Analysis
-
max time kernel
8s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
01-08-2024 05:57
Static task
static1
Behavioral task
behavioral1
Sample
WinLocker_Builder_0.4.exe
Resource
win7-20240704-en
General
-
Target
WinLocker_Builder_0.4.exe
-
Size
1.7MB
-
MD5
410fe67a1b89105486140bb30a6b9ca9
-
SHA1
f8d50097c608da77637977f64e7a48f3da7bc092
-
SHA256
ff77277245800b3aa373bc1a9e789014ee50af2450133ae10c1569d84f32b2cf
-
SHA512
94dd01181936b14b3b6d638e3aee8016d8674e0c3d5a1b48c4e8e71d6ac940aeb359eeb29fff4abb16585520d0720de0a56d83a866058e6741d9a052486383e5
-
SSDEEP
24576:pGYwefQHQnJceBaVvlW1t39AJ4FsnAwtir2CESobryiGzozFg7c:pGYp5uvC9sAwtUH02c
Malware Config
Extracted
darkcomet
Guest16
gameservice.ddns.net:4320
DC_MUTEX-WBUNVXD
-
InstallPath
AudioDriver\taskhost.exe
-
gencode
EWSsWwgyJrUD
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
AudioDriver
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
upx_compresser.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\Documents\\AudioDriver\\taskhost.exe" upx_compresser.exe -
Executes dropped EXE 55 IoCs
Processes:
WinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exetaskhost.exeupx_compresser.exeWinLocker_Builder_0.4.exetaskhost.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exepid process 2464 WinLocker_Builder_0.4.exe 2488 WinLocker_Builder_0.4.exe 2724 upx_compresser.exe 888 upx_compresser.exe 2740 upx_compresser.exe 2904 upx_compresser.exe 2560 WinLocker_Builder_0.4.exe 2576 upx_compresser.exe 2528 upx_compresser.exe 2960 upx_compresser.exe 2696 WinLocker_Builder_0.4.exe 2980 upx_compresser.exe 2148 taskhost.exe 2160 upx_compresser.exe 2072 WinLocker_Builder_0.4.exe 1536 taskhost.exe 2712 upx_compresser.exe 956 upx_compresser.exe 1828 WinLocker_Builder_0.4.exe 1576 WinLocker_Builder_0.4.exe 2812 upx_compresser.exe 1036 WinLocker_Builder_0.4.exe 1356 WinLocker_Builder_0.4.exe 2912 WinLocker_Builder_0.4.exe 1092 WinLocker_Builder_0.4.exe 2872 upx_compresser.exe 632 upx_compresser.exe 2108 WinLocker_Builder_0.4.exe 1756 upx_compresser.exe 936 upx_compresser.exe 2104 upx_compresser.exe 2124 upx_compresser.exe 2224 upx_compresser.exe 2056 upx_compresser.exe 1784 upx_compresser.exe 2140 upx_compresser.exe 604 upx_compresser.exe 2164 upx_compresser.exe 2772 WinLocker_Builder_0.4.exe 2412 upx_compresser.exe 2000 upx_compresser.exe 1556 WinLocker_Builder_0.4.exe 1740 upx_compresser.exe 1532 WinLocker_Builder_0.4.exe 1764 upx_compresser.exe 1672 upx_compresser.exe 1032 upx_compresser.exe 1992 WinLocker_Builder_0.4.exe 892 upx_compresser.exe 2280 upx_compresser.exe 1708 WinLocker_Builder_0.4.exe 2480 upx_compresser.exe 1184 upx_compresser.exe 2724 WinLocker_Builder_0.4.exe 888 upx_compresser.exe -
Loads dropped DLL 64 IoCs
Processes:
WinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exepid process 2028 WinLocker_Builder_0.4.exe 2464 WinLocker_Builder_0.4.exe 2028 WinLocker_Builder_0.4.exe 2028 WinLocker_Builder_0.4.exe 2464 WinLocker_Builder_0.4.exe 2464 WinLocker_Builder_0.4.exe 2724 upx_compresser.exe 888 upx_compresser.exe 2488 WinLocker_Builder_0.4.exe 2488 WinLocker_Builder_0.4.exe 2488 WinLocker_Builder_0.4.exe 2576 upx_compresser.exe 2560 WinLocker_Builder_0.4.exe 2560 WinLocker_Builder_0.4.exe 2560 WinLocker_Builder_0.4.exe 2960 upx_compresser.exe 2740 upx_compresser.exe 2740 upx_compresser.exe 2696 WinLocker_Builder_0.4.exe 2696 WinLocker_Builder_0.4.exe 2696 WinLocker_Builder_0.4.exe 2160 upx_compresser.exe 2072 WinLocker_Builder_0.4.exe 2072 WinLocker_Builder_0.4.exe 2072 WinLocker_Builder_0.4.exe 956 upx_compresser.exe 1828 WinLocker_Builder_0.4.exe 1828 WinLocker_Builder_0.4.exe 1576 WinLocker_Builder_0.4.exe 1828 WinLocker_Builder_0.4.exe 1576 WinLocker_Builder_0.4.exe 1576 WinLocker_Builder_0.4.exe 1036 WinLocker_Builder_0.4.exe 1036 WinLocker_Builder_0.4.exe 1036 WinLocker_Builder_0.4.exe 1356 WinLocker_Builder_0.4.exe 1356 WinLocker_Builder_0.4.exe 1356 WinLocker_Builder_0.4.exe 2912 WinLocker_Builder_0.4.exe 2912 WinLocker_Builder_0.4.exe 2912 WinLocker_Builder_0.4.exe 1092 WinLocker_Builder_0.4.exe 1092 WinLocker_Builder_0.4.exe 1092 WinLocker_Builder_0.4.exe 2872 upx_compresser.exe 632 upx_compresser.exe 936 upx_compresser.exe 2104 upx_compresser.exe 1756 upx_compresser.exe 2108 WinLocker_Builder_0.4.exe 2108 WinLocker_Builder_0.4.exe 2108 WinLocker_Builder_0.4.exe 2124 upx_compresser.exe 604 upx_compresser.exe 2772 WinLocker_Builder_0.4.exe 2772 WinLocker_Builder_0.4.exe 2772 WinLocker_Builder_0.4.exe 1556 WinLocker_Builder_0.4.exe 1740 upx_compresser.exe 1556 WinLocker_Builder_0.4.exe 1556 WinLocker_Builder_0.4.exe 1672 upx_compresser.exe 1532 WinLocker_Builder_0.4.exe 1532 WinLocker_Builder_0.4.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
upx_compresser.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\AudioDriver = "C:\\Users\\Admin\\Documents\\AudioDriver\\taskhost.exe" upx_compresser.exe -
Suspicious use of SetThreadContext 18 IoCs
Processes:
