Analysis
-
max time kernel
15s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system -
submitted
01-08-2024 05:57
Static task
static1
Behavioral task
behavioral1
Sample
WinLocker_Builder_0.4.exe
Resource
win7-20240704-en
General
-
Target
WinLocker_Builder_0.4.exe
-
Size
1.7MB
-
MD5
410fe67a1b89105486140bb30a6b9ca9
-
SHA1
f8d50097c608da77637977f64e7a48f3da7bc092
-
SHA256
ff77277245800b3aa373bc1a9e789014ee50af2450133ae10c1569d84f32b2cf
-
SHA512
94dd01181936b14b3b6d638e3aee8016d8674e0c3d5a1b48c4e8e71d6ac940aeb359eeb29fff4abb16585520d0720de0a56d83a866058e6741d9a052486383e5
-
SSDEEP
24576:pGYwefQHQnJceBaVvlW1t39AJ4FsnAwtir2CESobryiGzozFg7c:pGYp5uvC9sAwtUH02c
Malware Config
Extracted
darkcomet
Guest16
gameservice.ddns.net:4320
DC_MUTEX-WBUNVXD
-
InstallPath
AudioDriver\taskhost.exe
-
gencode
EWSsWwgyJrUD
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
AudioDriver
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
upx_compresser.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\Documents\\AudioDriver\\taskhost.exe" upx_compresser.exe -
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
WinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation WinLocker_Builder_0.4.exe -
Executes dropped EXE 64 IoCs
Processes:
WinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exetaskhost.exetaskhost.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exepid process 5004 WinLocker_Builder_0.4.exe 1504 upx_compresser.exe 4052 upx_compresser.exe 4140 WinLocker_Builder_0.4.exe 2784 upx_compresser.exe 596 upx_compresser.exe 1592 taskhost.exe 2208 taskhost.exe 3140 WinLocker_Builder_0.4.exe 3620 upx_compresser.exe 2228 upx_compresser.exe 1072 WinLocker_Builder_0.4.exe 1800 upx_compresser.exe 332 upx_compresser.exe 1444 WinLocker_Builder_0.4.exe 4612 upx_compresser.exe 4992 upx_compresser.exe 3196 WinLocker_Builder_0.4.exe 1536 upx_compresser.exe 840 upx_compresser.exe 1840 WinLocker_Builder_0.4.exe 2084 upx_compresser.exe 748 upx_compresser.exe 3536 WinLocker_Builder_0.4.exe 3860 upx_compresser.exe 1972 upx_compresser.exe 628 WinLocker_Builder_0.4.exe 4880 upx_compresser.exe 4640 upx_compresser.exe 684 WinLocker_Builder_0.4.exe 2012 upx_compresser.exe 884 upx_compresser.exe 1860 WinLocker_Builder_0.4.exe 3852 upx_compresser.exe 2280 upx_compresser.exe 3436 upx_compresser.exe 4156 WinLocker_Builder_0.4.exe 2072 upx_compresser.exe 1084 WinLocker_Builder_0.4.exe 2980 upx_compresser.exe 3324 upx_compresser.exe 4332 WinLocker_Builder_0.4.exe 3800 upx_compresser.exe 2676 upx_compresser.exe 1592 WinLocker_Builder_0.4.exe 4620 upx_compresser.exe 1376 upx_compresser.exe 836 WinLocker_Builder_0.4.exe 1644 upx_compresser.exe 4140 upx_compresser.exe 4756 WinLocker_Builder_0.4.exe 5088 upx_compresser.exe 2848 upx_compresser.exe 1132 WinLocker_Builder_0.4.exe 3848 upx_compresser.exe 4128 upx_compresser.exe 2172 WinLocker_Builder_0.4.exe 1072 upx_compresser.exe 3476 upx_compresser.exe 1932 WinLocker_Builder_0.4.exe 3456 upx_compresser.exe 3652 upx_compresser.exe 3600 WinLocker_Builder_0.4.exe 4228 upx_compresser.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
upx_compresser.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AudioDriver = "C:\\Users\\Admin\\Documents\\AudioDriver\\taskhost.exe" upx_compresser.exe -
Suspicious use of SetThreadContext 64 IoCs
Processes:
upx_compresser.exeupx_compresser.exetaskhost.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exedescription pid process target process PID 1504 set thread context of 4052 1504 upx_compresser.exe upx_compresser.exe PID 2784 set thread context of 596 2784 upx_compresser.exe upx_compresser.exe PID 1592 set thread context of 2208 1592 taskhost.exe taskhost.exe PID 3620 set thread context of 2228 3620 upx_compresser.exe upx_compresser.exe PID 1800 set thread context of 332 1800 upx_compresser.exe upx_compresser.exe PID 4612 set thread context of 4992 4612 upx_compresser.exe upx_compresser.exe PID 1536 set thread context of 840 1536 upx_compresser.exe upx_compresser.exe PID 2084 set thread context of 748 2084 upx_compresser.exe upx_compresser.exe PID 3860 set thread context of 1972 3860 upx_compresser.exe upx_compresser.exe PID 4880 set thread context of 4640 4880 upx_compresser.exe upx_compresser.exe PID 2012 set thread context of 884 2012 upx_compresser.exe upx_compresser.exe PID 3852 set thread context of 2280 3852 upx_compresser.exe upx_compresser.exe PID 3436 set thread context of 2072 3436 upx_compresser.exe upx_compresser.exe PID 2980 set thread context of 3324 2980 upx_compresser.exe upx_compresser.exe PID 3800 set thread context of 2676 3800 upx_compresser.exe upx_compresser.exe PID 4620 set thread context of 1376 4620 upx_compresser.exe upx_compresser.exe PID 1644 set thread context of 4140 1644 upx_compresser.exe upx_compresser.exe PID 5088 set thread context of 2848 5088 upx_compresser.exe upx_compresser.exe PID 3848 set thread context of 4128 3848 upx_compresser.exe upx_compresser.exe PID 1072 set thread context of 3476 1072 upx_compresser.exe upx_compresser.exe PID 3456 set thread