Loading ...

Analysis Report rsa.exe

Overview

General Information

Joe Sandbox Version:23.0.0
Analysis ID:75140
Start date:03.09.2018
Start time:12:31:10
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 11m 3s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:rsa.exe
Cookbook file name:default.jbs
Analysis system description:Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1)
Number of analysed new started processes analysed:8
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • HCA enabled
  • EGA enabled
  • HDC enabled
Analysis stop reason:Timeout
Detection:MAL
Classification:mal76.phis.spyw.evad.winEXE@7/2081@0/0
EGA Information:
  • Successful, ratio: 75%
HDC Information:
  • Successful, ratio: 7.7% (good quality ratio 7.4%)
  • Quality average: 75%
  • Quality standard deviation: 29.4%
HCA Information:
  • Successful, ratio: 80%
  • Number of executed functions: 229
  • Number of non-executed functions: 193
Cookbook Comments:
  • Adjust boot time
  • Found application associated with file extension: .exe
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtQueryDirectoryFile calls found.
  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
  • Report size getting too big, too many NtReadFile calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.
  • Report size getting too big, too many NtWriteFile calls found.

Detection

StrategyScoreRangeReportingDetection
Threshold760 - 100Report FP / FNmalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior



Signature Overview

Click to jump to signature section


AV Detection:

barindex
Antivirus detection for unpacked fileShow sources
Source: 4.0.lockyfud.exe.a40000.0.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 3.0.lockyfud.exe.a40000.2.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 3.0.lockyfud.exe.a40000.3.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 3.0.lockyfud.exe.a40000.4.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 3.0.lockyfud.exe.a40000.1.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 3.1.lockyfud.exe.a40000.0.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 4.1.lockyfud.exe.a40000.0.unpackAvira: Label: TR/ATRAPS.Gen4
Source: 3.0.lockyfud.exe.a40000.0.unpackAvira: Label: TR/ATRAPS.Gen4

Cryptography:

barindex
Uses Microsoft's Enhanced Cryptographic ProviderShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_68DAE920 Py_Finalize,PyType_ClearCache,PyImport_Cleanup,free,PyInterpreterState_Clear,_PyExc_Fini,TlsFree,PyInterpreterState_Delete,PyMethod_ClearFreeList,PyFrame_ClearFreeList,PyCFunction_ClearFreeList,PyTuple_ClearFreeList,PyList_Fini,PySet_Fini,PyString_Fini,PyInt_Fini,PyFloat_Fini,PyDict_Fini,CryptReleaseContext,3_1_68DAE920
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_10001070 PyArg_ParseTupleAndKeywords,CryptAcquireContextA,GetLastError,PyExc_SystemError,PyErr_Format,_PyObject_New,4_1_10001070
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_10001000 PyExc_TypeError,PyErr_Format,CryptReleaseContext,GetLastError,PyExc_SystemError,PyErr_Format,PyObject_Free,4_1_10001000
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_10001130 PyExc_TypeError,PyErr_Format,PyArg_ParseTuple,PyExc_ValueError,PyErr_SetString,PyMem_Malloc,PyErr_NoMemory,memcpy,CryptGenRandom,GetLastError,PyExc_SystemError,PyErr_Format,PyMem_Free,PyString_FromStringAndSize,PyMem_Free,4_1_10001130

Spreading:

barindex
Enumerates the file systemShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\user\AppData\Local\Application Data\Adobe\Acrobat\DC\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\user\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\user\AppData\Local\Application Data\Adobe\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\user\AppData\Local\Application Data\Adobe\Acrobat\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\user\AppData\Local\Application Data\Adobe\Acrobat\DC\ToolsSearchCacheRdr\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\user\AppData\Local\Application Data\LOCKY-README.txtJump to behavior
Shows file infection / information gathering behavior (enumerates multiple directory for files)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeDirectory queried: number of queries: 1016
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00476120 FindFirstFileA,FindNextFileA,FindClose,2_2_00476120
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004648D0 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_004648D0
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00464D4C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00464D4C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004531A4 FindFirstFileA,GetLastError,2_2_004531A4
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00463344 FindFirstFileA,FindNextFileA,FindClose,2_2_00463344
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0049998C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_2_0049998C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00476120 FindFirstFileA,FindNextFileA,FindClose,2_1_00476120
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004648D0 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_1_004648D0
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00464D4C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_1_00464D4C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004531A4 FindFirstFileA,GetLastError,2_1_004531A4
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00463344 FindFirstFileA,FindNextFileA,FindClose,2_1_00463344
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_0049998C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_1_0049998C
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A57107 FindFirstFileExW,3_1_00A57107
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A4E243 FindFirstFileExW,GetLastError,FindNextFileW,GetLastError,3_1_00A4E243
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_68CC1D00 _PyArg_ParseTuple_SizeT,malloc,PyErr_NoMemory,_PyObject_GC_Malloc,Py_FatalError,PyEval_SaveThread,FindFirstFileW,PyEval_RestoreThread,GetLastError,free,free,PyUnicodeUCS2_FromUnicode,PyList_Append,PyEval_SaveThread,FindNextFileW,PyEval_RestoreThread,FindClose,GetLastError,FindClose,free,free,PyErr_Clear,_PyArg_ParseTuple_SizeT,_PyObject_GC_Malloc,Py_FatalError,PyEval_SaveThread,FindFirstFileA,PyEval_RestoreThread,GetLastError,PyString_FromString,PyList_Append,PyEval_SaveThread,FindNextFileA,PyEval_RestoreThread,GetLastError,FindClose,FindClose,3_1_68CC1D00
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E8C1F60 PyArg_ParseTuple,?PyWinObject_AsString@@YAHPAU_object@@PAPADHPAK@Z,PyList_New,FindFirstFileA,GetLastError,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,PyList_Append,?PyObject_FromWIN32_FIND_DATAA@@YAPAU_object@@PAU_WIN32_FIND_DATAA@@@Z,PyList_Append,FindNextFileA,GetLastError,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,?PyWinObject_FreeString@@YAXPAD@Z,FindClose,4_1_1E8C1F60
Contains functionality to query local drivesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E8C3A00 PyArg_ParseTuple,GetLogicalDriveStringsA,GetLogicalDriveStringsA,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,__alloca_probe_16,GetLogicalDriveStringsA,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,?PyWinObject_FromTCHAR@@YAPAU_object@@PBDH@Z,4_1_1E8C3A00