upx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exetaskhost.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exedescription pid process target process PID 2724 set thread context of 2740 2724 upx_compresser.exe upx_compresser.exe PID 888 set thread context of 2904 888 upx_compresser.exe upx_compresser.exe PID 2576 set thread context of 2528 2576 upx_compresser.exe upx_compresser.exe PID 2960 set thread context of 2980 2960 upx_compresser.exe upx_compresser.exe PID 2148 set thread context of 1536 2148 taskhost.exe taskhost.exe PID 2160 set thread context of 2712 2160 upx_compresser.exe upx_compresser.exe PID 956 set thread context of 2812 956 upx_compresser.exe upx_compresser.exe PID 2872 set thread context of 2224 2872 upx_compresser.exe upx_compresser.exe PID 632 set thread context of 2056 632 upx_compresser.exe upx_compresser.exe PID 936 set thread context of 1784 936 upx_compresser.exe upx_compresser.exe PID 1756 set thread context of 2140 1756 upx_compresser.exe upx_compresser.exe PID 2104 set thread context of 2164 2104 upx_compresser.exe upx_compresser.exe PID 2124 set thread context of 2412 2124 upx_compresser.exe upx_compresser.exe PID 604 set thread context of 2000 604 upx_compresser.exe upx_compresser.exe PID 1740 set thread context of 1764 1740 upx_compresser.exe upx_compresser.exe PID 1672 set thread context of 1032 1672 upx_compresser.exe upx_compresser.exe PID 892 set thread context of 2280 892 upx_compresser.exe upx_compresser.exe PID 2480 set thread context of 1184 2480 upx_compresser.exe upx_compresser.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 56 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
upx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exetaskhost.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exetaskhost.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskhost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskhost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe -
Suspicious behavior: EnumeratesProcesses 19 IoCs
Processes:
upx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exetaskhost.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exepid process 2724 upx_compresser.exe 888 upx_compresser.exe 2576 upx_compresser.exe 2960 upx_compresser.exe 2160 upx_compresser.exe 2148 taskhost.exe 956 upx_compresser.exe 2872 upx_compresser.exe 632 upx_compresser.exe 936 upx_compresser.exe 2104 upx_compresser.exe 1756 upx_compresser.exe 2124 upx_compresser.exe 604 upx_compresser.exe 1740 upx_compresser.exe 1672 upx_compresser.exe 892 upx_compresser.exe 2480 upx_compresser.exe 888 upx_compresser.exe -
Suspicious behavior: MapViewOfSection 19 IoCs
Processes:
upx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exetaskhost.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exepid process 2724 upx_compresser.exe 888 upx_compresser.exe 2576 upx_compresser.exe 2960 upx_compresser.exe 2160 upx_compresser.exe 2148 taskhost.exe 956 upx_compresser.exe 2872 upx_compresser.exe 632 upx_compresser.exe 936 upx_compresser.exe 2104 upx_compresser.exe 1756 upx_compresser.exe 2124 upx_compresser.exe 604 upx_compresser.exe 1740 upx_compresser.exe 1672 upx_compresser.exe 892 upx_compresser.exe 2480 upx_compresser.exe 888 upx_compresser.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
upx_compresser.exeupx_compresser.exeupx_compresser.exedescription pid process Token: SeIncreaseQuotaPrivilege 2740 upx_compresser.exe Token: SeSecurityPrivilege 2740 upx_compresser.exe Token: SeTakeOwnershipPrivilege 2740 upx_compresser.exe Token: SeLoadDriverPrivilege 2740 upx_compresser.exe Token: SeSystemProfilePrivilege 2740 upx_compresser.exe Token: SeSystemtimePrivilege 2740 upx_compresser.exe Token: SeProfSingleProcessPrivilege 2740 upx_compresser.exe Token: SeIncBasePriorityPrivilege 2740 upx_compresser.exe Token: SeCreatePagefilePrivilege 2740 upx_compresser.exe Token: SeBackupPrivilege 2740 upx_compresser.exe Token: SeRestorePrivilege 2740 upx_compresser.exe Token: SeShutdownPrivilege 2740 upx_compresser.exe Token: SeDebugPrivilege 2740 upx_compresser.exe Token: SeSystemEnvironmentPrivilege 2740 upx_compresser.exe Token: SeChangeNotifyPrivilege 2740 upx_compresser.exe Token: SeRemoteShutdownPrivilege 2740 upx_compresser.exe Token: SeUndockPrivilege 2740 upx_compresser.exe Token: SeManageVolumePrivilege 2740 upx_compresser.exe Token: SeImpersonatePrivilege 2740 upx_compresser.exe Token: SeCreateGlobalPrivilege 2740 upx_compresser.exe Token: 33 2740 upx_compresser.exe Token: 34 2740 upx_compresser.exe Token: 35 2740 upx_compresser.exe Token: SeIncreaseQuotaPrivilege 2904 upx_compresser.exe Token: SeSecurityPrivilege 2904 upx_compresser.exe Token: SeTakeOwnershipPrivilege 2904 upx_compresser.exe Token: SeLoadDriverPrivilege 2904 upx_compresser.exe Token: SeSystemProfilePrivilege 2904 upx_compresser.exe Token: SeSystemtimePrivilege 2904 upx_compresser.exe Token: SeProfSingleProcessPrivilege 2904 upx_compresser.exe Token: SeIncBasePriorityPrivilege 2904 upx_compresser.exe Token: SeCreatePagefilePrivilege 2904 upx_compresser.exe Token: SeBackupPrivilege 2904 upx_compresser.exe Token: SeRestorePrivilege 2904 upx_compresser.exe Token: SeShutdownPrivilege 2904 upx_compresser.exe Token: SeDebugPrivilege 2904 upx_compresser.exe Token: SeSystemEnvironmentPrivilege 2904 upx_compresser.exe Token: SeChangeNotifyPrivilege 2904 upx_compresser.exe Token: SeRemoteShutdownPrivilege 2904 upx_compresser.exe Token: SeUndockPrivilege 2904 upx_compresser.exe Token: SeManageVolumePrivilege 2904 upx_compresser.exe Token: SeImpersonatePrivilege 2904 upx_compresser.exe Token: SeCreateGlobalPrivilege 2904 upx_compresser.exe Token: 33 2904 upx_compresser.exe Token: 34 2904 upx_compresser.exe Token: 35 2904 upx_compresser.exe Token: SeIncreaseQuotaPrivilege 2528 upx_compresser.exe Token: SeSecurityPrivilege 2528 upx_compresser.exe Token: SeTakeOwnershipPrivilege 2528 upx_compresser.exe Token: SeLoadDriverPrivilege 2528 upx_compresser.exe Token: SeSystemProfilePrivilege 2528 upx_compresser.exe Token: SeSystemtimePrivilege 2528 upx_compresser.exe Token: SeProfSingleProcessPrivilege 2528 upx_compresser.exe Token: SeIncBasePriorityPrivilege 2528 upx_compresser.exe Token: SeCreatePagefilePrivilege 2528 upx_compresser.exe Token: SeBackupPrivilege 2528 upx_compresser.exe Token: SeRestorePrivilege 2528 upx_compresser.exe Token: SeShutdownPrivilege 2528 upx_compresser.exe Token: SeDebugPrivilege 2528 upx_compresser.exe Token: SeSystemEnvironmentPrivilege 2528 upx_compresser.exe Token: SeChangeNotifyPrivilege 2528 upx_compresser.exe Token: SeRemoteShutdownPrivilege 2528 upx_compresser.exe Token: SeUndockPrivilege 2528 upx_compresser.exe Token: SeManageVolumePrivilege 2528 upx_compresser.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
