Loading ...

Analysis Report facture_4739149_08.26.2018.exe

Overview

General Information

Joe Sandbox Version:23.0.0
Analysis ID:74679
Start date:29.08.2018
Start time:19:00:21
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 11m 50s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:facture_4739149_08.26.2018.exe
Cookbook file name:default.jbs
Analysis system description:Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1)
Number of analysed new started processes analysed:7
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • HCA enabled
  • EGA enabled
  • HDC enabled
Analysis stop reason:Timeout
Detection:MAL
Classification:mal100.spyw.evad.winEXE@7/2081@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:
  • Successful, ratio: 10.9% (good quality ratio 10.4%)
  • Quality average: 69.8%
  • Quality standard deviation: 32.1%
HCA Information:
  • Successful, ratio: 81%
  • Number of executed functions: 233
  • Number of non-executed functions: 193
Cookbook Comments:
  • Adjust boot time
  • Found application associated with file extension: .exe
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtQueryDirectoryFile calls found.
  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
  • Report size getting too big, too many NtReadFile calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.
  • Report size getting too big, too many NtWriteFile calls found.

Detection

StrategyScoreRangeReportingDetection
Threshold1000 - 100Report FP / FNmalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior



Signature Overview

Click to jump to signature section


AV Detection:

barindex
Antivirus detection for dropped fileShow sources
Source: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-LI0FO.tmpAvira: Label: TR/FileCoder.srntu
Antivirus detection for submitted fileShow sources
Source: facture_4739149_08.26.2018.exeAvira: Label: TR/FileCoder.qqkfi
Multi AV Scanner detection for submitted fileShow sources
Source: facture_4739149_08.26.2018.exevirustotal: Detection: 54%Perma Link
Antivirus detection for unpacked fileShow sources
Source: 3.0.lockyfud.exe.110000.1.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 3.0.lockyfud.exe.110000.2.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 3.0.lockyfud.exe.110000.3.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 1.3.facture_4739149_08.26.2018.exe.1328000.0.unpackAvira: Label: TR/Patched.Ren.Gen
Source: 3.0.lockyfud.exe.110000.4.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 4.1.lockyfud.exe.110000.0.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 3.1.lockyfud.exe.110000.0.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 4.0.lockyfud.exe.110000.0.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 3.0.lockyfud.exe.110000.0.unpackAvira: Label: TR/ATRAPS.Gen4

Cryptography:

barindex
Uses Microsoft's Enhanced Cryptographic ProviderShow sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_67AAE920 Py_Finalize,PyType_ClearCache,PyImport_Cleanup,free,PyInterpreterState_Clear,_PyExc_Fini,TlsFree,PyInterpreterState_Delete,PyMethod_ClearFreeList,PyFrame_ClearFreeList,PyCFunction_ClearFreeList,PyTuple_ClearFreeList,PyList_Fini,PySet_Fini,PyString_Fini,PyInt_Fini,PyFloat_Fini,PyDict_Fini,CryptReleaseContext,3_1_67AAE920
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_67AB14D0 _PyRandom_Fini,CryptReleaseContext,3_1_67AB14D0

Spreading:

barindex
Enumerates the file systemShow sources
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeFile opened: C:\Users\SAMTAR~1\Jump to behavior
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeFile opened: C:\Users\SAMTAR~1\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpJump to behavior
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeFile opened: C:\Users\SAMTAR~1\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeFile opened: C:\Users\SAMTAR~1\AppData\Local\Temp\is-31JDU.tmp\Jump to behavior
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeFile opened: C:\Users\SAMTAR~1\AppData\Local\Temp\Jump to behavior
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeFile opened: C:\Users\SAMTAR~1\AppData\Jump to behavior
Shows file infection / information gathering behavior (enumerates multiple directory for files)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeDirectory queried: number of queries: 1016
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00476120 FindFirstFileA,FindNextFileA,FindClose,2_2_00476120
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004648D0 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_004648D0
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00464D4C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00464D4C
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004531A4 FindFirstFileA,GetLastError,2_2_004531A4
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00463344 FindFirstFileA,FindNextFileA,FindClose,2_2_00463344
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0049998C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_2_0049998C
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_00476120 FindFirstFileA,FindNextFileA,FindClose,2_1_00476120
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004648D0 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_1_004648D0
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_00464D4C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_1_00464D4C
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004531A4 FindFirstFileA,GetLastError,2_1_004531A4
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_00463344 FindFirstFileA,FindNextFileA,FindClose,2_1_00463344
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_0049998C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_1_0049998C
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_00127107 FindFirstFileExW,3_1_00127107
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_0011E243 FindFirstFileExW,GetLastError,FindNextFileW,GetLastError,3_1_0011E243
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_679C1D00 _PyArg_ParseTuple_SizeT,malloc,PyErr_NoMemory,_PyObject_GC_Malloc,Py_FatalError,PyEval_SaveThread,FindFirstFileW,PyEval_RestoreThread,GetLastError,free,free,PyUnicodeUCS2_FromUnicode,PyList_Append,PyEval_SaveThread,FindNextFileW,PyEval_RestoreThread,FindClose,GetLastError,FindClose,free,free,PyErr_Clear,_PyArg_ParseTuple_SizeT,_PyObject_GC_Malloc,Py_FatalError,PyEval_SaveThread,FindFirstFileA,PyEval_RestoreThread,GetLastError,PyString_FromString,PyList_Append,PyEval_SaveThread,FindNextFileA,PyEval_RestoreThread,GetLastError,FindClose,FindClose,3_1_679C1D00
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_67A98040 getenv,FindFirstFileA,PyErr_Format,FindClose,strncmp,3_1_67A98040
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_679C1240 FindFirstFileW,FindClose,3_1_679C1240
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_679C11A0 FindFirstFileA,FindClose,3_1_679C11A0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_00127107 FindFirstFileExW,4_1_00127107
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_0011E243 FindFirstFileExW,GetLastError,FindNextFileW,GetLastError,4_1_0011E243
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_1E8C1F60 PyArg_ParseTuple,?PyWinObject_AsString@@YAHPAU_object@@PAPADHPAK@Z,PyList_New,FindFirstFileA,GetLastError,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,PyList_Append,?PyObject_FromWIN32_FIND_DATAA@@YAPAU_object@@PAU_WIN32_FIND_DATAA@@@Z,PyList_Append,FindNextFileA,GetLastError,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,?PyWinObject_FreeString@@YAXPAD@Z,FindClose,4_1_1E8C1F60
Contains functionality to query local drivesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_1E8C3A00 PyArg_ParseTuple,GetLogicalDriveStringsA,GetLogicalDriveStringsA,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,__alloca_probe_16,GetLogicalDriveStringsA,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,?PyWinObject_FromTCHAR@@YAPAU_object@@PBDH@Z,4_1_1E8C3A00