Software Vulnerabilities:

barindex
Found inlined nop instructions (likely shell or obfuscated code)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4x nop then movd mm0, dword ptr [edx]4_1_6B2EDF30

Networking:

barindex
Found Tor onion addressShow sources
Source: lockyfud.exe, 00000003.00000003.1603636406.01D65000.00000004.sdmpString found in binary or memory: 2* Browse to URL : http://pylockyrkumqih5l.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1603636406.01D65000.00000004.sdmpString found in binary or memory: Click on support at http://pylockyrkumqih5l.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1603636406.01D65000.00000004.sdmpString found in binary or memory: l'URL: http://pylockyrkumqih5l.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1603636406.01D65000.00000004.sdmpString found in binary or memory: http://pylockyrkumqih5l.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1603636406.01D65000.00000004.sdmpString found in binary or memory: 2 * Passa a URL: http://pylockyrkumqih5l.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1603636406.01D65000.00000004.sdmpString found in binary or memory: Clicca sul supporto in http://pylockyrkumqih5l.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1603636406.01D65000.00000004.sdmpString found in binary or memory: : http://pylockyrkumqih5l.onion/index.php
Source: lockyfud.exe, 00000003.00000003.1603636406.01D65000.00000004.sdmpString found in binary or memory: http://pylockyrkumqih5l.onion/index.php
Downloads filesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\LOCKY-README.txtJump to behavior
Found strings which match to known social media urlsShow sources
Source: lockyfud.exe, 00000004.00000003.1684200116.02A41000.00000004.sdmpString found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: lockyfud.exe, 00000004.00000003.1684200116.02A41000.00000004.sdmpString found in binary or memory: <SuggestionsURL>http://sugg-ie.vn.search.yahoo.com/os?market=vn&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: lockyfud.exe, 00000004.00000003.1684200116.02A41000.00000004.sdmpString found in binary or memory: <URL>http://vn.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: lockyfud.exe, 00000004.00000003.1684200116.02A41000.00000004.sdmpString found in binary or memory: URL>http://vn.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Urls found in memory or binary dataShow sources
Source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmpString found in binary or memory: ftp://ftp.unicode.org/.
Source: lockyfud.exe, 00000003.00000003.1603636406.01D65000.00000004.sdmpString found in binary or memory: http://pylockyrkumqih5l.onion/index.php
Source: lockyfud.exe, 00000003.00000001.1561313340.68DB9000.00000002.sdmpString found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: lockyfud.exe, 00000004.00000003.1684200116.02A41000.00000004.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
Source: lockyfud.exe, 00000004.00000003.1684200116.02A41000.00000004.sdmpString found in binary or memory: http://sugg-ie.vn.search.yahoo.com/os?market=vn&amp;appid=ie8&amp;command=
Source: lockyfud.exe, 00000004.00000003.1684200116.02A41000.00000004.sdmpString found in binary or memory: http://vn.search.yahoo.com/search?p=
Source: rsa.tmp, rsa.tmp, 00000002.00000000.1541663370.00401000.00000020.sdmpString found in binary or memory: http://www.innosetup.com/
Source: rsa.exe, rsa.exe, 00000001.00000000.1540280428.00401000.00000020.sdmpString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: rsa.exe, 00000001.00000000.1540280428.00401000.00000020.sdmpString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: lockyfud.exeString found in binary or memory: http://www.openssl.org/support/faq.html
Source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1562497400.6B309000.00000002.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlC:
Source: rsa.exe, 00000001.00000003.1541202767.011C8000.00000004.sdmp, rsa.tmpString found in binary or memory: http://www.remobjects.com/ps
Source: rsa.exe, 00000001.00000003.1541202767.011C8000.00000004.sdmp, rsa.tmp, 00000002.00000000.1541663370.00401000.00000020.sdmpString found in binary or memory: http://www.remobjects.com/psU
Source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmpString found in binary or memory: http://www.unicode.org/reports/tr44/tr44-4.html).
Source: rsa.tmp, 00000002.00000002.1555159311.0011D000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1562636374.1E8D9000.00000002.sdmpString found in binary or memory: https://github.com/mhammond/pywin320