upx_compresser.exepid process 2904 upx_compresser.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
WinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exedescription pid process target process PID 2028 wrote to memory of 2464 2028 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2028 wrote to memory of 2464 2028 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2028 wrote to memory of 2464 2028 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2028 wrote to memory of 2464 2028 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2464 wrote to memory of 2488 2464 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2464 wrote to memory of 2488 2464 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2464 wrote to memory of 2488 2464 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2464 wrote to memory of 2488 2464 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2028 wrote to memory of 2724 2028 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2028 wrote to memory of 2724 2028 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2028 wrote to memory of 2724 2028 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2028 wrote to memory of 2724 2028 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2464 wrote to memory of 888 2464 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2464 wrote to memory of 888 2464 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2464 wrote to memory of 888 2464 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2464 wrote to memory of 888 2464 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2724 wrote to memory of 2740 2724 upx_compresser.exe upx_compresser.exe PID 2724 wrote to memory of 2740 2724 upx_compresser.exe upx_compresser.exe PID 2724 wrote to memory of 2740 2724 upx_compresser.exe upx_compresser.exe PID 2724 wrote to memory of 2740 2724 upx_compresser.exe upx_compresser.exe PID 888 wrote to memory of 2904 888 upx_compresser.exe upx_compresser.exe PID 888 wrote to memory of 2904 888 upx_compresser.exe upx_compresser.exe PID 888 wrote to memory of 2904 888 upx_compresser.exe upx_compresser.exe PID 888 wrote to memory of 2904 888 upx_compresser.exe upx_compresser.exe PID 2488 wrote to memory of 2560 2488 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2488 wrote to memory of 2560 2488 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2488 wrote to memory of 2560 2488 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2488 wrote to memory of 2560 2488 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 2488 wrote to memory of 2576 2488 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2488 wrote to memory of 2576 2488 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2488 wrote to memory of 2576 2488 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2488 wrote to memory of 2576 2488 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2576 wrote to memory of 2528 2576 upx_compresser.exe upx_compresser.exe PID 2576 wrote to memory of 2528 2576 upx_compresser.exe upx_compresser.exe PID 2576 wrote to memory of 2528 2576 upx_compresser.exe upx_compresser.exe PID 2576 wrote to memory of 2528 2576 upx_compresser.exe upx_compresser.exe PID 2560 wrote to memory of 2696 2560 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2560 wrote to memory of 2696 2560 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2560 wrote to memory of 2696 2560 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2560 wrote to memory of 2696 2560 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2560 wrote to memory of 2960 2560 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2560 wrote to memory of 2960 2560 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2560 wrote to memory of 2960 2560 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2560 wrote to memory of 2960 2560 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2960 wrote to memory of 2980 2960 upx_compresser.exe upx_compresser.exe PID 2960 wrote to memory of 2980 2960 upx_compresser.exe upx_compresser.exe PID 2960 wrote to memory of 2980 2960 upx_compresser.exe upx_compresser.exe PID 2960 wrote to memory of 2980 2960 upx_compresser.exe upx_compresser.exe PID 2740 wrote to memory of 2148 2740 upx_compresser.exe upx_compresser.exe PID 2740 wrote to memory of 2148 2740 upx_compresser.exe upx_compresser.exe PID 2740 wrote to memory of 2148 2740 upx_compresser.exe upx_compresser.exe PID 2740 wrote to memory of 2148 2740 upx_compresser.exe upx_compresser.exe PID 2696 wrote to memory of 2072 2696 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2696 wrote to memory of 2072 2696 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2696 wrote to memory of 2072 2696 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2696 wrote to memory of 2072 2696 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2696 wrote to memory of 2160 2696 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2696 wrote to memory of 2160 2696 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2696 wrote to memory of 2160 2696 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2696 wrote to memory of 2160 2696 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2160 wrote to memory of 2712 2160 upx_compresser.exe upx_compresser.exe PID 2160 wrote to memory of 2712 2160 upx_compresser.exe upx_compresser.exe PID 2160 wrote to memory of 2712 2160 upx_compresser.exe upx_compresser.exe PID 2160 wrote to memory of 2712 2160 upx_compresser.exe upx_compresser.