Software Vulnerabilities:

barindex
Found inlined nop instructions (likely shell or obfuscated code)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4x nop then movd mm0, dword ptr [edx]4_1_6833DF30

Networking:

barindex
Found Tor onion addressShow sources
Source: lockyfud.exe, 00000003.00000003.1734107340.01DF3000.00000004.sdmpString found in binary or memory: 2* Browse to URL : http://4wcgqlckaazugwzm.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1734107340.01DF3000.00000004.sdmpString found in binary or memory: Click on support at http://4wcgqlckaazugwzm.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1734107340.01DF3000.00000004.sdmpString found in binary or memory: l'URL: http://4wcgqlckaazugwzm.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1734107340.01DF3000.00000004.sdmpString found in binary or memory: http://4wcgqlckaazugwzm.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1734107340.01DF3000.00000004.sdmpString found in binary or memory: 2 * Passa a URL: http://4wcgqlckaazugwzm.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1734107340.01DF3000.00000004.sdmpString found in binary or memory: Clicca sul supporto in http://4wcgqlckaazugwzm.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1734107340.01DF3000.00000004.sdmpString found in binary or memory: : http://4wcgqlckaazugwzm.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1734107340.01DF3000.00000004.sdmpString found in binary or memory: http://4wcgqlckaazugwzm.onion/index.php
Source: messages.json22.4.drString found in binary or memory: 2* Browse to URL : http://4wcgqlckaazugwzm.onion/index.php
Source: messages.json22.4.drString found in binary or memory: Click on support at http://4wcgqlckaazugwzm.onion/index.php
Source: messages.json22.4.drString found in binary or memory: l'URL: http://4wcgqlckaazugwzm.onion/index.php
Source: messages.json22.4.drString found in binary or memory: http://4wcgqlckaazugwzm.onion/index.php
Source: messages.json22.4.drString found in binary or memory: 2 * Passa a URL: http://4wcgqlckaazugwzm.onion/index.php
Source: messages.json22.4.drString found in binary or memory: Clicca sul supporto in http://4wcgqlckaazugwzm.onion/index.php
Source: messages.json22.4.drString found in binary or memory: : http://4wcgqlckaazugwzm.onion/index.php
Source: messages.json22.4.drString found in binary or memory: http://4wcgqlckaazugwzm.onion/index.php
Downloads filesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat.lockedfileJump to behavior
Found strings which match to known social media urlsShow sources
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: GSign in bei Hotmail, Outlook Login, Skype, Messenger equals www.hotmail.com (Hotmail)
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: eu-west-1.dc.ads.linkedin.com equals www.linkedin.com (Linkedin)
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: eu-west-1.dc.ads.linkedin.comi equals www.linkedin.com (Linkedin)
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: www.linkedin.comv equals www.linkedin.com (Linkedin)
Urls found in memory or binary dataShow sources
Source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, is-QCTR5.tmp.2.drString found in binary or memory: ftp://ftp.unicode.org/.
Source: is-LSEIO.tmp.2.dr, is-IC0R8.tmp.2.drString found in binary or memory: ftp://http://HTTP/1.0
Source: messages.json22.4.drString found in binary or memory: http://4wcgqlckaazugwzm.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://acdn.adnxs.com/ast/ast.js
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://cdn.at.atwola.com/_media/uac/msn.html
Source: facture_4739149_08.26.2018.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: facture_4739149_08.26.2018.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: facture_4739149_08.26.2018.exeString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://dmp.theadex.com/d/104/2491/s/adex.js
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://ib.adnxs.com/async_usersync_file
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://images.outbrain.com/Imaginarium/api/uuid/413791dab9689799c9c94cec947a8178e44007b915d9a5ce9d44
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://images.outbrain.com/Imaginarium/api/uuid/a763706fde10166a27a1114b20be4d711ccbaf20f40a78a45ca5
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://images.outbrain.com/Imaginarium/api/uuid/d83f8a7cfcd82e9c8c736ca4747c97cb246a528b19e2e2bf77a1
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://images.outbrain.com/Imaginarium/api/uuid/fcf5f4f4357518034f40168a99caf4dd9913cfc257e7adefbf5c
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://imagesrv.adition.com/
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://imagesrv.adition.com/js/acb/uid.html
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://imagesrv.adition.com/w3c/p3p.xml
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA3e1oO.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA3e1oO?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA61AKN.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA61AKN?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA61ILp.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA61ILp?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAcN2Ks.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAcN2Ks?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAdAVrM.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAdAVrM?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAn7gKR.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAn7gKR?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApAPgh.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApAPgh?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApB4jz.img?h=250&w=300&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApB4jz?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApCE9J.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApCE9J?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApCQZU.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApCQZU?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApCoZn.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApCoZn?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApCrYd.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApCrYd?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApCwgN.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApCwgN?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApEbQ6.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApEbQ6?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApEekh.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApEekh?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApH0Jk.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApH0Jk?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApH8te.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApH8te?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApHANK.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApHANK?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApHAua.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApHAua?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApHGEb.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApHGEb?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApHMTt.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApHMTt?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApHj6w.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApHj6w?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApHnIs.img?h=250&w=300&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApHnIs?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAprk0m.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAprk0m?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApt5xt.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApt5xt?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApyba8.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AApyba8?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1kvzy.img?m=6&o=true&u=true&n=true&w=30&h=3
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1kvzy?m=6&o=true&u=true&n=true&w=30&h=30