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Contains functionality to retrieve information about pressed keystrokesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E8C36D0 PyArg_ParseTuple,PyEval_SaveThread,GetKeyboardState,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,PyString_FromStringAndSize,4_1_1E8C36D0

System Summary:

barindex
Dropped file seen in connection with other malwareShow sources
Source: Joe Sandbox ViewDropped File: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-01D3C.tmp 8DCEAFAAEC28740385B1CB8CF2655DB68ECF2E561053BFE494795019542491E4
Source: Joe Sandbox ViewDropped File: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-1130P.tmp C032D46C52342BEDE318845974C856765EA5C476865623C4DA265EA9034B89B1
Source: Joe Sandbox ViewDropped File: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-18850.tmp CB2B5BB07D894B7CD9FC7B78AF3DDD15B28F50EC28B75F87681E943DFDC231E0
Source: Joe Sandbox ViewDropped File: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-20JG4.tmp E83E6ACA3DD734151D66D92B8009FB74A23277A881FA2D9771987D0C253201EB
Source: Joe Sandbox ViewDropped File: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-2FPDA.tmp 12ABCF99DD28BF35B3C224ACCFE2587BA5F4199D163224B344CDC770EED36130
Source: Joe Sandbox ViewDropped File: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-3F532.tmp 664A55F1ACAE07AEFC32EDDFD20BCB3EFD76DF7F78743ECACDF9500A08F630FD
Abnormal high CPU UsageShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeProcess Stats: CPU usage > 98%
Contains functionality to communicate with device driversShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0042ED84: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,2_2_0042ED84
Contains functionality to shutdown / reboot the systemShow sources
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004098E8
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_1_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_1_004098E8
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_00455D80
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_1_00455D80
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E8C3FA0 PyArg_ParseTuple,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,_Py_NoneStruct,_Py_NoneStruct,4_1_1E8C3FA0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E8C3F10 PyArg_ParseTuple,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,_Py_NoneStruct,_Py_NoneStruct,4_1_1E8C3F10
Detected potential crypto functionShow sources
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_004088881_2_00408888
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_1_004088881_1_00408888
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004680342_2_00468034
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00444F102_2_00444F10
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004716882_2_00471688
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004880302_2_00488030
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0046A0882_2_0046A088
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004521002_2_00452100
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0043E1F02_2_0043E1F0
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004307FC2_2_004307FC
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004449682_2_00444968
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00434A642_2_00434A64
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00488F902_2_00488F90
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004313882_2_00431388
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004456082_2_00445608
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0048F6BC2_2_0048F6BC
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004357682_2_00435768
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0045F8C02_2_0045F8C0
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0045B9702_2_0045B970
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00445A142_2_00445A14
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004680342_1_00468034
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00444F102_1_00444F10
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004716882_1_00471688
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004880302_1_00488030
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_0046A0882_1_0046A088
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004521002_1_00452100
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_0043E1F02_1_0043E1F0
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004307FC2_1_004307FC
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004449682_1_00444968
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00434A642_1_00434A64
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00488F902_1_00488F90
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004313882_1_00431388
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004456082_1_00445608
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_0048F6BC2_1_0048F6BC
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004357682_1_00435768
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_0045F8C02_1_0045F8C0
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_0045B9702_1_0045B970
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00445A142_1_00445A14
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A5E88F3_1_00A5E88F
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A471D03_1_00A471D0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A4B9053_1_00A4B905
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A46A603_1_00A46A60
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A592503_1_00A59250
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A4BB343_1_00A4BB34
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A44DB03_1_00A44DB0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A596FE3_1_00A596FE
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A457683_1_00A45768
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_68D748C03_1_68D748C0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_68CE02403_1_68CE0240
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_68CC1D003_1_68CC1D00
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_68D9A9703_1_68D9A970
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_68CA0E9F3_1_68CA0E9F
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_68C821A03_1_68C821A0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_68CDA2403_1_68CDA240
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_68D585E03_1_68D585E0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B284B204_1_6B284B20
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2D0B704_1_6B2D0B70
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B266B404_1_6B266B40
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B284BBC4_1_6B284BBC
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E6BB04_1_6B2E6BB0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B284BF84_1_6B284BF8
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B286A604_1_6B286A60
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2709304_1_6B270930
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E69304_1_6B2E6930
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B3029104_1_6B302910
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E89104_1_6B2E8910
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B25E8A04_1_6B25E8A0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B272E604_1_6B272E60
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E6EA04_1_6B2E6EA0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2FAD404_1_6B2FAD40
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E8DD04_1_6B2E8DD0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B286CA04_1_6B286CA0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E6C804_1_6B2E6C80
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2FCCC04_1_6B2FCCC0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E63AB4_1_6B2E63AB
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E62B04_1_6B2E62B0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2FE1004_1_6B2FE100
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B26E1604_1_6B26E160