context of 3652 3456 upx_compresser.exe upx_compresser.exe PID 4228 set thread context of 4268 4228 upx_compresser.exe upx_compresser.exe PID 3292 set thread context of 3760 3292 upx_compresser.exe upx_compresser.exe PID 4736 set thread context of 3856 4736 upx_compresser.exe upx_compresser.exe PID 1612 set thread context of 816 1612 upx_compresser.exe upx_compresser.exe PID 2276 set thread context of 3852 2276 upx_compresser.exe upx_compresser.exe PID 2492 set thread context of 4316 2492 upx_compresser.exe upx_compresser.exe PID 2636 set thread context of 2464 2636 upx_compresser.exe upx_compresser.exe PID 972 set thread context of 1600 972 upx_compresser.exe upx_compresser.exe PID 224 set thread context of 3008 224 upx_compresser.exe upx_compresser.exe PID 1708 set thread context of 372 1708 upx_compresser.exe upx_compresser.exe PID 1644 set thread context of 2020 1644 upx_compresser.exe upx_compresser.exe PID 3524 set thread context of 5064 3524 upx_compresser.exe upx_compresser.exe PID 2068 set thread context of 3848 2068 upx_compresser.exe upx_compresser.exe PID 1132 set thread context of 2312 1132 upx_compresser.exe upx_compresser.exe PID 2340 set thread context of 4276 2340 upx_compresser.exe upx_compresser.exe PID 1652 set thread context of 3192 1652 upx_compresser.exe upx_compresser.exe PID 2984 set thread context of 2580 2984 upx_compresser.exe upx_compresser.exe PID 3136 set thread context of 984 3136 upx_compresser.exe upx_compresser.exe PID 5016 set thread context of 396 5016 upx_compresser.exe upx_compresser.exe PID 4904 set thread context of 1704 4904 upx_compresser.exe PID 4032 set thread context of 3176 4032 upx_compresser.exe upx_compresser.exe PID 716 set thread context of 2724 716 upx_compresser.exe upx_compresser.exe PID 4668 set thread context of 1584 4668 upx_compresser.exe upx_compresser.exe PID 224 set thread context of 5084 224 upx_compresser.exe upx_compresser.exe PID 1708 set thread context of 1788 1708 upx_compresser.exe upx_compresser.exe PID 1484 set thread context of 2016 1484 upx_compresser.exe upx_compresser.exe PID 5088 set thread context of 4824 5088 upx_compresser.exe upx_compresser.exe PID 4396 set thread context of 3944 4396 upx_compresser.exe upx_compresser.exe PID 2648 set thread context of 4484 2648 upx_compresser.exe upx_compresser.exe PID 1092 set thread context of 4860 1092 upx_compresser.exe upx_compresser.exe PID 4064 set thread context of 3600 4064 upx_compresser.exe upx_compresser.exe PID 1840 set thread context of 2168 1840 upx_compresser.exe upx_compresser.exe PID 772 set thread context of 4352 772 upx_compresser.exe upx_compresser.exe PID 2972 set thread context of 1744 2972 upx_compresser.exe upx_compresser.exe PID 2056 set thread context of 2428 2056 upx_compresser.exe upx_compresser.exe PID 1720 set thread context of 4916 1720 upx_compresser.exe upx_compresser.exe PID 1404 set thread context of 4472 1404 upx_compresser.exe upx_compresser.exe PID 1256 set thread context of 4244 1256 upx_compresser.exe upx_compresser.exe PID 3972 set thread context of 3320 3972 upx_compresser.exe upx_compresser.exe PID 3532 set thread context of 1176 3532 upx_compresser.exe upx_compresser.exe PID 512 set thread context of 4756 512 upx_compresser.exe upx_compresser.exe PID 3656 set thread context of 4104 3656 upx_compresser.exe upx_compresser.exe PID 3068 set thread context of 1324 3068 upx_compresser.exe upx_compresser.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
WinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeWinLocker_Builder_0.4.exeWinLocker_Builder_0.4.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language upx_compresser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinLocker_Builder_0.4.exe -
Modifies registry class 1 IoCs
Processes:
upx_compresser.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ upx_compresser.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
upx_compresser.exeupx_compresser.exetaskhost.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exepid process 1504 upx_compresser.exe 1504 upx_compresser.exe 2784 upx_compresser.exe 2784 upx_compresser.exe 1592 taskhost.exe 1592 taskhost.exe 3620 upx_compresser.exe 3620 upx_compresser.exe 1800 upx_compresser.exe 1800 upx_compresser.exe 4612 upx_compresser.exe 4612 upx_compresser.exe 1536 upx_compresser.exe 1536 upx_compresser.exe 2084 upx_compresser.exe 2084 upx_compresser.exe 3860 upx_compresser.exe 3860 upx_compresser.exe 4880 upx_compresser.exe 4880 upx_compresser.exe 2012 upx_compresser.exe 2012 upx_compresser.exe 3852 upx_compresser.exe 3852 upx_compresser.exe 3436 upx_compresser.exe 3436 upx_compresser.exe 2980 upx_compresser.exe 2980 upx_compresser.exe 3800 upx_compresser.exe 3800 upx_compresser.exe 4620 upx_compresser.exe 4620 upx_compresser.exe 1644 upx_compresser.exe 1644 upx_compresser.exe 5088 upx_compresser.exe 5088 upx_compresser.exe 3848 upx_compresser.exe 3848 upx_compresser.exe 1072 upx_compresser.exe 1072 upx_compresser.exe 3456 upx_compresser.exe 3456 upx_compresser.exe 4228 upx_compresser.exe 4228 upx_compresser.exe 3292 upx_compresser.exe 3292 upx_compresser.exe 4736 upx_compresser.exe 4736 upx_compresser.exe 1612 upx_compresser.exe 1612 upx_compresser.exe 2276 upx_compresser.exe 2276 upx_compresser.exe 2492 upx_compresser.exe 2492 upx_compresser.exe 2636 upx_compresser.exe 2636 upx_compresser.exe 972 upx_compresser.exe 972 upx_compresser.exe 224 upx_compresser.exe 224 upx_compresser.exe 1708 upx_compresser.exe 1708 upx_compresser.exe 1644 upx_compresser.exe 1644 upx_compresser.exe -