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB46JmN.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB46JmN?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB5zDwX.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB5zDwX?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB8jcOr.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB8jcOr?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBih5H.img?m=6&o=true&u=true&n=true&w=30&h=30
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBih5H?m=6&o=true&u=true&n=true&w=30&h=30
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBo1lFJ.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBo1lFJ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBs47TE.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBs47TE?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://o.aolcdn.com/ads/adswrappermsni.js
Source: facture_4739149_08.26.2018.exeString found in binary or memory: http://ocsp.comodoca.com0
Source: facture_4739149_08.26.2018.exeString found in binary or memory: http://ocsp.thawte.com0
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://odb.outbrain.com/utils/get?settings=true&recs=true&key=MSNUSGLOO9FDG30J7ND6CBC2D&apv=false&fo
Source: is-E1S4I.tmp.2.drString found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: facture_4739149_08.26.2018.exe, 00000001.00000002.1687768468.0012D000.00000004.sdmpString found in binary or memory: http://schemas.4B004E4ft.com/SMI/2005/WindowsSettings
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://static-hp-neu-s-msn-com.akamaized.net/_h/975a7d20/webcore/externalscripts/jquery/jquery-2.1.1
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://static-hp-neu-s-msn-com.akamaized.net/de-de/homepage/_sc/css/f15f847b-2dbea935/direction=ltr.
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://static-hp-neu-s-msn-com.akamaized.net/de-de/homepage/_sc/js/f15f847b-90a3b448/direction=ltr.l
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmp, lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://static-hp-neu-s-msn-com.akamaized.net/sc/2b/a5ea21.ico
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://static-hp-neu-s-msn-com.akamaized.net/sc/6b/7fe9d7.woff
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://static-hp-neu-s-msn-com.akamaized.net/sc/9b/e151e5.gif
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://static.chartbeat.com/js/chartbeat.js
Source: facture_4739149_08.26.2018.exeString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: facture_4739149_08.26.2018.exeString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: facture_4739149_08.26.2018.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.js
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://widgets.outbrain.com/external/publishers/msn/MSNOBCore.min.js
Source: facture_4739149_08.26.2018.tmp, facture_4739149_08.26.2018.tmp, 00000002.00000000.1619498821.00401000.00000020.sdmp, facture_4739149_08.26.2018.tmp.1.drString found in binary or memory: http://www.innosetup.com/
Source: facture_4739149_08.26.2018.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: facture_4739149_08.26.2018.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://www.msn.com/
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: http://www.msn.com/advertisement.ad.js
Source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, lockyfud.exe, is-OMRQK.tmp.2.drString found in binary or memory: http://www.openssl.org/support/faq.html
Source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, is-OMRQK.tmp.2.drString found in binary or memory: http://www.openssl.org/support/faq.htmlC:
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: http://www.outbrain.com/w3c/p3p.xml
Source: facture_4739149_08.26.2018.exe, 00000001.00000003.1617957044.01410000.00000004.sdmp, facture_4739149_08.26.2018.tmp, facture_4739149_08.26.2018.tmp.1.drString found in binary or memory: http://www.remobjects.com/ps
Source: facture_4739149_08.26.2018.exe, 00000001.00000003.1617957044.01410000.00000004.sdmp, facture_4739149_08.26.2018.tmp, 00000002.00000000.1619498821.00401000.00000020.sdmp, facture_4739149_08.26.2018.tmp.1.drString found in binary or memory: http://www.remobjects.com/psU
Source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, is-QCTR5.tmp.2.drString found in binary or memory: http://www.unicode.org/reports/tr44/tr44-4.html).
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://ad13.adfarm1.adition.com/js?wp_id=3554000&kid=1957552&timestamp=130158133&clickurl=http://uk
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: https://ad13.adfarm1.adition.com/js?wp_id=3554000&kid=1957552&timestamp=198669337&clickurl=http://uk
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: https://ad13.adfarm1.adition.com/js?wp_id=3560083&kid=1972412&ts=6451894159751119508&clickurl=http%3
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://ad13.adfarm1.adition.com/js?wp_id=3560083&kid=2032876&ts=6451599911541932692&clickurl=http%3
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://adventori.com/tracker/cookieSync?url=https%3A%2F%2Fdmp.theadex.com%2Fd%2F104%2Fi%2F2.gif%3Fa
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.8.3.min.js
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://cdn.optimizely.com/js/1715500327.js
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://dmp.theadex.com/d/104/i/2.gif?axd_pid=14&axd_fuid=6451599911541736084&c=1001114292022460115
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://dmp.theadex.com/d/104/i/2.gif?axd_pid=80&axd_fuid=aoL6IHudEeerfNt8Xp2czA&c=10011142920224601
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://dmp.theadex.com/r/104/2491/?c=1001114292022460115
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fdmp.theadex.com%2Fd%2F104%2Fi%2F2.gif
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://f21.adventori.com/tracker/cookieSync?url=https%3A%2F%2Fdmp.theadex.com%2Fd%2F104%2Fi%2F2.gif
Source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1635526812.0011D000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1671403714.1E262000.00000002.sdmp, is-9F1O1.tmp.2.drString found in binary or memory: https://github.com/mhammond/pywin320
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://imagesrv.adition.com/banners/3142/files/00/0e/2d/5e/000000929118.gif
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: https://imagesrv.adition.com/banners/3142/files/00/0f/01/66/000000983398.gif
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: https://imagesrv.adition.com/js/adition.js
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: https://imagesrv.adition.com/w3c/p3p-ssl.xml
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1502130156&rver=6.7.6643.0&wp=l
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1502198667&rver=6.7.6643.0&wp=l
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: https://s1.adform.net/Banners/19915604/19915604.gif?bv=0
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://s1.adform.net/Banners/19915610/19915610.gif?bv=0
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: https://s1.adform.net/stoat/599/s1.adform.net/bootstrap.js
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://s1.adform.net/stoat/599/s1.adform.net/load/v/0.0.128/e/-gADQI/i/8IF-EAAAAQAA/r:AdConstructor
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: https://s1.adform.net/stoat/599/s1.adform.net/load/v/0.0.129/e/-gADQI/i/8IF-ACAAAQAA/r:AdConstructor
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://sync.smartadserver.com/getuid?url=https%3a%2f%2fdmp.theadex.com%2fd%2f104%2fi%2f2.gif%3faxd_
Source: lockyfud.exe, 00000003.00000003.1721617008.02070000.00000004.sdmpString found in binary or memory: https://track.adform.net/serving/cookie/thirdparty/?uid=-5970635712786513784
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: https://track.adform.net/serving/cookie/thirdparty/?uid=-5970635712786513808
Source: lockyfud.exe, 00000003.00000003.1721970417.020C3000.00000004.sdmpString found in binary or memory: https://www.msn.com/de-de/homepage/secure/silentpassport?secure=false&lc=1031