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E81404_1_6B2E8140
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B3061404_1_6B306140
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2601504_1_6B260150
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E81CC4_1_6B2E81CC
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B27C1D04_1_6B27C1D0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2600204_1_6B260020
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2600C04_1_6B2600C0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2B27804_1_6B2B2780
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B3027E04_1_6B3027E0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B26E6E04_1_6B26E6E0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2FE4604_1_6B2FE460
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B25FB004_1_6B25FB00
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B303B804_1_6B303B80
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2B1AB04_1_6B2B1AB0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E59104_1_6B2E5910
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2519604_1_6B251960
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2DF9B04_1_6B2DF9B0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B29D8004_1_6B29D800
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B3018404_1_6B301840
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E78904_1_6B2E7890
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2FD8904_1_6B2FD890
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B25FF104_1_6B25FF10
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B301F604_1_6B301F60
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2FDF804_1_6B2FDF80
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2FDE004_1_6B2FDE00
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B25FE704_1_6B25FE70
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2DFE404_1_6B2DFE40
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E7EF04_1_6B2E7EF0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B273D204_1_6B273D20
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B277D204_1_6B277D20
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B25FDD04_1_6B25FDD0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B26DCB04_1_6B26DCB0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2FDCC04_1_6B2FDCC0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2FD3004_1_6B2FD300
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B29D3B04_1_6B29D3B0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E72A04_1_6B2E72A0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B3012A94_1_6B3012A9
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2512D04_1_6B2512D0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B3050F04_1_6B3050F0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E70C04_1_6B2E70C0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E57304_1_6B2E5730
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2AD6004_1_6B2AD600
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E76004_1_6B2E7600
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2AB6104_1_6B2AB610
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2B56604_1_6B2B5660
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E16804_1_6B2E1680
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2695204_1_6B269520
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B3015604_1_6B301560
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2E15404_1_6B2E1540
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2A55C04_1_6B2A55C0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2FB4324_1_6B2FB432
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B30745D4_1_6B30745D
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B3054974_1_6B305497
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B26D4F04_1_6B26D4F0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2D14C04_1_6B2D14C0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E20A6904_1_1E20A690
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_006314D04_1_006314D0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_00631CB04_1_00631CB0
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_00632D304_1_00632D30
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_006310004_1_00631000
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_006317004_1_00631700
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_007A10504_1_007A1050
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_007B19904_1_007B1990
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_007B20104_1_007B2010
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_007B12004_1_007B1200
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_007B10004_1_007B1000
Found potential string decryption / allocating functionsShow sources
Source: C:\Users\user\Desktop\rsa.exeCode function: String function: 00403198 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 68D92780 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 68D9E140 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 00A48110 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 6B258440 appears 170 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 68D8F420 appears 288 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 1E204130 appears 41 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 1E204160 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 68D17050 appears 126 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 6B257060 appears 51 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 1E20BC60 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 68D8FF10 appears 312 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 68CA9810 appears 107 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 68D92750 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 6B25BC20 appears 142 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 6B254F50 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 1E208FF0 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 68D3C530 appears 159 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 1E236216 appears 102 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 1E7A9F20 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 6B254220 appears 1170 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 68DB0900 appears 146 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 00A41A00 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 1E211DE0 appears 248 times
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: String function: 68D95340 appears 47 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00446274 appears 90 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 0040596C appears 228 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00453AAC appears 194 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 0043497C appears 64 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00458718 appears 158 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00403400 appears 124 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 0040905C appears 90 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00405954 appears 48 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 004035C0 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00407D44 appears 86 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 0046FC5C appears 36 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00403738 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00446544 appears 116 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 0045850C appears 200 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00453C04 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00403494 appears 168 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 0040357C appears 66 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00406F14 appears 90 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00402B58 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00453C18 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: String function: 00403684 appears 458 times