Suspicious behavior: MapViewOfSection 64 IoCs
Processes:
upx_compresser.exeupx_compresser.exetaskhost.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exeupx_compresser.exepid process 1504 upx_compresser.exe 2784 upx_compresser.exe 1592 taskhost.exe 3620 upx_compresser.exe 1800 upx_compresser.exe 4612 upx_compresser.exe 1536 upx_compresser.exe 2084 upx_compresser.exe 3860 upx_compresser.exe 4880 upx_compresser.exe 2012 upx_compresser.exe 3852 upx_compresser.exe 3436 upx_compresser.exe 2980 upx_compresser.exe 3800 upx_compresser.exe 4620 upx_compresser.exe 1644 upx_compresser.exe 5088 upx_compresser.exe 3848 upx_compresser.exe 1072 upx_compresser.exe 3456 upx_compresser.exe 4228 upx_compresser.exe 3292 upx_compresser.exe 4736 upx_compresser.exe 1612 upx_compresser.exe 2276 upx_compresser.exe 2492 upx_compresser.exe 2636 upx_compresser.exe 972 upx_compresser.exe 224 upx_compresser.exe 1708 upx_compresser.exe 1644 upx_compresser.exe 3524 upx_compresser.exe 2068 upx_compresser.exe 1132 upx_compresser.exe 2340 upx_compresser.exe 1652 upx_compresser.exe 2984 upx_compresser.exe 3136 upx_compresser.exe 5016 upx_compresser.exe 4904 upx_compresser.exe 4032 upx_compresser.exe 716 upx_compresser.exe 4668 upx_compresser.exe 224 upx_compresser.exe 1708 upx_compresser.exe 1484 upx_compresser.exe 5088 upx_compresser.exe 4396 upx_compresser.exe 2648 upx_compresser.exe 1092 upx_compresser.exe 4064 upx_compresser.exe 1840 upx_compresser.exe 772 upx_compresser.exe 2972 upx_compresser.exe 2056 upx_compresser.exe 1720 upx_compresser.exe 1404 upx_compresser.exe 1256 upx_compresser.exe 3972 upx_compresser.exe 3532 upx_compresser.exe 512 upx_compresser.exe 3656 upx_compresser.exe 3068 upx_compresser.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
upx_compresser.exeupx_compresser.exetaskhost.exedescription pid process Token: SeIncreaseQuotaPrivilege 4052 upx_compresser.exe Token: SeSecurityPrivilege 4052 upx_compresser.exe Token: SeTakeOwnershipPrivilege 4052 upx_compresser.exe Token: SeLoadDriverPrivilege 4052 upx_compresser.exe Token: SeSystemProfilePrivilege 4052 upx_compresser.exe Token: SeSystemtimePrivilege 4052 upx_compresser.exe Token: SeProfSingleProcessPrivilege 4052 upx_compresser.exe Token: SeIncBasePriorityPrivilege 4052 upx_compresser.exe Token: SeCreatePagefilePrivilege 4052 upx_compresser.exe Token: SeBackupPrivilege 4052 upx_compresser.exe Token: SeRestorePrivilege 4052 upx_compresser.exe Token: SeShutdownPrivilege 4052 upx_compresser.exe Token: SeDebugPrivilege 4052 upx_compresser.exe Token: SeSystemEnvironmentPrivilege 4052 upx_compresser.exe Token: SeChangeNotifyPrivilege 4052 upx_compresser.exe Token: SeRemoteShutdownPrivilege 4052 upx_compresser.exe Token: SeUndockPrivilege 4052 upx_compresser.exe Token: SeManageVolumePrivilege 4052 upx_compresser.exe Token: SeImpersonatePrivilege 4052 upx_compresser.exe Token: SeCreateGlobalPrivilege 4052 upx_compresser.exe Token: 33 4052 upx_compresser.exe Token: 34 4052 upx_compresser.exe Token: 35 4052 upx_compresser.exe Token: 36 4052 upx_compresser.exe Token: SeIncreaseQuotaPrivilege 596 upx_compresser.exe Token: SeSecurityPrivilege 596 upx_compresser.exe Token: SeTakeOwnershipPrivilege 596 upx_compresser.exe Token: SeLoadDriverPrivilege 596 upx_compresser.exe Token: SeSystemProfilePrivilege 596 upx_compresser.exe Token: SeSystemtimePrivilege 596 upx_compresser.exe Token: SeProfSingleProcessPrivilege 596 upx_compresser.exe Token: SeIncBasePriorityPrivilege 596 upx_compresser.exe Token: SeCreatePagefilePrivilege 596 upx_compresser.exe Token: SeBackupPrivilege 596 upx_compresser.exe Token: SeRestorePrivilege 596 upx_compresser.exe Token: SeShutdownPrivilege 596 upx_compresser.exe Token: SeDebugPrivilege 596 upx_compresser.exe Token: SeSystemEnvironmentPrivilege 596 upx_compresser.exe Token: SeChangeNotifyPrivilege 596 upx_compresser.exe Token: SeRemoteShutdownPrivilege 596 upx_compresser.exe Token: SeUndockPrivilege 596 upx_compresser.exe Token: SeManageVolumePrivilege 596 upx_compresser.exe Token: SeImpersonatePrivilege 596 upx_compresser.exe Token: SeCreateGlobalPrivilege 596 upx_compresser.exe Token: 33 596 upx_compresser.exe Token: 34 596 upx_compresser.exe Token: 35 596 upx_compresser.exe Token: 36 596 upx_compresser.exe Token: SeIncreaseQuotaPrivilege 2208 taskhost.exe Token: SeSecurityPrivilege 2208 taskhost.exe Token: SeTakeOwnershipPrivilege 2208 taskhost.exe Token: SeLoadDriverPrivilege 2208 taskhost.exe Token: SeSystemProfilePrivilege 2208 taskhost.exe Token: SeSystemtimePrivilege 2208 taskhost.exe Token: SeProfSingleProcessPrivilege 2208 taskhost.exe Token: SeIncBasePriorityPrivilege 2208 taskhost.exe Token: SeCreatePagefilePrivilege 2208 taskhost.exe Token: SeBackupPrivilege 2208 taskhost.exe Token: SeRestorePrivilege 2208 taskhost.exe Token: SeShutdownPrivilege 2208 taskhost.exe Token: SeDebugPrivilege 2208 taskhost.exe Token: SeSystemEnvironmentPrivilege 2208 taskhost.exe Token: SeChangeNotifyPrivilege 2208 taskhost.exe Token: SeRemoteShutdownPrivilege 2208 taskhost.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