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Contains functionality to retrieve information about pressed keystrokesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_1E8C36D0 PyArg_ParseTuple,PyEval_SaveThread,GetKeyboardState,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,PyString_FromStringAndSize,4_1_1E8C36D0

System Summary:

barindex
Dropped file seen in connection with other malwareShow sources
Source: Joe Sandbox ViewDropped File: C:\Users\SAMTAR~1\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmp 5DD8F4AE39FAACE0FDF6154928486391F8C9C1B0889AA52381BDD23A7526D7F4
Source: Joe Sandbox ViewDropped File: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-2QCLA.tmp 6758A9C2B31BE12BDC2A880529B76B5136DF15A9EC62E4B5FDC6C00491F1008E
Source: Joe Sandbox ViewDropped File: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-62R5D.tmp 76FEB496B9FAE98411C6F4764C535D5485A3A8DBBCEB9C2BBDC88C480EABC68A
Source: Joe Sandbox ViewDropped File: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-8KK51.tmp 5BCE3764A69E4C7D6806B53FACD462C17B2706FCE3DF3AC8B13C123D7BAABC36
Source: Joe Sandbox ViewDropped File: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-9F1O1.tmp BC87365EDEF25EDB46D8E3A1CF9964AA743533A0D8F85B2591148E49F5D2C7C8
Source: Joe Sandbox ViewDropped File: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-BAI7G.tmp D99399BD6CA916C0490AF907FB06530839D0797B18A997ED5C091393FC2292F8
Source: Joe Sandbox ViewDropped File: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-BQIP3.tmp F0C6D50AA6012F7F2E7185EC6FEE52BF018BF4B8D8692D2D95B5FCE64E6B6411
Abnormal high CPU UsageShow sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeProcess Stats: CPU usage > 98%
Contains functionality to communicate with device driversShow sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0042ED84: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,2_2_0042ED84
Contains functionality to shutdown / reboot the systemShow sources
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_2_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004098E8
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_1_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_1_004098E8
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_00455D80
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_1_00455D80
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_1E8C3FA0 PyArg_ParseTuple,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,_Py_NoneStruct,_Py_NoneStruct,4_1_1E8C3FA0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_1E8C3F10 PyArg_ParseTuple,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,_Py_NoneStruct,_Py_NoneStruct,4_1_1E8C3F10
Detected potential crypto functionShow sources
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_2_004088881_2_00408888
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_1_004088881_1_00408888
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004680342_2_00468034
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00444F102_2_00444F10
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004716882_2_00471688
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004880302_2_00488030
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0046A0882_2_0046A088
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004521002_2_00452100
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0043E1F02_2_0043E1F0
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004307FC2_2_004307FC
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004449682_2_00444968
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00434A642_2_00434A64
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00488F902_2_00488F90
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004313882_2_00431388
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004456082_2_00445608
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0048F6BC2_2_0048F6BC
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004357682_2_00435768
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0045F8C02_2_0045F8C0
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0045B9702_2_0045B970
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00445A142_2_00445A14
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004680342_1_00468034
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_00444F102_1_00444F10
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004716882_1_00471688
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004880302_1_00488030
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_0046A0882_1_0046A088
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004521002_1_00452100
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_0043E1F02_1_0043E1F0
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004307FC2_1_004307FC
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004449682_1_00444968
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_00434A642_1_00434A64
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_00488F902_1_00488F90
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004313882_1_00431388
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004456082_1_00445608
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_0048F6BC2_1_0048F6BC
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004357682_1_00435768
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_0045F8C02_1_0045F8C0
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_0045B9702_1_0045B970
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_00445A142_1_00445A14
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_0012E88F3_1_0012E88F
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_0011B9053_1_0011B905
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_001171D03_1_001171D0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_001292503_1_00129250
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_00116A603_1_00116A60
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_0011BB343_1_0011BB34
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_00114DB03_1_00114DB0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_001296FE3_1_001296FE
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_001157683_1_00115768
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_679E02403_1_679E0240
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_67A748C03_1_67A748C0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_679C1D003_1_679C1D00
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_67A585E03_1_67A585E0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_679DA2403_1_679DA240
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_679821A03_1_679821A0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_679A0DE13_1_679A0DE1
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_67A9A9703_1_67A9A970
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_67A597203_1_67A59720
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_679B54903_1_679B5490
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_679813003_1_67981300
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_679813013_1_67981301
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_0012E88F4_1_0012E88F
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_0011B9054_1_0011B905
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_001171D04_1_001171D0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_001292504_1_00129250
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_00116A604_1_00116A60
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_0011BB344_1_0011BB34
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_00114DB04_1_00114DB0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_001296FE4_1_001296FE
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_001157684_1_00115768
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682AE8A04_1_682AE8A0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683369304_1_68336930
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682C09304_1_682C0930
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683389104_1_68338910
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683529104_1_68352910
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682D6A604_1_682D6A60
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682D4B204_1_682D4B20
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_68320B704_1_68320B70
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682B6B404_1_682B6B40
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_68336BB04_1_68336BB0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682D4BBC4_1_682D4BBC
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682D4BF84_1_682D4BF8
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682D6CA04_1_682D6CA0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_68336C804_1_68336C80