PE file contains executable resources (Code or Archives)Show sources
Source: rsa.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: rsa.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: rsa.tmp.1.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
PE file contains strange resourcesShow sources
Source: rsa.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: rsa.tmp.1.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: rsa.tmp.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version infoShow sources
Source: rsa.exe, 00000001.00000003.1541202767.011C8000.00000004.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs rsa.exe
Source: rsa.exe, 00000001.00000002.1593109415.001F0000.00000002.sdmpBinary or memory string: OriginalFilenamenetmsg.DLLj% vs rsa.exe
Source: rsa.exe, 00000001.00000002.1593324299.00530000.00000008.sdmpBinary or memory string: OriginalFilenamenetmsg.DLL.MUIj% vs rsa.exe
Source: rsa.exe, 00000001.00000002.1593406046.012B0000.00000008.sdmpBinary or memory string: OriginalFilenameKernelbasej% vs rsa.exe
Sample reads its own file contentShow sources
Source: C:\Users\user\Desktop\rsa.exeFile read: C:\Users\user\Desktop\rsa.exeJump to behavior
Tries to load missing DLLsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeSection loaded: ext-ms-win-kernel32-package-current-l1-1-0.dll
Classification labelShow sources
Source: classification engineClassification label: mal76.phis.spyw.evad.winEXE@7/2081@0/0
Contains functionality for error loggingShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A44CE0 GetShortPathNameW,GetShortPathNameW,GetLastError,FormatMessageA,3_1_00A44CE0
Contains functionality to adjust token privileges (e.g. debug / backup)Show sources
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004098E8
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_1_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_1_004098E8
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_00455D80
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_1_00455D80
Contains functionality to check free disk spaceShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004565A8 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA,2_2_004565A8
Contains functionality to instantiate COM classesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0046EE04 GetVersion,CoCreateInstance,2_2_0046EE04
Contains functionality to load and extract PE file embedded resourcesShow sources
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_0040A0D4 FindResourceA,SizeofResource,LoadResource,LockResource,1_2_0040A0D4
Creates files inside the user directoryShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Creates temporary filesShow sources
Source: C:\Users\user\Desktop\rsa.exeFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-TBTR2.tmpJump to behavior
Queries process information (via WMI, Win32_Process)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Reads ini filesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile read: C:\Users\user\ntuser.iniJump to behavior
Reads software policiesShow sources
Source: C:\Users\user\Desktop\rsa.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Reads the Windows registered organization settingsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Users\user\Desktop\rsa.exe 'C:\Users\user\Desktop\rsa.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmp 'C:\Users\HERBBL~1\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmp' /SL5='$E0182,5268834,77312,C:\Users\user\Desktop\rsa.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe 'C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe'
Source: unknownProcess created: C:\Windows\System32\notepad.exe 'C:\Windows\system32\NOTEPAD.EXE' C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOCKY-README.txt
Source: C:\Users\user\Desktop\rsa.exeProcess created: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmp 'C:\Users\HERBBL~1\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmp' /SL5='$E0182,5268834,77312,C:\Users\user\Desktop\rsa.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeJump to behavior
Uses an in-process (OLE) Automation serverShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Writes ini filesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile written: C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\Settings.iniJump to behavior
Reads the Windows registered owner settingsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Executable creates window controls seldom found in malwareShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpWindow found: window name: TMainFormJump to behavior
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Submission file is bigger than most known malware samplesShow sources
Source: rsa.exeStatic file information: File size 5524987 > 1048576
Uses new MSVCR DllsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\MSVCR90.dllJump to behavior
Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
Source: rsa.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Binary contains paths to debug symbolsShow sources
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\_win32sysloader.pdb source: rsa.tmp, 00000002.00000002.1555159311.0011D000.00000004.sdmp
Source: Binary string: C:\build27\cpython\PCBuild\select.pdb source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmp
Source: Binary string: msvcp90.i386.pdb source: rsa.tmp, 00000002.00000002.1581694629.027F7000.00000004.sdmp
Source: Binary string: C:\build27\cpython\PCBuild\_ctypes.pdb source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1562147966.6E630000.00000002.sdmp
Source: Binary string: msvcr90.i386.pdb source: rsa.tmp, 00000002.00000002.1581694629.027F7000.00000004.sdmp, lockyfud.exe
Source: Binary string: C:\build27\cpython\PCBuild\_hashlib.pdb source: rsa.tmp, 00000002.00000002.1555159311.0011D000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1562497400.6B309000.00000002.sdmp
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\pythoncom.pdb source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1562774654.1E239000.00000002.sdmp
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\pywintypes.pdb source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1562676464.1E7AD000.00000002.sdmp
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\pywintypes.pdb$ source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1562676464.1E7AD000.00000002.sdmp
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\pythoncom.pdbp% source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1562774654.1E239000.00000002.sdmp
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\win32trace.pdb source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmp
Source: Binary string: MFCM90.i386.pdb source: rsa.tmp, 00000002.00000002.1581516129.027A2000.00000004.sdmp
Source: Binary string: msvcm90.i386.pdb source: rsa.tmp, 00000002.00000002.1581516129.027A2000.00000004.sdmp
Source: Binary string: C:\build27\cpython\PCBuild\bz2.pdb% source: lockyfud.exe, 00000003.00000001.1562231239.6E53E000.00000002.sdmp
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\win32api.pdb source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1562619970.1E8CF000.00000002.sdmp
Source: Binary string: O:\src\pywin32\build\temp.win32-2.7\Release\win32ui.pdb source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmp
Source: Binary string: C:\build27\cpython\PCBuild\unicodedata.pdb source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmp
Source: Binary string: MFCM90U.i386.pdb source: rsa.tmp, 00000002.00000002.1581516129.027A2000.00000004.sdmp
Source: Binary string: MFCM90U.i386.pdb0 source: rsa.tmp, 00000002.00000002.1581516129.027A2000.00000004.sdmp
Source: Binary string: MFCM90.i386.pdb0 source: rsa.tmp, 00000002.00000002.1581516129.027A2000.00000004.sdmp
Source: Binary string: C:\build27\cpython\PCBuild\python27.pdb source: rsa.tmp, 00000002.00000002.1582186330.0291B000.00000004.sdmp, lockyfud.exe, 00000003.00000001.1561313340.68DB9000.00000002.sdmp
Source: Binary string: C:\build27\cpython\PCBuild\bz2.pdb source: lockyfud.exe, 00000003.00000001.1562231239.6E53E000.00000002.sdmp