upx_compresser.exepid process 596 upx_compresser.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
WinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeupx_compresser.exetaskhost.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exeupx_compresser.exeWinLocker_Builder_0.4.exedescription pid process target process PID 4672 wrote to memory of 5004 4672 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 4672 wrote to memory of 5004 4672 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 4672 wrote to memory of 5004 4672 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 4672 wrote to memory of 1504 4672 WinLocker_Builder_0.4.exe upx_compresser.exe PID 4672 wrote to memory of 1504 4672 WinLocker_Builder_0.4.exe upx_compresser.exe PID 4672 wrote to memory of 1504 4672 WinLocker_Builder_0.4.exe upx_compresser.exe PID 1504 wrote to memory of 4052 1504 upx_compresser.exe upx_compresser.exe PID 1504 wrote to memory of 4052 1504 upx_compresser.exe upx_compresser.exe PID 1504 wrote to memory of 4052 1504 upx_compresser.exe upx_compresser.exe PID 5004 wrote to memory of 4140 5004 WinLocker_Builder_0.4.exe upx_compresser.exe PID 5004 wrote to memory of 4140 5004 WinLocker_Builder_0.4.exe upx_compresser.exe PID 5004 wrote to memory of 4140 5004 WinLocker_Builder_0.4.exe upx_compresser.exe PID 5004 wrote to memory of 2784 5004 WinLocker_Builder_0.4.exe upx_compresser.exe PID 5004 wrote to memory of 2784 5004 WinLocker_Builder_0.4.exe upx_compresser.exe PID 5004 wrote to memory of 2784 5004 WinLocker_Builder_0.4.exe upx_compresser.exe PID 2784 wrote to memory of 596 2784 upx_compresser.exe upx_compresser.exe PID 2784 wrote to memory of 596 2784 upx_compresser.exe upx_compresser.exe PID 2784 wrote to memory of 596 2784 upx_compresser.exe upx_compresser.exe PID 4052 wrote to memory of 1592 4052 upx_compresser.exe WinLocker_Builder_0.4.exe PID 4052 wrote to memory of 1592 4052 upx_compresser.exe WinLocker_Builder_0.4.exe PID 4052 wrote to memory of 1592 4052 upx_compresser.exe WinLocker_Builder_0.4.exe PID 1592 wrote to memory of 2208 1592 taskhost.exe taskhost.exe PID 1592 wrote to memory of 2208 1592 taskhost.exe taskhost.exe PID 1592 wrote to memory of 2208 1592 taskhost.exe taskhost.exe PID 4140 wrote to memory of 3140 4140 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 4140 wrote to memory of 3140 4140 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 4140 wrote to memory of 3140 4140 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 4140 wrote to memory of 3620 4140 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 4140 wrote to memory of 3620 4140 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 4140 wrote to memory of 3620 4140 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 3620 wrote to memory of 2228 3620 upx_compresser.exe upx_compresser.exe PID 3620 wrote to memory of 2228 3620 upx_compresser.exe upx_compresser.exe PID 3620 wrote to memory of 2228 3620 upx_compresser.exe upx_compresser.exe PID 3140 wrote to memory of 1072 3140 WinLocker_Builder_0.4.exe upx_compresser.exe PID 3140 wrote to memory of 1072 3140 WinLocker_Builder_0.4.exe upx_compresser.exe PID 3140 wrote to memory of 1072 3140 WinLocker_Builder_0.4.exe upx_compresser.exe PID 3140 wrote to memory of 1800 3140 WinLocker_Builder_0.4.exe upx_compresser.exe PID 3140 wrote to memory of 1800 3140 WinLocker_Builder_0.4.exe upx_compresser.exe PID 3140 wrote to memory of 1800 3140 WinLocker_Builder_0.4.exe upx_compresser.exe PID 1800 wrote to memory of 332 1800 upx_compresser.exe upx_compresser.exe PID 1800 wrote to memory of 332 1800 upx_compresser.exe upx_compresser.exe PID 1800 wrote to memory of 332 1800 upx_compresser.exe upx_compresser.exe PID 1072 wrote to memory of 1444 1072 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 1072 wrote to memory of 1444 1072 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 1072 wrote to memory of 1444 1072 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 1072 wrote to memory of 4612 1072 WinLocker_Builder_0.4.exe upx_compresser.exe PID 1072 wrote to memory of 4612 1072 WinLocker_Builder_0.4.exe upx_compresser.exe PID 1072 wrote to memory of 4612 1072 WinLocker_Builder_0.4.exe upx_compresser.exe PID 4612 wrote to memory of 4992 4612 upx_compresser.exe upx_compresser.exe PID 4612 wrote to memory of 4992 4612 upx_compresser.exe upx_compresser.exe PID 4612 wrote to memory of 4992 4612 upx_compresser.exe upx_compresser.exe PID 1444 wrote to memory of 3196 1444 