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6834CCC04_1_6834CCC0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6834AD404_1_6834AD40
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_68338DD04_1_68338DD0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682C2E604_1_682C2E60
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_68336EA04_1_68336EA0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682B00204_1_682B0020
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682B00C04_1_682B00C0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6834E1004_1_6834E100
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682BE1604_1_682BE160
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683381404_1_68338140
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683561404_1_68356140
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682B01504_1_682B0150
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682CC1D04_1_682CC1D0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683381CC4_1_683381CC
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683362B04_1_683362B0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683363AB4_1_683363AB
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6834E4604_1_6834E460
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682BE6E04_1_682BE6E0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683027804_1_68302780
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683527E04_1_683527E0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682ED8004_1_682ED800
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683518404_1_68351840
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683378904_1_68337890
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6834D8904_1_6834D890
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683359104_1_68335910
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682A19604_1_682A1960
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6832F9B04_1_6832F9B0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_68301AB04_1_68301AB0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682AFB004_1_682AFB00
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_68353B804_1_68353B80
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682BDCB04_1_682BDCB0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6834DCC04_1_6834DCC0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682C3D204_1_682C3D20
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682C7D204_1_682C7D20
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682AFDD04_1_682AFDD0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6834DE004_1_6834DE00
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682AFE704_1_682AFE70
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6832FE404_1_6832FE40
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_68337EF04_1_68337EF0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682AFF104_1_682AFF10
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_68351F604_1_68351F60
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6834DF804_1_6834DF80
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683550F04_1_683550F0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683370C04_1_683370C0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683372A04_1_683372A0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683512A94_1_683512A9
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682A12D04_1_682A12D0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6834D3004_1_6834D300
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682ED3B04_1_682ED3B0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6834B4324_1_6834B432
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_6835745D4_1_6835745D
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683554974_1_68355497
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682BD4F04_1_682BD4F0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683214C04_1_683214C0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682B95204_1_682B9520
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683515604_1_68351560
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683315404_1_68331540
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682F55C04_1_682F55C0
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682FD6004_1_682FD600
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683376004_1_68337600
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_682FB6104_1_682FB610
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683056604_1_68305660
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683316804_1_68331680
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 4_1_683357304_1_68335730
Found potential string decryption / allocating functionsShow sources
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: String function: 00403198 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 1E204160 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 67A8FF10 appears 401 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 682A4F50 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 67A92750 appears 55 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 67A9D260 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 00118110 appears 88 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 00125FEF appears 58 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 682A4220 appears 1169 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 67A17050 appears 97 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 682A8440 appears 170 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 67A95340 appears 52 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 682ABC20 appears 142 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 67AB0900 appears 179 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 1E7A9F20 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 001118F0 appears 58 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 67A9E140 appears 64 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 67A92780 appears 76 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 67A8F420 appears 396 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 67A3C530 appears 223 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 00111A00 appears 62 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 1E211DE0 appears 248 times
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: String function: 682A7060 appears 51 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00446274 appears 90 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 0040596C appears 228 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00453AAC appears 194 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 0043497C appears 64 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00458718 appears 158 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00403400 appears 124 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 0040905C appears 90 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00405954 appears 48 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 004035C0 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00407D44 appears 86 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 0046FC5C appears 36 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00403738 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00446544 appears 116 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 0045850C appears 200 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00453C04 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00403494 appears 168 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 0040357C appears 66 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00406F14 appears 90 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00402B58 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00453C18 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: String function: 00403684 appears 458 times
PE file contains executable resources (Code or Archives)Show sources
Source: facture_4739149_08.26.2018.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: facture_4739149_08.26.2018.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: facture_4739149_08.26.2018.tmp.1.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
PE file contains strange resourcesShow sources
Source: facture_4739149_08.26.2018.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: facture_4739149_08.26.2018.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: facture_4739149_08.26.2018.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: facture_4739149_08.26.2018.tmp.1.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: facture_4739149_08.26.2018.tmp.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: facture_4739149_08.26.2018.tmp.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: facture_4739149_08.26.2018.tmp.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version infoShow sources
