafb02ba5e38e49a2bc99d61040d9cae3194ec5c601b900 |
C:\Users\Admin\AppData\Local\Temp\uMkw.exe
| MD5 | adbe837ce98f4e56cb1546bd80605370 |
| SHA1 | 5b596f2d8c694f3f0e634202975337831ac2245c |
| SHA256 | 1f363c82514646bbf0261b520ae04b6678974582656f19c8222186e7a7a8115c |
| SHA512 | b484cb9fa17b1515bb0e4d510cc16d92a3e6c91fa4dc09187b0515d884a0fe89722ca7bd6e07666c051ed606e1f00c48fcbd1ab53f8b65bbb75d0b1aa126e91e |
C:\Users\Admin\AppData\Local\Temp\osQg.exe
| MD5 | fcd19426189f24b5139cc06c0b9e8269 |
| SHA1 | 727865c4e97f4c6ad4e306472d70255eb1c1034b |
| SHA256 | 029a14c07ffca15dbc850ea48776eb0acb142d091a76c0b54d8ea26e8b73baa4 |
| SHA512 | bebf8cc78e2688882173d5480182228f9d6f03709dc36bba477d1dacae6f7ea35b8d5d93434f77b2317ff525db84bbdd7da52fcc113de9fc65c70aebfa4b4702 |
C:\Users\Admin\AppData\Local\Temp\oYkS.exe
| MD5 | 16550237782a318e24a68eb0354eb27a |
| SHA1 | 662cbb7740444d3d00633ebe14ddf3f48768385d |
| SHA256 | b92093a3b75342c08f8c8c65fba8cf4238b010683f910972edfe220cb1363621 |
| SHA512 | d339532da7637765a93207800dada64a1f09f445145d69fe004e2ceb88ea6bc84b98f1ff98072f96bab25fd4adfe6d2f6c9d002bdec1c799460652dbc499eeac |
C:\Users\Admin\AppData\Local\Temp\kIIk.exe
| MD5 | 90c94920fd5c215a0181bb7183ee7140 |
| SHA1 | f5c3d6fe35e70d154fb5c8acc9c40182f1e642ad |
| SHA256 | 6b2bc7aa768469763cea7a1080e9e3ef030ef061d9a12fce93f590902743b668 |
| SHA512 | 0b69d1841e3fc68c659165b2624775e980c1db595380c010005b01dae9a6fae83986a0d18c07c738ac85842b8352f897ffb95851a8eeba81c6d35044484e29fe |
C:\Users\Admin\AppData\Local\Temp\GgAS.exe
| MD5 | d2db74b8e2a7748b4920de9200547e0c |
| SHA1 | e4628913e49e5af07ec9399c90641178dc71266b |
| SHA256 | 566af06a6e63c87056a6f74830b844e9cb03d320670810cda3e69385f6673a9c |
| SHA512 | c2f064aface11146bcbf0bd7db343c10c6be263ec39da42caedbfa69d0f572b954ab278d06eb11b1d27649096679c9f525155dc4914cb807abcf78442a3cd485 |
C:\Users\Admin\AppData\Local\Temp\okUE.exe
| MD5 | 97d60aa7b173e86318bbdd689735877d |
| SHA1 | 15e7ed030ba40e237b00664ce96851d6f4bda223 |
| SHA256 | 7eed0717932dd76ba74046d1b89d2bfe449a3a96101eedeea65ac436593af80b |
| SHA512 | 46e9096ecb5d87e66abe22f4b1c2245639ef6952842a85e331adc1451e3b298ee797a2ad413afa2bb7cd34839a07b3a5104eabc627c4dbbef3ebdd4e294699d1 |
C:\Users\Admin\AppData\Local\Temp\egIy.exe
| MD5 | 7e2eda9847a727e1d6691f11d28488c7 |
| SHA1 | 66889bd1cb9d1df8996e5ee6028c607690f5e4ab |
| SHA256 | 3816ea96efbd4b900bffa9b71791086a471e99a6b07487b9d42929c0bbbc9460 |
| SHA512 | f2609fdd65fc6eb4eb2caeed0fd3a4d525267bfdf8f57e490c952132594cacc2fa36f936af948209bbc9402922d391d70a5c7b0cd4b03368c281671fec4bab32 |