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 1444 wrote to memory of 3196 1444 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 1444 wrote to memory of 3196 1444 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 1444 wrote to memory of 1536 1444 WinLocker_Builder_0.4.exe upx_compresser.exe PID 1444 wrote to memory of 1536 1444 WinLocker_Builder_0.4.exe upx_compresser.exe PID 1444 wrote to memory of 1536 1444 WinLocker_Builder_0.4.exe upx_compresser.exe PID 1536 wrote to memory of 840 1536 upx_compresser.exe upx_compresser.exe PID 1536 wrote to memory of 840 1536 upx_compresser.exe upx_compresser.exe PID 1536 wrote to memory of 840 1536 upx_compresser.exe upx_compresser.exe PID 3196 wrote to memory of 1840 3196 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 3196 wrote to memory of 1840 3196 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 3196 wrote to memory of 1840 3196 WinLocker_Builder_0.4.exe WinLocker_Builder_0.4.exe PID 3196 wrote to memory of 2084 3196 WinLocker_Builder_0.4.exe upx_compresser.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4672 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5004 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4140 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3140 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1072 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1444 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3196 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"8⤵
- Checks computer location settings
- Executes dropped EXE
PID:1840 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3536 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"10⤵
- Executes dropped EXE
PID:628 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"11⤵
- Checks computer location settings
- Executes dropped EXE
PID:684 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
PID:1860 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"13⤵
- Checks computer location settings
- Executes dropped EXE
PID:4156 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"14⤵
- Checks computer location settings
- Executes dropped EXE
PID:1084 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"15⤵
- Checks computer location settings
- Executes dropped EXE
PID:4332 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"16⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1592 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"17⤵
- Checks computer location settings
- Executes dropped EXE
PID:836 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"18⤵
- Checks computer location settings
- Executes dropped EXE
PID:4756 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"19⤵
- Checks computer location settings
- Executes dropped EXE
PID:1132 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"20⤵
- Checks computer location settings
- Executes dropped EXE
PID:2172 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"21⤵
- Executes dropped EXE
PID:1932 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"22⤵
- Checks computer location settings
- Executes dropped EXE
PID:3600 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"23⤵
- Checks computer location settings
PID:3136 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"24⤵
- Checks computer location settings
PID:3640 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"25⤵
- Checks computer location settings
PID:1160 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"26⤵
- Checks computer location settings
PID:3264 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"27⤵PID:3568
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"28⤵
- Checks computer location settings
PID:228 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"29⤵
- Checks computer location settings
PID:4632 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"30⤵
- Checks computer location settings
PID:3168 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"31⤵
- Checks computer location settings
PID:2952 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"32⤵
- Checks computer location settings
PID:3636 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"33⤵
- Checks computer location settings
PID:4364 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"34⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:3140 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"35⤵
- Checks computer location settings
PID:2096 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"36⤵
- System Location Discovery: System Language Discovery
PID:4492 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"37⤵
- Checks computer location settings
PID:400 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"38⤵
- System Location Discovery: System Language Discovery
PID:2240 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"39⤵
- Checks computer location settings
PID:3692 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"40⤵
- Checks computer location settings
PID:2132 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"41⤵PID:2056