Source: facture_4739149_08.26.2018.exe, 00000001.00000003.1617957044.01410000.00000004.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs facture_4739149_08.26.2018.exe
Source: facture_4739149_08.26.2018.exe, 00000001.00000002.1688316213.002E0000.00000008.sdmpBinary or memory string: OriginalFilenameKernelbasej% vs facture_4739149_08.26.2018.exe
Source: facture_4739149_08.26.2018.exe, 00000001.00000002.1688297984.002C0000.00000002.sdmpBinary or memory string: OriginalFilenamenetmsg.DLLj% vs facture_4739149_08.26.2018.exe
Source: facture_4739149_08.26.2018.exe, 00000001.00000002.1689168147.003B0000.00000008.sdmpBinary or memory string: OriginalFilenamenetmsg.DLL.MUIj% vs facture_4739149_08.26.2018.exe
Sample reads its own file contentShow sources
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeFile read: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeJump to behavior
Tries to load missing DLLsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeSection loaded: ext-ms-win-kernel32-package-current-l1-1-0.dll
Classification labelShow sources
Source: classification engineClassification label: mal100.spyw.evad.winEXE@7/2081@0/0
Contains functionality for error loggingShow sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeCode function: 3_1_00114CE0 GetShortPathNameW,GetShortPathNameW,GetLastError,FormatMessageA,3_1_00114CE0
Contains functionality to adjust token privileges (e.g. debug / backup)Show sources
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_2_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004098E8
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_1_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_1_004098E8
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_00455D80
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_1_00455D80
Contains functionality to check free disk spaceShow sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004565A8 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA,2_2_004565A8
Contains functionality to instantiate COM classesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0046EE04 GetVersion,CoCreateInstance,2_2_0046EE04
Contains functionality to load and extract PE file embedded resourcesShow sources
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_2_0040A0D4 FindResourceA,SizeofResource,LoadResource,LockResource,1_2_0040A0D4
Creates files inside the user directoryShow sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Creates temporary filesShow sources
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-31JDU.tmpJump to behavior
Queries process information (via WMI, Win32_Process)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Reads ini filesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile read: C:\Users\user\ntuser.iniJump to behavior
Reads software policiesShow sources
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Reads the Windows registered organization settingsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Sample is known by AntivirusShow sources
Source: facture_4739149_08.26.2018.exevirustotal: Detection: 54%
Spawns processesShow sources
Source: unknownProcess created: C:\Users\user\Desktop\facture_4739149_08.26.2018.exe 'C:\Users\user\Desktop\facture_4739149_08.26.2018.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmp 'C:\Users\SAMTAR~1\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmp' /SL5='$B0194,5310897,119808,C:\Users\user\Desktop\facture_4739149_08.26.2018.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exe C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exe
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exe 'C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exe'
Source: unknownProcess created: C:\Windows\System32\notepad.exe 'C:\Windows\system32\NOTEPAD.EXE' C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOCKY-README.txt
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeProcess created: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmp 'C:\Users\SAMTAR~1\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmp' /SL5='$B0194,5310897,119808,C:\Users\user\Desktop\facture_4739149_08.26.2018.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exe C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeJump to behavior
Uses an in-process (OLE) Automation serverShow sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Writes ini filesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile written: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.iniJump to behavior
Reads the Windows registered owner settingsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Executable creates window controls seldom found in malwareShow sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpWindow found: window name: TMainFormJump to behavior
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Submission file is bigger than most known malware samplesShow sources
Source: facture_4739149_08.26.2018.exeStatic file information: File size 5579368 > 1048576
Uses new MSVCR DllsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile opened: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\MSVCR90.dllJump to behavior
Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
Source: facture_4739149_08.26.2018.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Binary contains paths to debug symbolsShow sources
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\_win32sysloader.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1635526812.0011D000.00000004.sdmp, is-BQIP3.tmp.2.dr
Source: Binary string: msvcr90.i386.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1680657008.02752000.00000004.sdmp, lockyfud.exe, is-GPRS1.tmp.2.dr
Source: Binary string: C:\build27\cpython\PCBuild\_hashlib.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1635526812.0011D000.00000004.sdmp, is-OMRQK.tmp.2.dr
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\pythoncom.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1671215811.1E239000.00000002.sdmp, is-QKKPF.tmp.2.dr
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\pywintypes.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1670678545.1E7AD000.00000002.sdmp, is-2QCLA.tmp.2.dr
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\pythoncom.pdbp% source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1671215811.1E239000.00000002.sdmp, is-QKKPF.tmp.2.dr
Source: Binary string: MFCM90.i386.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1680657008.02752000.00000004.sdmp, is-DAGQC.tmp.2.dr
Source: Binary string: C:\build27\cpython\PCBuild\bz2.pdb% source: is-BAI7G.tmp.2.dr
Source: Binary string: C:\build27\cpython\PCBuild\unicodedata.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, is-QCTR5.tmp.2.dr
Source: Binary string: MFCM90.i386.pdb0 source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1680657008.02752000.00000004.sdmp, is-DAGQC.tmp.2.dr
Source: Binary string: C:\build27\cpython\PCBuild\python27.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1666156407.67AB9000.00000002.sdmp, is-E1S4I.tmp.2.dr
Source: Binary string: mfc90u.i386.pdb source: is-LSEIO.tmp.2.dr
Source: Binary string: mfc90.i386.pdb source: is-IC0R8.tmp.2.dr
Source: Binary string: C:\build27\cpython\PCBuild\bz2.pdb source: is-BAI7G.tmp.2.dr
Source: Binary string: C:\build27\cpython\PCBuild\select.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, is-TPR0O.tmp.2.dr
Source: Binary string: msvcp90.i386.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1680657008.02752000.00000004.sdmp, is-GSKO5.tmp.2.dr
Source: Binary string: C:\build27\cpython\PCBuild\_ctypes.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1667893163.6B6B0000.00000002.sdmp, is-N5HT6.tmp.2.dr
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\pywintypes.pdb$ source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1670678545.1E7AD000.00000002.sdmp, is-2QCLA.tmp.2.dr
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\win32trace.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, is-9F1O1.tmp.2.dr
Source: Binary string: msvcm90.i386.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1680657008.02752000.00000004.sdmp, is-8KK51.tmp.2.dr
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\win32api.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1670289127.1E8CF000.00000002.sdmp, is-62R5D.tmp.2.dr
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\win32ui.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1682274897.028CB000.00000004.sdmp, is-ECEHB.tmp.2.dr
Source: Binary string: MFCM90U.i386.pdb source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1680657008.02752000.00000004.sdmp, is-JMNRR.tmp.2.dr
Source: Binary string: MFCM90U.i386.pdb0 source: facture_4739149_08.26.2018.tmp, 00000002.00000002.1680657008.02752000.00000004.sdmp, is-JMNRR.tmp.2.dr