Data Obfuscation:

barindex
Contains functionality to dynamically determine API callsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00450994 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00450994
Uses code obfuscation techniques (call, push, ret)Show sources
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_00406A18 push 00406A55h; ret 1_2_00406A4D
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_004040B5 push eax; ret 1_2_004040F1
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_00404185 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_00404206 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_004042E8 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_00404283 push 00404391h; ret 1_2_00404389
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_004093B4 push 004093E7h; ret 1_2_004093DF
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_00408580 push ecx; mov dword ptr [esp], eax1_2_00408585
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_1_00406A18 push 00406A55h; ret 1_1_00406A4D
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_1_004040B5 push eax; ret 1_1_004040F1
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_1_00404185 push 00404391h; ret 1_1_00404389
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_1_00404206 push 00404391h; ret 1_1_00404389
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_1_004042E8 push 00404391h; ret 1_1_00404389
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_1_00404283 push 00404391h; ret 1_1_00404389
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_1_004093B4 push 004093E7h; ret 1_1_004093DF
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_1_00408580 push ecx; mov dword ptr [esp], eax1_1_00408585
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00409D9C push 00409DD9h; ret 2_2_00409DD1
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0041A078 push ecx; mov dword ptr [esp], ecx2_2_0041A07D
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00452100 push ecx; mov dword ptr [esp], eax2_2_00452105
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0040A273 push ds; ret 2_2_0040A29D
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004062C4 push ecx; mov dword ptr [esp], eax2_2_004062C5
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0040A29F push ds; ret 2_2_0040A2A0
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00460518 push ecx; mov dword ptr [esp], ecx2_2_0046051C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00496594 push ecx; mov dword ptr [esp], ecx2_2_00496599
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004587B4 push 004587ECh; ret 2_2_004587E4
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00410930 push ecx; mov dword ptr [esp], edx2_2_00410935
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00486A94 push ecx; mov dword ptr [esp], ecx2_2_00486A99
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00478D50 push ecx; mov dword ptr [esp], edx2_2_00478D51
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00412D78 push 00412DDBh; ret 2_2_00412DD3
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0040D288 push ecx; mov dword ptr [esp], edx2_2_0040D28A
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0040546D push eax; ret 2_2_004054A9

Persistence and Installation Behavior:

barindex
Drops PE filesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-RM7V8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-01D3C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-3VSD4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-DH24S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-RCQFF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-18850.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-TVKV7.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-EMNMI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-O49E6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-2FPDA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-3F532.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-9DVKT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-MGF4C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-J6F3B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-LFSSJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-G68OO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-B2PQN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-UKVMD.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-20JG4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-HUKF7.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-SPUPA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-N489O.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-8IKCV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-1130P.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-BN0SR.tmpJump to dropped file
Source: C:\Users\user\Desktop\rsa.exeFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-E3L19.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile created: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-PJQU8.tmpJump to dropped file
Installs a Chrome extensionShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\messages.json.lockedfile
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\messages.json.lockymap
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\LOCKY-README.txt
Creates license or readme fileShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\AcroCef\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\Color\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Adobe\Color\Profiles\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\updates\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Programs\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Programs\Common\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\acrord32_sbx\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\is-5EGT7.tmp\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Low\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tmpcomvvv\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tmpv1ieq5\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WebCache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ERC\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\new\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Gadgets\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\updates\308046B0AF4A39CB\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Adobe_ADMLogs\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\hsperfdata_user\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\is-5EGT7.tmp\_isetup\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\mozilla-temp-files\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tmpcomvvv\gen_py\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tmpv1ieq5\gen_py\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012017092420170925\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017080720170808\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\4ah7hlda.default\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\4ah7hlda.default\cache2\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\CHIP_Windows_7_x32_Update_Juli_2017\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\1SNL0OFP\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\BX7UEHQ0\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\FOOIW152\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\M0LGGMV3\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\RTINEP1R\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\S16GFFIQ\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\V8RO3I6X\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WYECI2WS\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\C\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\C\Users\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\4ah7hlda.default\cache2\doomed\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\4ah7hlda.default\cache2\entries\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\4ah7hlda.default\jumpListCache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\4ah7hlda.default\OfflineCache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\4ah7hlda.default\safebrowsing\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\4ah7hlda.default\startupCache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\4ah7hlda.default\thumbnails\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.30319\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\C\Users\user\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\C\Users\user\AppData\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\MSHist012018090320180904\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\CEF\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\CEF\User Data\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\CEF\User Data\Dictionaries\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateTransparency\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\LOCKY-README.txt
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\LOCKY-README.txt