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2464 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2488 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2560 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2072 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1828 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1576 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1036 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1356 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2912 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1092 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2108 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2772 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1556 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1532 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1992 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"18⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1708 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"19⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2724 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"20⤵PID:2756
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"21⤵PID:2788
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"22⤵PID:1632
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"23⤵PID:3056
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"24⤵PID:2584
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"25⤵PID:2824
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"26⤵PID:1696
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"27⤵PID:2080
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"28⤵PID:936
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"29⤵PID:1800
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"30⤵PID:2592
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"31⤵PID:2340
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"32⤵PID:2896
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"33⤵PID:1376
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"34⤵PID:1372
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"35⤵PID:1672
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"36⤵PID:876
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"37⤵PID:1656
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"38⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"39⤵PID:2484
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"40⤵PID:2968
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"41⤵PID:1652
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"42⤵PID:2976
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"43⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"44⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"45⤵PID:2232
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"46⤵PID:1576
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"47⤵PID:1352
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"48⤵PID:936
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"49⤵PID:2316
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"50⤵PID:2136
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"51⤵PID:692
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"52⤵PID:2700
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"53⤵PID:2852
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"54⤵PID:3024
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"55⤵PID:1604
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"56⤵PID:2492
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"57⤵PID:2768
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"58⤵PID:2516
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"59⤵PID:2736
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"60⤵PID:1632
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"61⤵PID:1240
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"62⤵PID:2064
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"63⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"64⤵PID:1756
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"65⤵PID:2076
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"66⤵PID:2116
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"67⤵PID:2012
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"68⤵PID:2460
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"69⤵PID:940
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"70⤵PID:1556
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"71⤵PID:2192
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"72⤵PID:1504
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"73⤵PID:2028
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"74⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"75⤵PID:1544
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"76⤵PID:2788