C:\Users\Admin\AppData\Local\Temp\cQko.exe
| MD5 | 411bafe9643f574130033f57677d83c8 |
| SHA1 | 928c74a22222a2d316d6cf17c227c4e2e610e68a |
| SHA256 | 13f9e07db29035b67168ebefeed23be8457216ef27e118a5c33c13efc082be6e |
| SHA512 | 030e557b610f59801d36ddff76fe8126c6daa9b90e427da98798b2d2392c20fa810832246a9b229bdfe7acb7d7889453fd102347a213dc000d98105c83fc267b |
C:\Users\Admin\AppData\Local\Temp\mwse.exe
| MD5 | 7091c7f087e65f48d804d81f5c7f962a |
| SHA1 | ce3a337a872f43110a16acf891538aaf2f7fbf23 |
| SHA256 | cd309926f4974a8495d6d6326a074edc1716e05d64fbdebe0bde3041758cfa3a |
| SHA512 | e7de4084264147839237c4110e5c9abe8905b79e3351ae5dab7808babca9e128a84f3e26f11c3a22f1a804a7b4861addaa4726a9dfb680fd73f88ac1cb518f4a |
C:\Users\Admin\AppData\Local\Temp\WEEu.exe
| MD5 | 994b67a64b360f61872592140d0e14c3 |
| SHA1 | 4bf61521b5b64221ab9491b5fce5cebaef39e5a5 |
| SHA256 | 9f741c39f6ecdd73bb0df0a0418af6dbc522c41568334bbd9078aef577df3a19 |
| SHA512 | e5234e7c821dbda4ba38ef56222cc5be01e76faef797b2e1b712ea3a3ed96f1a9c67811dbea8e87ffad06b499cbf87c152a64658f36e94098f445da0f8aa98f3 |
C:\Users\Admin\AppData\Local\Temp\YAwQ.exe
| MD5 | e5b6056153d87aba2b78af316b2609c3 |
| SHA1 | ccad5ff802c4ae335eb989a1bb919c07b030ebd4 |
| SHA256 | 421e5cee77d3f5ef24755c1bda2ed127b8a00e727334119fc176f9df4ac6e1b2 |
| SHA512 | 850df95c56edfe9bdb1e0b9784d7bde172c03714bf9e053b82af3e5d6d7d8da71950eb3cf4f19da425e55e69af122c2c6b83e2db40c1523a56f17e7ab2bbd806 |
C:\Users\Admin\AppData\Local\Temp\kYko.exe
| MD5 | 6290c8e56cdeacecdcc34c284a767e99 |
| SHA1 | 41ddf777d72a1fd3115db01e96bedf3edc3d98cd |
| SHA256 | 85da58a60018a24b8ddbcf9a5069be3e5997b55672f469bebaff64b3a8495735 |
| SHA512 | d6d6b5c9b6400862d463f7fc1c3a2224fcca581250d80bb9bb085319b6e731a2c2674dcc167828acc13321f20e783e5cd9f7d16384a17624ece4fb4c34fddded |
C:\Users\Admin\AppData\Local\Temp\mwUQ.exe
| MD5 | 876926e76d9b2c8d65bd1d9c2ddc3906 |
| SHA1 | 37973fc30322d26c1e4340b18c86ab5b8876fb45 |
| SHA256 | d5087b75bb4ac111c9db35a24b3778a8d3f222fcdd9aee17841623fe7646ca78 |
| SHA512 | 39c900bb5aea339b2d3db923c11f844208291289c8764199e2ae2f4f65ce8fbb5793f9851b70eae7813c01e765f6ae22756f2cdc6cf0a28cb3d1f0880ef5529e |
C:\Users\Admin\AppData\Local\Temp\cMUe.exe
| MD5 | 2fb2917974a2968bfc25dd07efd06a08 |
| SHA1 | b7c3c8a4e8ec1d0bda2a22a0e67a89ec3d3ad564 |
| SHA256 | 32830171eba6af0d82d7b6969bd4a88ddd9ca9f3e2647f84d14ddca6c701281e |
| SHA512 | f5bf7890578d868a5a77a8779b0b8eea433338509a5b3faeb130f87693fadcc1d8f833c11d880efd5c7c722239f39ae09c6e33245c88a9594056eafcc4969da3 |