Boot Survival:

barindex
Creates an autostart registry keyShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpRegistry value created or modified: HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run MyProgramJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpRegistry value created or modified: HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run MyProgramJump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Contains functionality to check if a window is minimized (may be used to check if an application is visible)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00418120 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,2_2_00418120
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00422CAC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,2_2_00422CAC
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0041811E IsIconic,SetWindowPos,2_2_0041811E
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004245E4 IsIconic,SetActiveWindow,2_2_004245E4
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0042462C IsIconic,SetActiveWindow,SetFocus,2_2_0042462C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004187D4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,2_2_004187D4
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00484D28 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,2_2_00484D28
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0042F71C IsIconic,GetWindowLongA,GetWindowLongA,GetActiveWindow,MessageBoxA,SetActiveWindow,GetActiveWindow,MessageBoxA,SetActiveWindow,2_2_0042F71C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004179E8 IsIconic,GetCapture,2_2_004179E8
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_1_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_1_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00418120 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,2_1_00418120
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00422CAC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,2_1_00422CAC
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_0041811E IsIconic,SetWindowPos,2_1_0041811E
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004245E4 IsIconic,SetActiveWindow,2_1_004245E4
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_0042462C IsIconic,SetActiveWindow,SetFocus,2_1_0042462C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004187D4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,2_1_004187D4
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00484D28 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,2_1_00484D28
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_0042F71C IsIconic,GetWindowLongA,GetWindowLongA,GetActiveWindow,MessageBoxA,SetActiveWindow,GetActiveWindow,MessageBoxA,SetActiveWindow,2_1_0042F71C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004179E8 IsIconic,GetCapture,2_1_004179E8
Extensive use of GetProcAddress (often used to hide API calls)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0041F568 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_0041F568
Disables application error messsages (SetErrorMode)Show sources
Source: C:\Users\user\Desktop\rsa.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\rsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\rsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\rsa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

barindex
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_ComputerSystem
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = &apos;1&apos;
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = &apos;1&apos;
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_VideoController
Contains functionality for execution timing, often used to detect debuggersShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2ED820 rdtsc 4_1_6B2ED820
Enumerates the file systemShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\user\AppData\Local\Application Data\Adobe\Acrobat\DC\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\user\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\user\AppData\Local\Application Data\Adobe\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\user\AppData\Local\Application Data\Adobe\Acrobat\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\user\AppData\Local\Application Data\Adobe\Acrobat\DC\ToolsSearchCacheRdr\LOCKY-README.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeFile opened: C:\Users\user\AppData\Local\Application Data\LOCKY-README.txtJump to behavior
Found dropped PE file which has not been started or loadedShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-RM7V8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-01D3C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-3VSD4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-DH24S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-RCQFF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-18850.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-TVKV7.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-EMNMI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-O49E6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-2FPDA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-3F532.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-MGF4C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-9DVKT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-J6F3B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-LFSSJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-G68OO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-UKVMD.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-B2PQN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-20JG4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-HUKF7.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-8IKCV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-N489O.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-1130P.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-BN0SR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-E3L19.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\is-PJQU8.tmpJump to dropped file
Found evasive API chain (date check)Show sources
Source: C:\Users\user\Desktop\rsa.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_1-6068
Found large amount of non-executed APIsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeAPI coverage: 3.9 %
May sleep (evasive loops) to hinder dynamic analysisShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe TID: 3340Thread sleep time: -60000s >= -60000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe TID: 3424Thread sleep time: -60000s >= -60000s
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe TID: 3560Thread sleep time: -60000s >= -60000s
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00476120 FindFirstFileA,FindNextFileA,FindClose,2_2_00476120
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004648D0 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_004648D0
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00464D4C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00464D4C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_004531A4 FindFirstFileA,GetLastError,2_2_004531A4
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00463344 FindFirstFileA,FindNextFileA,FindClose,2_2_00463344
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0049998C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_2_0049998C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00476120 FindFirstFileA,FindNextFileA,FindClose,2_1_00476120
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004648D0 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_1_004648D0
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00464D4C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_1_00464D4C
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_004531A4 FindFirstFileA,GetLastError,2_1_004531A4
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_00463344 FindFirstFileA,FindNextFileA,FindClose,2_1_00463344
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_1_0049998C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_1_0049998C
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A57107 FindFirstFileExW,3_1_00A57107
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A4E243 FindFirstFileExW,GetLastError,FindNextFileW,GetLastError,3_1_00A4E243
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_68CC1D00 _PyArg_ParseTuple_SizeT,malloc,PyErr_NoMemory,_PyObject_GC_Malloc,Py_FatalError,PyEval_SaveThread,FindFirstFileW,PyEval_RestoreThread,GetLastError,free,free,PyUnicodeUCS2_FromUnicode,PyList_Append,PyEval_SaveThread,FindNextFileW,PyEval_RestoreThread,FindClose,GetLastError,FindClose,free,free,PyErr_Clear,_PyArg_ParseTuple_SizeT,_PyObject_GC_Malloc,Py_FatalError,PyEval_SaveThread,FindFirstFileA,PyEval_RestoreThread,GetLastError,PyString_FromString,PyList_Append,PyEval_SaveThread,FindNextFileA,PyEval_RestoreThread,GetLastError,FindClose,FindClose,3_1_68CC1D00
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E8C1F60 PyArg_ParseTuple,?PyWinObject_AsString@@YAHPAU_object@@PAPADHPAK@Z,PyList_New,FindFirstFileA,GetLastError,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,PyList_Append,?PyObject_FromWIN32_FIND_DATAA@@YAPAU_object@@PAU_WIN32_FIND_DATAA@@@Z,PyList_Append,FindNextFileA,GetLastError,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,?PyWinObject_FreeString@@YAXPAD@Z,FindClose,4_1_1E8C1F60
Contains functionality to query local drivesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E8C3A00 PyArg_ParseTuple,GetLogicalDriveStringsA,GetLogicalDriveStringsA,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,__alloca_probe_16,GetLogicalDriveStringsA,?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z,?PyWinObject_FromTCHAR@@YAPAU_object@@PBDH@Z,4_1_1E8C3A00
Contains functionality to query system informationShow sources
Source: C:\Users\user\Desktop\rsa.exeCode function: 1_2_0040A018 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,1_2_0040A018
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)Show sources
Source: lockyfud.exe, 00000004.00000003.1719034919.02AEF000.00000004.sdmpBinary or memory string: n1K4tQEMUEMAdUMl4wQljkqQyhfQ0AEZuBdqskUMLy/ONvzqAh5YFj93IyDQAm95bhllmhjZigkk
Queries a list of all running processesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpProcess information queried: ProcessInformationJump to behavior