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"42⤵
- Checks computer location settings
PID:4916 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"43⤵PID:2460
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"44⤵PID:2488
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"45⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:2784 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"46⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:3016 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"47⤵
- Checks computer location settings
PID:3620 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"48⤵PID:3656
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"49⤵
- System Location Discovery: System Language Discovery
PID:1700 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"50⤵
- Checks computer location settings
PID:4184 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"51⤵
- Checks computer location settings
PID:1632 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"52⤵
- Checks computer location settings
PID:216 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"53⤵
- Checks computer location settings
PID:3968 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"54⤵PID:932
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"55⤵
- Checks computer location settings
PID:844 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"56⤵
- System Location Discovery: System Language Discovery
PID:4460 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"57⤵PID:3584
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"58⤵
- Checks computer location settings
PID:2008 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"59⤵
- System Location Discovery: System Language Discovery
PID:3428 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"60⤵
- Checks computer location settings
PID:4336 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"61⤵
- Checks computer location settings
PID:3164 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"62⤵
- Checks computer location settings
PID:4804 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"63⤵
- Checks computer location settings
PID:2812 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"64⤵
- System Location Discovery: System Language Discovery
PID:2068 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"65⤵
- Checks computer location settings
PID:2124 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"66⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:1304 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"67⤵
- Checks computer location settings
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"68⤵PID:2752
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"69⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:2012 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"70⤵PID:1860
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"71⤵
- Checks computer location settings
PID:3436 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"72⤵
- Checks computer location settings
PID:3816 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"73⤵
- System Location Discovery: System Language Discovery
PID:3168 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"74⤵PID:4116
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"75⤵
- Checks computer location settings
PID:3208 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"76⤵
- Checks computer location settings
PID:2604 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"77⤵PID:3656
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"78⤵PID:920
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"79⤵
- Checks computer location settings
PID:1500 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"80⤵
- Checks computer location settings
PID:4656 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"81⤵
- Checks computer location settings
PID:552 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"82⤵PID:3180
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"83⤵PID:4548
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"84⤵
- System Location Discovery: System Language Discovery
PID:2420 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"85⤵
- Checks computer location settings
PID:3288 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"86⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:4312 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"87⤵
- Checks computer location settings
PID:3724 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"88⤵
- Checks computer location settings
PID:3884 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"89⤵
- Checks computer location settings
PID:4372 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"90⤵PID:636
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"91⤵PID:3948
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"92⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:4088 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"93⤵PID:2492
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"94⤵