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"77⤵PID:2448
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"78⤵PID:2176
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"79⤵PID:1700
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"80⤵PID:2824
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"81⤵PID:2580
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"82⤵PID:1548
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"83⤵PID:1620
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"84⤵PID:108
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"85⤵PID:2016
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"86⤵PID:2020
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"87⤵PID:2504
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"88⤵PID:812
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"89⤵PID:552
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"90⤵PID:2972
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"91⤵PID:3028
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"92⤵PID:2684
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"93⤵PID:2264
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"94⤵PID:2748
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"95⤵PID:2416
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"96⤵PID:2312
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"97⤵PID:2472
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"98⤵PID:1756
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"99⤵PID:936
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"100⤵PID:2008
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"101⤵PID:1464
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"102⤵PID:1808
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"103⤵PID:992
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"104⤵PID:2288
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"105⤵PID:1712
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"106⤵PID:2492
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"107⤵PID:2560
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"108⤵PID:2204
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"109⤵PID:860
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"110⤵PID:2024
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"111⤵PID:852
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"112⤵PID:2816
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"113⤵PID:3040
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"114⤵PID:1548
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"115⤵PID:924
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"116⤵PID:2896
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"117⤵PID:1724
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"118⤵PID:1320
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"119⤵PID:2380
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"120⤵PID:552
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"121⤵PID:888
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"122⤵PID:2092
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"123⤵PID:3060
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"124⤵PID:1816
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"125⤵PID:2748
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"126⤵PID:2824
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"127⤵PID:2100
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"128⤵PID:2704
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"129⤵PID:1352
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"130⤵PID:924
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"131⤵PID:2356
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"132⤵PID:1724
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"133⤵PID:2924
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"134⤵PID:3024
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"135⤵PID:2208
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"136⤵PID:1728
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"137⤵PID:1540
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"138⤵PID:2720
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"139⤵PID:1296
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"140⤵PID:2420
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"141⤵PID:1616
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"142⤵PID:1456
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"143⤵PID:2296
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"144⤵PID:1808
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"145⤵PID:1608
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"146⤵PID:836
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"147⤵PID:2360
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"148⤵PID:2808
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"149⤵PID:2380
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"150⤵PID:888
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"151⤵PID:1476
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"152⤵PID:2908
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"153⤵PID:2776
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"154⤵PID:2116
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"155⤵PID:1616
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"156⤵PID:528
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"157⤵PID:2432
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"158⤵PID:696
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"159⤵PID:1588