Anti Debugging:

barindex
Found API chain indicative of debugger detectionShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep
Checks for debuggers (devices)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpFile opened: C:\Windows\WinSxS\FileMaps\users_herbbl_1_appdata_local_temp_is-5egt7.tmp_89d00ef11b93bfae.cdf-ms
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))Show sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeSystem information queried: KernelDebuggerInformationJump to behavior
Contains functionality for execution timing, often used to detect debuggersShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B2ED820 rdtsc 4_1_6B2ED820
Contains functionality to check if a debugger is running (IsDebuggerPresent)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A513B1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_1_00A513B1
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_68D8F090 PyOS_snprintf,SetErrorMode,GetFullPathNameA,LoadLibraryExA,DeactivateActCtx,OutputDebugStringA,SetErrorMode,GetLastError,FormatMessageA,PyOS_snprintf,strncpy,PyErr_SetString,PyOS_snprintf,PyOS_snprintf,PyErr_SetString,FreeLibrary,GetProcAddress,3_1_68D8F090
Contains functionality to dynamically determine API callsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_00450994 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00450994
Contains functionality to read the PEBShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A4FFDD mov eax, dword ptr fs:[00000030h]3_1_00A4FFDD
Contains functionality which may be used to detect a debugger (GetProcessHeap)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A58530 GetProcessHeap,3_1_00A58530
Contains functionality to register its own exception handlerShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A4805E SetUnhandledExceptionFilter,3_1_00A4805E
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A4792A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_1_00A4792A
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A513B1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_1_00A513B1
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A47ECC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_1_00A47ECC
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_6B307D88 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_1_6B307D88
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E8CDFC8 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_1_1E8CDFC8
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E7AC2E2 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_1_1E7AC2E2
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E236BC2 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_1_1E236BC2
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_10001BA8 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_1_10001BA8
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_00621F28 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_1_00621F28
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_00633C08 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_1_00633C08
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_007A1AFE IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_1_007A1AFE
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_007B38FE IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_1_007B38FE

HIPS / PFW / Operating System Protection Evasion:

barindex
Contains functionality to launch a program with higher privilegesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0047974C ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,2_2_0047974C
Contains functionality to simulate keystroke pressesShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E8CABA0 PyArg_ParseTuple,PyEval_SaveThread,keybd_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,4_1_1E8CABA0
Contains functionality to simulate mouse eventsShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 4_1_1E8CAC20 PyArg_ParseTuple,PyEval_SaveThread,mouse_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,4_1_1E8CAC20
Contains functionality to add an ACL to a security descriptorShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0042F254 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMutexA,2_2_0042F254
Contains functionality to create a new security descriptorShow sources
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: 2_2_0042E4EC AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,2_2_0042E4EC

Language, Device and Operating System Detection:

barindex
Contains functionality locales information (e.g. system language)Show sources
Source: C:\Users\user\Desktop\rsa.exeCode function: GetLocaleInfoA,1_2_0040565C
Source: C:\Users\user\Desktop\rsa.exeCode function: GetLocaleInfoA,1_2_004056A8
Source: C:\Users\user\Desktop\rsa.exeCode function: GetLocaleInfoA,1_1_0040565C
Source: C:\Users\user\Desktop\rsa.exeCode function: GetLocaleInfoA,1_1_004056A8
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: GetLocaleInfoA,2_2_004089B8
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: GetLocaleInfoA,2_2_00408A04
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: GetLocaleInfoA,2_1_004089B8
Source: C:\Users\user\AppData\Local\Temp\is-TBTR2.tmp\rsa.tmpCode function: GetLocaleInfoA,2_1_00408A04
Contains functionality to query CPU information (cpuid)Show sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeCode function: 3_1_00A4816B cpuid 3_1_00A4816B
Queries the volume information (name, serial number etc) of a deviceShow sources
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\gsnj9i VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\gsnj9i VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exeQueries volume information: C:\Users\HERBBL~1\AppData\Local\Temp\is-5EGT7.tmp\lockyfud.exe VolumeInformationJump to behavior