- System Location Discovery: System Language Discovery
PID:3592 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"95⤵PID:60
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"96⤵PID:684
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"97⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"98⤵PID:4528
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"99⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:3132 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"100⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:1264 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"101⤵
- Checks computer location settings
PID:5088 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"102⤵PID:1844
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"103⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:4612 -
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"104⤵PID:1388
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"105⤵PID:1840
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"106⤵PID:5072
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"107⤵PID:932
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"108⤵PID:1004
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"109⤵PID:4332
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"110⤵PID:2080
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"111⤵PID:4256
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"112⤵PID:4664
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"113⤵PID:2944
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"114⤵PID:3016
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"115⤵PID:1072
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"116⤵PID:2064
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"117⤵PID:1388
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"118⤵PID:1840
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"119⤵PID:1140
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"120⤵PID:3748
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"121⤵PID:716
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"122⤵PID:3204
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"123⤵PID:224
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"124⤵PID:1484
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"125⤵PID:4364
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"126⤵PID:2032
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"127⤵PID:3704
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"128⤵PID:3272
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"129⤵PID:3252
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"130⤵PID:5072
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"131⤵PID:2276
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"132⤵PID:212
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"133⤵PID:4632
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"134⤵PID:2908
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"135⤵PID:2784
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"136⤵PID:4040
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"137⤵PID:2944
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"138⤵PID:784
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"139⤵PID:4184
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"140⤵PID:1896
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"141⤵PID:2152
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"142⤵PID:2452
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"143⤵PID:2276
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"144⤵PID:32
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"145⤵PID:428
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"146⤵PID:224
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"147⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"148⤵PID:4372
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"149⤵PID:2124
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"150⤵PID:3272
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"151⤵PID:2448
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"152⤵PID:2600
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"153⤵PID:1528
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"154⤵PID:3512
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"155⤵PID:2528
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"156⤵PID:3912
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"157⤵PID:2952
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"158⤵PID:2936
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"159⤵PID:2812
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"160⤵PID:1652
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"161⤵PID:1380
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"162⤵PID:2972
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"163⤵PID:5044
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"164⤵PID:716
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"165⤵PID:4480
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"166⤵PID:4532