C:\Users\Admin\AppData\Local\Temp\EgQW.exe
| MD5 | 78f37883a610030f38f3308fab7784ed |
| SHA1 | dd7347e4b374ee00a80c5bd8ff0fa6cafd0355e1 |
| SHA256 | 4d78c6214c387f48166f83531193be6b5417ac2f181dd2a97ab44cdf612be0af |
| SHA512 | 2eb81000fc175a9105b9f382e11968f839db281e03cbc14afe0c1fd4e5315c241409dc77c6aae35bbc7bc1bbbe14a8ef3560efa19e24e3e683d3c96dcb2b24fe |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | 67672f961c0f203bb3d173f9e3d5053e |
| SHA1 | a887e637ee7dd4aaa821946216bf779a92ee6e43 |
| SHA256 | fc1dfdf2e8967ebc4b46a8895bab9eead2786c93dd883541f375a0a4788fef17 |
| SHA512 | a06be49bff7819857b7a04687a92adc3bc5f9a0e105efd2a291bbb43b1ec556221d6430ce72c6d5b52404bec97915ca30ade02da6581b023e4f44178c2138c8b |
C:\Users\Admin\AppData\Local\Temp\AQgk.exe
| MD5 | f1ca6a11b8459996354df3a22861ed32 |
| SHA1 | 855d1a3c4c4f9081c852df3be25675f050fe9dc7 |
| SHA256 | f5f9b8589d5a6658d48040efb6e11440c29410215d6e7363854df2f85af051d5 |
| SHA512 | 533eaf14f6d6fea2f02c0d3d973c4d3730f3e45e7c3ffd145003d0178dc940e0be077d36301db84f82bdec7675aa18f7d6aa0b499b0d304458efc3cedefc7699 |
C:\Users\Admin\AppData\Local\Temp\aAcQ.exe
| MD5 | 276b02f87cb40c433918fae5c126dcea |
| SHA1 | ab099c6369435847482c98e5d89aa7b62c5d2e6d |
| SHA256 | 062aaa0bcdb0286d8c8977ae3039999dcdcd822fcf470d95ff86227c3550d24f |
| SHA512 | 4d9387744d1eec70df37ea7005de3096b79c92411bc4530c10c6116ee8a8462ca1e937e91bd66907ba8a5b3d2192a05ca4d72e231a472aa8e6a593c71452f8af |
C:\Users\Admin\AppData\Local\Temp\WcIW.exe
| MD5 | bb5beb9cdeb8f66e0c841cfd56682dec |
| SHA1 | 6b887a537db431f52eb975fa6e2c2567284ca070 |
| SHA256 | 0a395b653f9593ef6d0bc15d3fd7cda57b2a240edc8e7e2774accf49991fe5c9 |
| SHA512 | ad121f46a7df03cf2eedb72dec0927028298459829f4bbbb7082ae33d6238a4ad3c5e63a0051f66a8a19b2ae7d5b9e54ca47311a9cf32ef779d959f13f3baaf3 |
C:\Users\Admin\AppData\Local\Temp\UIQm.exe
| MD5 | eb55029a459df41d269ac0d0decd504a |
| SHA1 | afbb2fb29671cf2edce0a543b757371e91a36a76 |
| SHA256 | 4c25b7f652ea473ee86c65a2b81437658c4d6ef4ff9328c741cbeca36f141cf1 |
| SHA512 | d57831ff562400f2ea29ea09f1afbbbba5ef75122974a5761dfb6682ac847cfc0ba481c354e6ff17514002cdf70ed8824e281d36571627bebd3bb8115585b09d |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 2c2b37d355ae6e52a89d28294081cf4e |
| SHA1 | 2d362bacfc7dee3dfddb0b69ac074c88afa7abca |
| SHA256 | 15c2793ce11b3ecafc0ea9b9bba8cdf17619c6f2ec1c269fedb53e2bdadd282d |
| SHA512 | 46c9b66502771e5b5a1b61196c2eb41dcd696ab0ba74c6c4214ac3dc71fde487b3e29de1508b58cad2ce63983eb08b533fd5aa10f1f1e5c8c925840982a653b7 |