Data Obfuscation:

barindex
Contains functionality to dynamically determine API callsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00450994 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00450994
Uses code obfuscation techniques (call, push, ret)Show sources
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_2_00406A18 push 00406A55h; ret 1_2_00406A4D
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_2_004040B5 push eax; ret 1_2_004040F1
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_2_00404185 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_2_00404206 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_2_004042E8 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_2_00404283 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_2_004093B4 push 004093E7h; ret 1_2_004093DF
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_2_00408580 push ecx; mov dword ptr [esp], eax1_2_00408585
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_1_00406A18 push 00406A55h; ret 1_1_00406A4D
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_1_004040B5 push eax; ret 1_1_004040F1
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_1_00404185 push 00404391h; ret 1_1_00404389
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_1_00404206 push 00404391h; ret 1_1_00404389
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_1_004042E8 push 00404391h; ret 1_1_00404389
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_1_00404283 push 00404391h; ret 1_1_00404389
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_1_004093B4 push 004093E7h; ret 1_1_004093DF
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeCode function: 1_1_00408580 push ecx; mov dword ptr [esp], eax1_1_00408585
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00409D9C push 00409DD9h; ret 2_2_00409DD1
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0041A078 push ecx; mov dword ptr [esp], ecx2_2_0041A07D
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00452100 push ecx; mov dword ptr [esp], eax2_2_00452105
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0040A273 push ds; ret 2_2_0040A29D
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004062C4 push ecx; mov dword ptr [esp], eax2_2_004062C5
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0040A29F push ds; ret 2_2_0040A2A0
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00460518 push ecx; mov dword ptr [esp], ecx2_2_0046051C
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00496594 push ecx; mov dword ptr [esp], ecx2_2_00496599
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004587B4 push 004587ECh; ret 2_2_004587E4
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00410930 push ecx; mov dword ptr [esp], edx2_2_00410935
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00486A94 push ecx; mov dword ptr [esp], ecx2_2_00486A99
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00478D50 push ecx; mov dword ptr [esp], edx2_2_00478D51
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00412D78 push 00412DDBh; ret 2_2_00412DD3
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0040D288 push ecx; mov dword ptr [esp], edx2_2_0040D28A
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0040546D push eax; ret 2_2_004054A9