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"160⤵PID:1752
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"161⤵PID:2684
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"162⤵PID:2628
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"163⤵PID:888
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"164⤵PID:1476
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"165⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"166⤵PID:2600
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"167⤵PID:2440
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"168⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"169⤵PID:1556
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"170⤵PID:1508
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"171⤵PID:2028
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"172⤵PID:2664
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"173⤵PID:2636
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"174⤵PID:2416
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"175⤵PID:556
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"176⤵PID:632
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"177⤵PID:1092
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"178⤵PID:1920
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"179⤵PID:2004
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"180⤵PID:2240
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"181⤵PID:2356
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"182⤵PID:1164
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"183⤵PID:2968
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"184⤵PID:1684
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"185⤵PID:2920
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"186⤵PID:2572
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"187⤵PID:2592
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"188⤵PID:2460
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"189⤵PID:1352
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"190⤵PID:1920
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"191⤵PID:812
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"192⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"193⤵PID:2560
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"194⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"195⤵PID:1732
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"196⤵PID:2508
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"197⤵PID:2912
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"198⤵PID:1616
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"199⤵PID:2460
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"200⤵PID:2900
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"201⤵PID:3028
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"202⤵PID:1708
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"203⤵PID:2208
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"204⤵PID:1816
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"205⤵PID:1732
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"206⤵PID:632
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"207⤵PID:2100
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"208⤵PID:1724
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"209⤵PID:3044
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"210⤵PID:1556
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"211⤵PID:3028
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"212⤵PID:1396
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"213⤵PID:688
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"214⤵PID:1816
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"215⤵PID:2036
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"216⤵PID:2156
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"217⤵PID:2852
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"218⤵PID:1608
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"219⤵PID:2756
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"220⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"221⤵PID:2628
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"222⤵PID:1684
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"223⤵PID:2508
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"224⤵PID:2600
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"225⤵PID:2504
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"226⤵PID:2852
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"227⤵PID:2808
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"228⤵PID:2736
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"229⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"230⤵PID:888
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"231⤵PID:1684
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"232⤵PID:2444
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"233⤵PID:1456
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"234⤵PID:2460
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"235⤵PID:2356
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"236⤵PID:812
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"237⤵PID:2044
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"238⤵PID:1128
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"239⤵PID:2572
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"240⤵PID:2440
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"241⤵PID:2100
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"242⤵PID:2676