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"167⤵PID:1844
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"168⤵PID:3924
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"169⤵PID:1608
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"170⤵PID:4064
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"171⤵PID:3536
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"172⤵PID:932
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"173⤵PID:1860
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"174⤵PID:1864
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"175⤵PID:1556
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"176⤵PID:224
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"177⤵PID:3884
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"178⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"179⤵PID:4612
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"180⤵PID:4908
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"181⤵PID:3776
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"182⤵PID:4296
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"183⤵PID:4628
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"184⤵PID:1708
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"185⤵PID:1204
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"186⤵PID:4968
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"187⤵PID:2032
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"188⤵PID:1536
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"189⤵PID:1380
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"190⤵PID:1304
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"191⤵PID:3180
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"192⤵PID:624
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"193⤵PID:4116
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"194⤵PID:1264
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"195⤵PID:4372
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"196⤵PID:3196
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"197⤵PID:4792
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"198⤵PID:2752
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"199⤵PID:1704
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"200⤵PID:4528
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"201⤵PID:972
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"202⤵PID:2080
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"203⤵PID:5008
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"204⤵PID:3884
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"205⤵PID:4184
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"206⤵PID:1896
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"207⤵PID:3704
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"208⤵PID:1792
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"209⤵PID:2264
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"210⤵PID:3816
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"211⤵PID:1316
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"212⤵PID:2440
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"213⤵PID:3884
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"214⤵PID:4792
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"215⤵PID:1256
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"216⤵PID:4460
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"217⤵PID:1576
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"218⤵PID:4044
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"219⤵PID:5008
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"220⤵PID:4228
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"221⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"222⤵PID:3276
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"223⤵PID:3180
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"224⤵PID:5108
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"225⤵PID:5100
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"226⤵PID:972
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"227⤵PID:1040
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"228⤵PID:1500
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"229⤵PID:3948
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"230⤵PID:4792
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"231⤵PID:768
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"232⤵PID:2264
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"233⤵PID:936
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"234⤵PID:944
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"235⤵PID:1704
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"236⤵PID:4032
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"237⤵PID:1804
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"238⤵PID:1484
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"239⤵PID:2172
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"240⤵PID:1028
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"241⤵PID:2448
-
C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"242⤵PID:116