Persistence and Installation Behavior:

barindex
Drops PE filesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-I4R1N.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-9F1O1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-E08VB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-E3260.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-8KK51.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-LS112.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-N5HT6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-GPRS1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-BAI7G.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-DAGQC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-LI0FO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-BQIP3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-IC0R8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-LST8C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-TPR0O.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-N8KRN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-2QCLA.tmpJump to dropped file
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-QCTR5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-OMRQK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-JMNRR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-62R5D.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-QKKPF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-E1S4I.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-ECEHB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-BOHMN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-GSKO5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpFile created: C:\Users\SAMTAR~1\AppData\Local\Temp\is-7C5V5.tmp\is-LSEIO.tmpJump to dropped file
Installs a Chrome extensionShow sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\icon_128.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\icon_128.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\icon_16.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\icon_16.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\main.html.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\main.html.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\main.js.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\main.js.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\manifest.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\manifest.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\__MACOSX\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\128.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\128.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\manifest.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\manifest.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ar\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ar\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\bg\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\bg\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ca\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ca\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ca\LOCKY-README.txt
Creates license or readme fileShow sources
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\Color\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\PlayReady\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Programs\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Programs\Common\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\acrord32_sbx\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\is-7C5V5.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Low\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB5A5.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB5B0.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB5B1.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB5B2.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB5B3.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB5B4.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB5CA.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB5DF.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB5E0.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB5EB.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB601.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB603.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB60F.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB61B.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB627.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB633.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB635.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB641.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB64D.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB659.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB665.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB67B.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB67D.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB689.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB695.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB6A1.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB6AD.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB6AF.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB6BB.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB6BD.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB6D3.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB6DF.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB6EB.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB6F8.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\TCDB6F9.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tmp1xt5j9\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tmpnjf_ni\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1033\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppCache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppCache\70MDSPFE\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WebCache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ERC\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\new\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Gadgets\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\hsperfdata_user\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\is-7C5V5.tmp\_isetup\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\mozilla-temp-files\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tmp1xt5j9\gen_py\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tmpnjf_ni\gen_py\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.MSO\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012017080720170808\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\wazh7fcp.default\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\wazh7fcp.default\cache2\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\wazh7fcp.default\safebrowsing\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\wazh7fcp.default\startupCache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\wazh7fcp.default\thumbnails\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\9CMFZC4R\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\E2PG59KZ\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\P3GRP7RI\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\ULEAKRVD\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\AntiPhishing\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\O7WMDCQA\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\RNYQ91WN\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\S0M60Q03\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\TA7LV9VD\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\C\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\C\Users\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\wazh7fcp.default\cache2\entries\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WebCache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\AcroCef\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\Color\Profiles\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\CEF\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\CEF\User Data\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\CEF\User Data\Dictionaries\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateTransparency\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\__MACOSX\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ca\LOCKY-README.txt

Boot Survival:

barindex
Creates an autostart registry keyShow sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpRegistry value created or modified: HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run MyProgramJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpRegistry value created or modified: HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run MyProgramJump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Icon mismatch, PE includes an icon from a different legit application in order to fool usersShow sources
Source: initial sampleIcon embedded in PE file: icon matches a legit application icon: 64f0c4c4c4d4d4f8
Contains functionality to check if a window is minimized (may be used to check if an application is visible)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00418120 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,2_2_00418120
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00422CAC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,2_2_00422CAC
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0041811E IsIconic,SetWindowPos,2_2_0041811E
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004245E4 IsIconic,SetActiveWindow,2_2_004245E4
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0042462C IsIconic,SetActiveWindow,SetFocus,2_2_0042462C
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004187D4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,2_2_004187D4
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_00484D28 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,2_2_00484D28
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0042F71C IsIconic,GetWindowLongA,GetWindowLongA,GetActiveWindow,MessageBoxA,SetActiveWindow,GetActiveWindow,MessageBoxA,SetActiveWindow,2_2_0042F71C
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_004179E8 IsIconic,GetCapture,2_2_004179E8
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_1_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_1_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_00418120 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,2_1_00418120
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_00422CAC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,2_1_00422CAC
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_0041811E IsIconic,SetWindowPos,2_1_0041811E
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004245E4 IsIconic,SetActiveWindow,2_1_004245E4
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_0042462C IsIconic,SetActiveWindow,SetFocus,2_1_0042462C
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004187D4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,2_1_004187D4
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_00484D28 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,2_1_00484D28
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_0042F71C IsIconic,GetWindowLongA,GetWindowLongA,GetActiveWindow,MessageBoxA,SetActiveWindow,GetActiveWindow,MessageBoxA,SetActiveWindow,2_1_0042F71C
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_1_004179E8 IsIconic,GetCapture,2_1_004179E8
Extensive use of GetProcAddress (often used to hide API calls)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpCode function: 2_2_0041F568 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_0041F568
Disables application error messsages (SetErrorMode)Show sources
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\facture_4739149_08.26.2018.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-31JDU.tmp\facture_4739149_08.26.2018.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7C5V5.tmp\lockyfud.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

bar